5c9e2b97d5a4b86c6c64edf30f058f45_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5c9e2b97d5a4b86c6c64edf30f058f45_JaffaCakes118
Size

526KB
MD5

5c9e2b97d5a4b86c6c64edf30f058f45
SHA1

6a8434f83d4d160fd796e3a3f50a020cf5974903
SHA256

31b85fde884193b976d6cae2209bd2c95f13d6de5d0ff4206612a8768a0c65d6
SHA512

520b42812b6f305ec8ddd8601313dca8dab9fc02a0e102c392f1836519aaeb6fbe5beacef8bc83355343c959f40b6e8e5fe13507be67dc4e8c1c82fb3c3bc802
SSDEEP

6144:hoSg6+39FKBPWjllRX2R6XdJbI1OAw0k6qOk/Ur0Ed1t02apBHU4/3+4Vz+Eu0+J:hoDlmBPWjJ/Shrqx/krdAfT7Zu/Ci6+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
5c9e2b97d5a4b86c6c64edf30f058f45_JaffaCakes118

Files

5c9e2b97d5a4b86c6c64edf30f058f45_JaffaCakes118
.exe windows:5 windows x86 arch:x86

af0457a90da65509b0197bfc07d2def4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FatalAppExitW
OpenFileMappingW
GetLargestConsoleWindowSize
GetConsoleAliasesLengthW
UnmapViewOfFile
GetNumaAvailableMemoryNode
SetNamedPipeHandleState
ConnectNamedPipe
GetProcessTimes
GetProcessAffinityMask
GetQueuedCompletionStatus
CreateIoCompletionPort
HeapAlloc
SetConsoleTextAttribute
LocalAlloc
GetSystemPowerStatus
GetModuleHandleW
SetCalendarInfoW
SetThreadExecutionState
SetConsoleCursorPosition
GetEnvironmentVariableW
CommConfigDialogA
GetAtomNameW
CreateMailslotA
GetLastError
IsBadReadPtr
FindFirstVolumeMountPointW
SetFilePointer
WriteConsoleW
LCMapStringW
FindAtomW
_lopen
GetProcAddress
GetConsoleOutputCP
InterlockedIncrement
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
RaiseException
GetCommandLineW
HeapSetInformation
GetStartupInfoW
HeapFree
RtlUnwind
IsProcessorFeaturePresent
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetStringTypeW
MultiByteToWideChar
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryW
HeapReAlloc
CreateFileW

user32

GetCursorInfo
GetCaretPos

advapi32

InitializeAcl
GetAclInformation
BackupEventLogA

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 341KB - Virtual size: 393KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af0457a90da65509b0197bfc07d2def4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 68KB - Virtual size: 68KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 341KB - Virtual size: 393KB

.rsrc Size: 100KB - Virtual size: 100KB

.text
Size: 68KB - Virtual size: 68KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 341KB - Virtual size: 393KB

.rsrc
Size: 100KB - Virtual size: 100KB