17d3f1900ccb3e795fd671139d4fdf15_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17d3f1900ccb3e795fd671139d4fdf15_JaffaCakes118
Size

1.2MB
MD5

17d3f1900ccb3e795fd671139d4fdf15
SHA1

74c1ffdb2904039120de64b60f6d8f5e59c64683
SHA256

131925e97fcd05ad9edfb4594d294fe7035b6f48f1d05bb5419af2d96b21d871
SHA512

6140e9ff23ef2f3a5f9e86d764b9b350f1eddaecf7f264f5a8f2965417ff4e8da6c3821a21b0de45dacd4a7d839e028dc479c3eade55097621d9b710624c61cd
SSDEEP

24576:gkwjn9MirIiuJVQvhj/BJz/ZxwL9xMMnW0LZc:4WivhzzPwHMMnWq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17d3f1900ccb3e795fd671139d4fdf15_JaffaCakes118

Files

17d3f1900ccb3e795fd671139d4fdf15_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d5c28044415afcb1aa28690ed9677ea8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
FindClose
LoadLibraryA
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
CreateFileW
SetLastError
FindFirstFileW
AddVectoredExceptionHandler
GetConsoleWindow
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetLastError
VirtualProtect
GetVersion
SetFileAttributesW
GetProcAddress
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
HeapAlloc
GetSystemTimeAsFileTime
GetCommandLineW
EncodePointer
DecodePointer
RaiseException
HeapFree
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
CreateSemaphoreW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
GetStdHandle
GetProcessHeap
GetFileType
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
InterlockedExchange
FreeLibrary
LoadLibraryExW
SetConsoleCtrlHandler
OutputDebugStringW
LoadLibraryW
HeapReAlloc
WideCharToMultiByte
GetStringTypeW
HeapSize
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
CloseHandle

ole32

StringFromIID
CoGetClassObject
CoTaskMemFree

advapi32

RegQueryValueW
RegOpenKeyW
RegCloseKey
RegSetValueW

Sections

.text
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5c28044415afcb1aa28690ed9677ea8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

advapi32

Sections

.text Size: 121KB - Virtual size: 120KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 4KB - Virtual size: 12KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 121KB - Virtual size: 120KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 4KB - Virtual size: 12KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 9KB - Virtual size: 9KB