fa7eb833ddb31733f76af6fc01fbe0bc_JaffaCakes118

General

Target

fa7eb833ddb31733f76af6fc01fbe0bc_JaffaCakes118
Size

12.3MB
MD5

fa7eb833ddb31733f76af6fc01fbe0bc
SHA1

6ab6f27a19106b3f84c88163724a575447e98b88
SHA256

d15758a074e417854204a6340e7fe16b3ee93884c1f9e2abe15a1cd36d713817
SHA512

24d20d8c1e75f512347ddcc623df21f34ff6da4325ea3256d9484bd47458f847048a7e5a5e897713126bddc3b0a0dab56e5e925c025560ba87c0306eba2e4150
SSDEEP

24576:a7l000000000000000000000000000000000000000000000000000000000000D:c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa7eb833ddb31733f76af6fc01fbe0bc_JaffaCakes118

Files

fa7eb833ddb31733f76af6fc01fbe0bc_JaffaCakes118
.exe windows:5 windows x86 arch:x86

872144a5294b7cc29cb21cdd7ecac980

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\xamocoworehayod jexofulorejan.pdb

Imports

kernel32

FormatMessageA
GetCurrencyFormatA
WriteFile
GetLocaleInfoW
Sleep
GetFileAttributesA
GetLastError
GetProcAddress
LocalAlloc
WritePrivateProfileStringA
CreateHardLinkW
TransmitCommChar
GetTapeParameters
LCMapStringW
GetModuleHandleW
FindFirstFileExW
GetCurrentProcess
InterlockedDecrement
FindResourceW
lstrlenA
GetNamedPipeHandleStateW
HeapReAlloc
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RaiseException
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
RtlUnwind
GetModuleHandleA
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
GetStringTypeA
GetStringTypeW

advapi32

GetNumberOfEventLogRecords

Sections

.text
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 41.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12.1MB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

872144a5294b7cc29cb21cdd7ecac980

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 99KB - Virtual size: 98KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 74KB - Virtual size: 41.8MB

.rsrc Size: 12.1MB - Virtual size: 54KB

.text
Size: 99KB - Virtual size: 98KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 74KB - Virtual size: 41.8MB

.rsrc
Size: 12.1MB - Virtual size: 54KB