670d14a62b3916524496994b252b0fec_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

670d14a62b3916524496994b252b0fec_JaffaCakes118
Size

4.8MB
MD5

670d14a62b3916524496994b252b0fec
SHA1

f560a44800256752af376b550d37d05c19e57087
SHA256

8b1b54ac804f5d3eb654f107131fced3eefa4f1ab7fe85d3d984abd9bed87f97
SHA512

c1ec60a8edc80f0261793616143803ad8bc6d5c8b05681bce30ce69b9ae35e012787d564d95fe72dba94e51432c014fabac50dbfaffda9ed8fa4b33522528c51
SSDEEP

98304:FL7isH8hzaY2u95I4+PqcKT1V41YCpzugG3yP9ggIKcGV:FLm/Mud+Pqc/YCcJyF/p5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
670d14a62b3916524496994b252b0fec_JaffaCakes118

Files

670d14a62b3916524496994b252b0fec_JaffaCakes118
.exe windows:6 windows x64 arch:x64

b521ee95a61d147e0479f2b2e776493b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

SetPriorityClass
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

ShowWindow
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

ole32

CoSetProxyBlanket

oleaut32

SysFreeString

msvcp140

_Query_perf_counter

urlmon

URLOpenBlockingStreamW

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp

api-ms-win-crt-string-l1-1-0

strcpy_s

api-ms-win-crt-runtime-l1-1-0

_set_app_type

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-stdio-l1-1-0

fwrite

api-ms-win-crt-heap-l1-1-0

malloc

api-ms-win-crt-filesystem-l1-1-0

_lock_file

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

ceilf

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

wtsapi32

WTSSendMessageW

Exports

Exports

bٳ�X{� �o��,�P�{�o;Aqbp=r/Ԓ6{�w��A+��e�~��(n�Uk̓$#:�9��]��A�r�M ZM(��ܬw�%��P-��FE�;�!;^��io1��d�6M��\;.�^�cNxOL��Jg�M��mXܥ�j��<c�?��l.4 3� �?�{�n �c�K�"��K�k-F��A.C�WC��(Tm�%>C��N��X̪]��I�#Ց�[ϱ4>K��@�F{��F��'r��9��s(�p�{��uH� vᮽ�?�� E��s)��)��@dT��(�R��mt��O�"��%��ǔ�CA��`��P8R��}]�0�}��Xf�d��~Ӕ��|�ж��iaY��`qdvw��u�z�P٧�~�V��Aվo�6/��,��@s��,��|��8��2q�Ԍ؟w��OÑ��`�]��wL��^A��h*��Cu9��D��t�'�� )&RY�5~mzL��b��9�3C n�QKWݸτ�O ��;'t��j�/��8p�A{�k��P��Ojᔇ��Q�X+?)��mw�S�s��u��8��;��g7�x��!�F��/ M�|c�lp��2A�_*�ܶ�o� U؅+<��OI3R�4� �/*��~!|��L�ڵZJ��n��s�Evth�U�3��(4�y��521eG_�U��Gv��pK��j��CNZ��/$�Yӡ��ɆE�=A��F�'��(�E��4`�^��r��b�)��_�av3��-A�F[X��n�)h8�j�9�� k��Y܆Is�Nڎ_�m��s�!�$�ʘ sH�� i�ﮞ�P��d��&9+o��^��_��W�j�[w��R��_�o� �,p�j�pA׳�"Mh�dXp�^L��婑}��-㼔Y�l��\��v��?��܅Ww~p�>��#��I��c�8��7eDN�+r�wb��x�NI#�0ײ�Hv��וt`^G�s�)@u1Q ��h3��Ao�Ej�Q��f�~#��L-a��{�-�b��qC�((��KA�.�\�4ý��^�m��o";�,x%�m ��|[��'�� {�L8��/nEbn�.!�.֌��a�|Z_2 �)e��I��w��%�ϧ�"�Rl�;Nuk݉��K��/H6K^�%3oAѕ�x.��|N.3J�2�1xf��iV��Y(�ΦIes��T��`�7�K$h(dc��@7�Ɯ��w�-�r� (�x�e�qn��Wb��Y6�=v~q�u�0'>��k��-�� ֨h��̃��Dp��@{,��O��9�� cȖ�sz_Ix6�ak;�$��XL�{��e�*��~�S�I�n�r��%z�� hr4�6�#��S��%g=�SF�v��9�f��9�% .e9��]�϶i�3-_Pv"^��8'�?��/(E�m�f�j:;[ڇE��>�T��|��)-�O��{M��2יQ4�w��7�mV��@$�(��>�>Ry�>O"��z�r &�o~?��fB��`�ġ��ȭbd]�L�fy#0�lX��0=&0q�ǿ�4��`l̦T�g:�@Pbx��]��D�3��>i&w�fRtS�o)ZC[�7(L ix��M>e�/'��r��iC8c�҄΃K��B�f�h��G��ȹ7��Vh-�S��YY�@��k�]��j<�CI��R�s+��;�QD�<C�s�6wͣbO��X].��Ҭs�3��t��%G+�ط�tqfi��a�=G 9F��C�"#�C��6'�z�-��/6%��A,t��i�b��Z��I"��2�qe\�~ϯ�PL��ƻ{�B�Hb̒桁6�D��nU�LF�up[��Ӡj<<�ۻ�l 2Fh��|"6ь�X�U��%��l��A�<�{]�qް��;�aӋ��H�WӉ�.��sc[�;�p��0(gf��t��Ӯ�P7�0�x\�� Ha}\�ňXز�+�[�f�ն3�gA�Tև�R".�s�a[�f�{�hx�:��w:�o��$��7d.4�Ha��r7G?f�$��iϏ� ��XT"�s�� &E��{�B*��SeS ��1�޹V��T�T��i|��x[�l�I1��ǔ�P��؛�`/o<z֩��Jtj�m17[x=9Rj� z�4�(��,�PA`]�r�0|��E��o��3�g�ba�$�E�}[�ŕ� �4�3�p�8�o#�EQ~kO��ݿ�*Smn� u�8?-��"��Yj�I�6�~ߴ6�Ű�D��:��8�W5�M�ϓu�m�Ux e��0�u��7rq��Vz>,��"Yt1�S>X�:��J��}V�x6�"/�[>kӸ!��΂��b��"'�w�Eo��x��81�Rۺ��[�/� j�Ǝ��d�/�[�tGd��6�VNy��l�T�!�7�,}�P��d,��w��`Cj�D0��d&�|7�Zy��ꋋ��8��g�}��hv��~-S�7=�_p��L�jj��AM+X��!$�$��|��W�Y��v��ç\�°Τ��r�Hy��U4S��"��|<��#��d(E��I |��z�L��T[m�k}E��`�w��c�Qt�=/�%�� }L?O �� s�Pk�:�ڒ�Z� ��^�l�-��a��q� ��L�[��x|�<� z�^Z��SR�_��sr��N�9H7�� 9��"�dLw��b��S��R��^��+A�p��0��R�0,��d��i��z��Σ��@��A��F�;��˟f\��r�ZI�� x��

Sections

.text
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sys0
Size: - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sys1
Size: 4.8MB - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b521ee95a61d147e0479f2b2e776493b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

msvcp140

urlmon

vcruntime140_1

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 68KB

.rdata Size: - Virtual size: 22KB

.data Size: - Virtual size: 3KB

.pdata Size: - Virtual size: 3KB

.sys0 Size: - Virtual size: 3.1MB

.sys1 Size: 4.8MB - Virtual size: 4.8MB

.rsrc Size: 512B - Virtual size: 469B

.text
Size: - Virtual size: 68KB

.rdata
Size: - Virtual size: 22KB

.data
Size: - Virtual size: 3KB

.pdata
Size: - Virtual size: 3KB

.sys0
Size: - Virtual size: 3.1MB

.sys1
Size: 4.8MB - Virtual size: 4.8MB

.rsrc
Size: 512B - Virtual size: 469B