4b0b1948b1363ebbc213fbfa5d2a16b8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4b0b1948b1363ebbc213fbfa5d2a16b8_JaffaCakes118
Size

389KB
MD5

4b0b1948b1363ebbc213fbfa5d2a16b8
SHA1

f5893410b18a390125db63e53b6b75340e605881
SHA256

2f30b23b72722f0b7af7ba50644f1446f3143a09282acbe31ee170487d758378
SHA512

835753346a9f9b4bb55dad4d80f04ac3431299603d62a4ba2e45375f262b3d85efd52542593085e92adc304e39f7be3dd7950fe3a8caebd24dc3011c4ef5defb
SSDEEP

12288:yWSIdRIpSVTMuG9ObVmK0GLHOv6/5M49e:PdR4S+39OEK0GOy/5M4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
4b0b1948b1363ebbc213fbfa5d2a16b8_JaffaCakes118

Files

4b0b1948b1363ebbc213fbfa5d2a16b8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

86eaf9bcea3571a6e8c7f6cb25fe1b84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToDosDateTime
EnumResourceNamesW
lstrlenA
WritePrivateProfileStructA
GetNumberOfConsoleInputEvents
FindResourceExW
CallNamedPipeA
DeleteVolumeMountPointA
InterlockedDecrement
CreateJobObjectW
GetUserDefaultLCID
OpenSemaphoreA
_lclose
GetProcessPriorityBoost
CreateNamedPipeW
GetSystemTimeAsFileTime
ReadConsoleW
TlsSetValue
Sleep
GetVersionExW
WriteConsoleW
IsDBCSLeadByte
SetThreadPriority
GlobalUnlock
DisconnectNamedPipe
DeactivateActCtx
SetCurrentDirectoryA
GetLastError
GetTapeStatus
SetVolumeLabelW
ReadFileEx
EnterCriticalSection
_hwrite
SetFileApisToOEM
GetLocalTime
LoadLibraryA
LocalAlloc
BeginUpdateResourceA
WriteProfileSectionW
GetTapeParameters
WaitForMultipleObjects
GetPrivateProfileSectionNamesA
EnumDateFormatsA
GetModuleHandleA
LoadLibraryExA
GetCommTimeouts
FreeEnvironmentStringsW
VirtualProtect
LocalSize
lstrcpyA
GetCommandLineA
GetStartupInfoA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
HeapSize
ExitProcess
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
VirtualAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
RaiseException

user32

GetCursorPos

Exports

Exports

_geek@8
_gekelberifin@8

Sections

.text
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86eaf9bcea3571a6e8c7f6cb25fe1b84

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 359KB - Virtual size: 358KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 5KB - Virtual size: 11.4MB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 359KB - Virtual size: 358KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 11.4MB

.rsrc
Size: 16KB - Virtual size: 15KB