e28ad650ea4f13b9f561647fb4279691_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e28ad650ea4f13b9f561647fb4279691_JaffaCakes118
Size

3.8MB
MD5

e28ad650ea4f13b9f561647fb4279691
SHA1

cbb33be5517c273782edcb793b838081e2a7a6d3
SHA256

65cb3d18671644e8099ec1a908dae7957cc4931989e2825fc874f370a6aaffb7
SHA512

96e81bdab1cbc38da583d715f26f44f1b91a236d310498e25bdaf11bf6d46b2a2e9fd9b9125128ec5ea3ccdedf473572c6deecd80cafad81123b6e411ec099ef
SSDEEP

49152:ErRzBKh90C4g1dl0+lG87ybiTbLddalrRQvz2Dolm5m8rqtNrhLgjJoU3qEOlDfK:eRzidbs87GizddCr+Su2tqt9amU3gy/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e28ad650ea4f13b9f561647fb4279691_JaffaCakes118

Files

e28ad650ea4f13b9f561647fb4279691_JaffaCakes118
.exe windows:5 windows x86 arch:x86

08b3bdf9cc3930ac93565a943e8ad0e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetVolumeLabelA
SetDefaultCommConfigA
CreateMutexW
lstrlenA
WritePrivateProfileStructA
CopyFileExW
TlsGetValue
MoveFileExA
_llseek
GetNumberOfConsoleInputEvents
FindResourceExW
CallNamedPipeA
DeleteVolumeMountPointA
WriteTapemark
InterlockedIncrement
ReadConsoleA
CompareFileTime
WaitForSingleObject
InterlockedCompareExchange
_lclose
SetTapeParameters
GetModuleHandleW
VirtualFree
WriteFile
GlobalAlloc
Sleep
LeaveCriticalSection
GetFileAttributesW
WriteConsoleW
GetOverlappedResult
GetACP
DeactivateActCtx
GetPrivateProfileSectionNamesW
IsDBCSLeadByteEx
GetProcAddress
GetTapeStatus
BeginUpdateResourceW
CreateNamedPipeA
LocalLock
IsValidCodePage
SearchPathA
SetFileApisToOEM
GetLocalTime
LoadLibraryA
SetCalendarInfoW
IsSystemResumeAutomatic
GetProfileStringA
WriteProfileSectionW
SetNamedPipeHandleState
EnumDateFormatsA
GetThreadPriority
WaitCommEvent
LoadLibraryExA
ContinueDebugEvent
VirtualProtect
PurgeComm
ScrollConsoleScreenBufferA
OpenSemaphoreW
GetVersionExA
DeleteFileW
DebugBreak
FindActCtxSectionStringW
GetSystemTime
lstrcpyW
GetLastError
GetSystemDefaultLangID
WideCharToMultiByte
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
GetCPInfo
RtlUnwind
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
HeapAlloc
HeapCreate
VirtualAlloc
HeapReAlloc
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
ExitProcess
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
HeapSize
GetOEMCP
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetModuleHandleA

gdi32

GetBoundsRect

Exports

Exports

_geek@8
_gekkko@8

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 45.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08b3bdf9cc3930ac93565a943e8ad0e4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

Exports

Exports

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 6KB - Virtual size: 45.7MB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 6KB - Virtual size: 45.7MB

.rsrc
Size: 23KB - Virtual size: 23KB