3906bac2d392f85e18ca03c5bf15da72_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3906bac2d392f85e18ca03c5bf15da72_JaffaCakes118
Size

206KB
MD5

3906bac2d392f85e18ca03c5bf15da72
SHA1

ae1b26685e19d54e6b77674a2845df487678ed26
SHA256

7e5a30abc6deff1ff15e54352966fb9947ebf1b1687f6f26177a4f8967ba97ea
SHA512

614a5912350ae94f66f8eba3e59c1fc123947173fc0579a3dbddb575160110df5bf74b9608d6e2bb7fe9bd97d7b80b856d9f92d6e5b1e4c72669e999bb1ef49b
SSDEEP

3072:ZiA2LrToQl++lUKfmgUkueC6yrKry8Uf1KlwOeGk8:0A2L4xSibk5CleryG08

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3906bac2d392f85e18ca03c5bf15da72_JaffaCakes118

Files

3906bac2d392f85e18ca03c5bf15da72_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2c010732ebe5672c39f17b92c057613d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_SYSTEM

Imports

kernel32

SetProcessWorkingSetSize
GetCurrentProcess
GetThreadTimes
ExitThread
TerminateThread
GetLastError
SetStdHandle
SetHandleInformation
LocalAlloc
GetCommTimeouts
TransmitCommChar
lstrcpyA
WriteFileGather
GetModuleHandleW
AddAtomW
SetComputerNameExW
SetConsoleCtrlHandler
GlobalMemoryStatus
GetCommConfig
GetProcAddress
CloseHandle
WriteConsoleW
SetFilePointerEx
GetConsoleMode
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineA
IsProcessorFeaturePresent
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsDebuggerPresent
SetLastError
GetCurrentThreadId
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
OutputDebugStringW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
CreateFileW

advapi32

GetSecurityDescriptorControl
GetSecurityDescriptorDacl

winhttp

WinHttpWriteData
WinHttpConnect
WinHttpQueryDataAvailable

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 69KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.version
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.version
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c010732ebe5672c39f17b92c057613d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

winhttp

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 26KB - Virtual size: 26KB

.text Size: 69KB - Virtual size: 76KB

.version Size: 512B - Virtual size: 1B

.version Size: 1024B - Virtual size: 4KB

.rsrc Size: 43KB - Virtual size: 43KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 26KB - Virtual size: 26KB

.text
Size: 69KB - Virtual size: 76KB

.version
Size: 512B - Virtual size: 1B

.version
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 43KB - Virtual size: 43KB

.reloc
Size: 5KB - Virtual size: 4KB