41fe4ea8912918cedd6528ab99f3d999_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

41fe4ea8912918cedd6528ab99f3d999_JaffaCakes118
Size

320KB
MD5

41fe4ea8912918cedd6528ab99f3d999
SHA1

967db8aeaedbe4ad76021da4e71503d4c1fab91b
SHA256

f17cb51bf0478f3cfa8a1b10ce40811c44c6e72aa0efb1e13e34eaf1b01d8cbc
SHA512

f9781007658b4952c5414f24d0d40c14a396011a7e8a8d3babbb0ee6b17c25e5965756d47cf0d34c356ab2fa38bec9df7deeea36770ecb1ba3292073a4c3a11d
SSDEEP

6144:HP8EiLLJILgj8dVQP0K9348OEHQ2sZhZZg5vdjBIh8WAQU5RqYCxyFcTloO03/NX:HPxiLFILsJP084CU3MvNOh8LQU5UdlKN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41fe4ea8912918cedd6528ab99f3d999_JaffaCakes118

Files

41fe4ea8912918cedd6528ab99f3d999_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1d7381cf064adc243fa53947ba197d6a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleBaseNameW

kernel32

Sleep
GetCurrentProcess
lstrcpynA
HeapFree
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetCurrentProcessId
FindResourceExW
FreeLibrary
LoadResource
HeapAlloc
LoadLibraryExW
SizeofResource
LockResource
HeapReAlloc
UnmapViewOfFile
CloseHandle
GetModuleHandleW
GetProcAddress
ProcessIdToSessionId
Process32FirstW
Process32NextW
GetExitCodeProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
DuplicateHandle
TerminateThread
CreateThread
SetFilePointer
SetErrorMode
SetUnhandledExceptionFilter
SetFileAttributesA
PrepareTape
LoadLibraryA
GetTapeParameters
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
SetLastError
EnterCriticalSection
GetModuleHandleA
LocalAlloc
InterlockedExchange
RaiseException
GetSystemTimeAsFileTime
VirtualQuery
ExitProcess
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
HeapSize
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d7381cf064adc243fa53947ba197d6a

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 26KB - Virtual size: 42KB

.rsrc Size: 208KB - Virtual size: 208KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 26KB - Virtual size: 42KB

.rsrc
Size: 208KB - Virtual size: 208KB