22d90575e4e680655d302d6ebd2a49ab_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

22d90575e4e680655d302d6ebd2a49ab_JaffaCakes118
Size

162KB
MD5

22d90575e4e680655d302d6ebd2a49ab
SHA1

6f588e23735f86cc99062470c0d5058fe1b618e3
SHA256

8352a3180f814baee9e9173705b89034adb32e3b3405ae582b77d73b8e6ce6e8
SHA512

4c611fb80e5dbdf88399db350cb685e350538060d33bfc39d0e0be44f26e49825e52ab4ba5dbdae30e1f327e3995772a377b0c685c7d71c9f3c89fcec13cd336
SSDEEP

3072:6CvWuLsdylHCgyiavLlAJY9LMMuZ5PFIJV:6fuAQzyZvLlhlMnD9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
22d90575e4e680655d302d6ebd2a49ab_JaffaCakes118

Files

22d90575e4e680655d302d6ebd2a49ab_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d607a4f1f8161f0070b747423f49a6e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Front\age\Table\neverhow.pdb

Imports

kernel32

Sleep
CreateSemaphoreA
GetModuleFileNameA
VirtualProtect
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualFree
HeapCreate
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapAlloc
GetLastError
HeapFree
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetModuleHandleA

wsnmp32

ord300
ord201
ord203
ord903
ord105
ord101
ord605
ord601
ord220
ord400
ord501
ord500
ord600
ord301
ord606
ord204
ord205
ord120
ord103
ord902
ord604
ord107
ord302
ord206
ord104
ord603
ord602
ord100
ord202
ord901
ord102
ord320
ord900
ord200
ord222
ord402
ord221
ord106
ord904
ord401
ord504

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d607a4f1f8161f0070b747423f49a6e7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

wsnmp32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 21KB - Virtual size: 20KB

.data Size: 30KB - Virtual size: 94KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 30KB - Virtual size: 94KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB