104dc7f398f79f7a148457acbe5008b8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

104dc7f398f79f7a148457acbe5008b8_JaffaCakes118
Size

264KB
MD5

104dc7f398f79f7a148457acbe5008b8
SHA1

f48fbd942f8c889e4070afad375f928331d32878
SHA256

900ce0c1002fddd7094d3ffb7b02d8aea99fb3dd3bfb3fb17136c0dd8b937c31
SHA512

50c6508fd04dc725fee05198814fb512197e6777b11becdb83b0111be7e986212fd316b75941a800291f09adb3dac58d56e13ad4731bb852f06e5a77ea0cc25f
SSDEEP

6144:Yg5cxFIpeUTslPHt4k+lB5vv4hJjKU9x:Y5xipml/t4k+lnv4HT7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
104dc7f398f79f7a148457acbe5008b8_JaffaCakes118

Files

104dc7f398f79f7a148457acbe5008b8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

65d46e11af3772c74f653a780d703ae2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumberOfConsoleMouseButtons
GetNumaAvailableMemoryNode
GetTickCount
CreateActCtxW
ActivateActCtx
GlobalAlloc
LoadLibraryW
SetCommConfig
CreateEventA
GetStringTypeExW
IsBadWritePtr
EnumDateFormatsExW
GetLastError
GetProcAddress
EnumDateFormatsExA
ResetEvent
GetOEMCP
FindFirstChangeNotificationA
lstrcatW
DebugBreakProcess
GetOverlappedResult
lstrlenA
RaiseException
SetFilePointer
GetCommandLineW
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
DecodePointer
EncodePointer
GetModuleFileNameW
HeapValidate
IsBadReadPtr
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
HeapCreate
WriteFile
MultiByteToWideChar
GetACP
GetCPInfo
IsValidCodePage
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
RtlUnwind
HeapAlloc
GetModuleFileNameA
HeapReAlloc
HeapSize
HeapQueryInformation
HeapFree
FlushFileBuffers
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetStringTypeW
LCMapStringW
IsProcessorFeaturePresent
CloseHandle
SetStdHandle
CreateFileW

advapi32

AddAuditAccessAce

Exports

Exports

@dpifgbodvg@8
@fhdjdfj@4

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65d46e11af3772c74f653a780d703ae2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 232KB - Virtual size: 231KB

.data Size: 13KB - Virtual size: 81KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 232KB - Virtual size: 231KB

.data
Size: 13KB - Virtual size: 81KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 12KB