ea8e4adbf11c0a1b6a34ffbe13982929_JaffaCakes118

General

Target

ea8e4adbf11c0a1b6a34ffbe13982929_JaffaCakes118
Size

4.3MB
MD5

ea8e4adbf11c0a1b6a34ffbe13982929
SHA1

8d6c2f5784723c3ad56c9d6888dc43ac8f33d1bf
SHA256

712a9e97a9ac55de87b0bccffc0151ba4c86fb60681d99b2c47d678c6db87333
SHA512

b41241af0f9043d72def0e6982e0a3db532dd55c88d06ecec9508589867a65fdf41178ba08fda14b3568476301df24117ccc9cedbf22e75ad7eedbe6efcd91c6
SSDEEP

49152:+r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r6r:+OOOOOOOOOOOOOOOOOOOOOOOOOOOOO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea8e4adbf11c0a1b6a34ffbe13982929_JaffaCakes118

Files

ea8e4adbf11c0a1b6a34ffbe13982929_JaffaCakes118
.dll windows:4 windows x86 arch:x86

73d8e645b71f94fafd3a63ba346946b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
GetProcessHeap
GetProcAddress
LoadLibraryA
HeapAlloc
HeapReAlloc
VirtualFree
FreeLibrary
VirtualAlloc
IsBadReadPtr
Sleep
ExitProcess
CopyFileA
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
GetCommandLineA
GetVersion
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetUnhandledExceptionFilter
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

user32

MessageBoxA

Exports

Exports

WGLoginExit
WGLoginGetLogin
WGLoginSetLogCallBack

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

73d8e645b71f94fafd3a63ba346946b3

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 92KB - Virtual size: 93KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 92KB - Virtual size: 93KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 8KB - Virtual size: 4KB