6a33ac08a4bd2fc615b1a3b53eb6b0ce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a33ac08a4bd2fc615b1a3b53eb6b0ce_JaffaCakes118
Size

370KB
MD5

6a33ac08a4bd2fc615b1a3b53eb6b0ce
SHA1

ae9502273f1becfdc6077f9b018df29a925bec9c
SHA256

2a892f58492046fdd769d9c1bddd6f65fe409a6a75a1271b4a19d8f4149ed94b
SHA512

8463f99d18e95a90157e6eec9b19a55b0ca0590c5ab686ea957f357166518563a71462d8c771d744475d976541ede8b4a6ac14f77ab5f464c0158e45c40ed76b
SSDEEP

6144:Gz/aESMxhYDzVI+jhh2nnxe+LgRQ5xOSq5/sHS7zB+gdCT818m8H8b8X78vw8yuc:iyESM36RfjhhOH0Fj5/17zg9T818m8Hh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a33ac08a4bd2fc615b1a3b53eb6b0ce_JaffaCakes118

Files

6a33ac08a4bd2fc615b1a3b53eb6b0ce_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6af3323a5f93e590e047f729248f381c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr90

_amsg_exit
_encode_pointer
_decode_pointer
_encoded_null
__FrameUnwindFilter
_except_handler4_common
_cexit
_crt_debugger_hook

kernel32

GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetFileSize
WaitForSingleObject
SetEvent
GetModuleHandleW
GetTickCount
WriteFile
FileTimeToSystemTime
GetProcAddress
GetProcessId
LocalAlloc
Sleep

user32

UpdateWindow
LoadIconA
AnyPopup
RegisterClassA
GetCursor

gdi32

PlayMetaFileRecord

shell32

DragAcceptFiles

winhttp

WinHttpReadData

msvcp90

??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z

msvcm90

?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ

mscoree

_CorExeMain

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mysec
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mysec2
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6af3323a5f93e590e047f729248f381c

Headers

DLL Characteristics

File Characteristics

Imports

msvcr90

kernel32

user32

gdi32

shell32

winhttp

msvcp90

msvcm90

mscoree

Sections

.text Size: 5KB - Virtual size: 4KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 251KB - Virtual size: 310KB

.mysec Size: 512B - Virtual size: 10B

.mysec2 Size: 512B - Virtual size: 100B

.rsrc Size: 92KB - Virtual size: 91KB

.text
Size: 5KB - Virtual size: 4KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 251KB - Virtual size: 310KB

.mysec
Size: 512B - Virtual size: 10B

.mysec2
Size: 512B - Virtual size: 100B

.rsrc
Size: 92KB - Virtual size: 91KB