5004b4476b444d2c4844d2212c5846b8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5004b4476b444d2c4844d2212c5846b8_JaffaCakes118
Size

3.7MB
MD5

5004b4476b444d2c4844d2212c5846b8
SHA1

ef16ea49568cdd9625df3683ebabc06378fc23fb
SHA256

f5eadcf63b4c9c6b3bf4cf6b852e40eb87486a407909a0ca12b1367ce7d11dbb
SHA512

c71eff6d9cdfefbfe9326a7d5e200ed84219b76b27459509c214b577a2e7084d67d446c61fd9ce39b568fc814a77e36703b5cf2e5a8e70cc0bee81376a479d1f
SSDEEP

98304:/elwVfg+xRnkkfusDPj8+WKGC+w0E48W:mlwzPkGPjVGC+DE48W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5004b4476b444d2c4844d2212c5846b8_JaffaCakes118

Files

5004b4476b444d2c4844d2212c5846b8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

79a1e51475910db8ccaf17a8f3958e04

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\befarem.pdb

Imports

kernel32

SetEvent
GetNumaAvailableMemoryNode
GetModuleHandleW
GetTickCount
GlobalAlloc
SizeofResource
SetConsoleMode
TerminateProcess
GetACP
GetStringTypeExA
GetProcAddress
InterlockedCompareExchange
GetProcessWorkingSetSize
CreateEventW
FindFirstChangeNotificationA
GetCommTimeouts
lstrcatW
GetCurrentThreadId
FindActCtxSectionStringW
DeleteFileA
GetUserDefaultLCID
_lwrite
UpdateResourceA
SetEndOfFile
EnumDateFormatsExW
GetNumaNodeProcessorMask
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLastError
HeapFree
CloseHandle
SetFilePointer
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsGetValue
TlsSetValue
SetLastError
Sleep
ExitProcess
RtlUnwind
SetStdHandle
FlushFileBuffers
WriteConsoleW
MultiByteToWideChar
LCMapStringW
GetStringTypeW
HeapAlloc
LoadLibraryW
GetModuleFileNameW
CreateFileW

user32

GetCaretPos

advapi32

GetPrivateObjectSecurity
AddAuditAccessAce
DestroyPrivateObjectSecurity

winhttp

WinHttpCreateUrl

msimg32

TransparentBlt

Exports

Exports

@Sticky@16

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3.6MB - Virtual size: 54.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.foru
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79a1e51475910db8ccaf17a8f3958e04

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

winhttp

msimg32

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 32KB

.data Size: 3.6MB - Virtual size: 54.3MB

.foru Size: 10KB - Virtual size: 14KB

.rsrc Size: 11KB - Virtual size: 10KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 33KB - Virtual size: 32KB

.data
Size: 3.6MB - Virtual size: 54.3MB

.foru
Size: 10KB - Virtual size: 14KB

.rsrc
Size: 11KB - Virtual size: 10KB

.reloc
Size: 18KB - Virtual size: 18KB