6baa71534acbd51aa0257e82e9da22ba_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6baa71534acbd51aa0257e82e9da22ba_JaffaCakes118
Size

3.7MB
MD5

6baa71534acbd51aa0257e82e9da22ba
SHA1

856caabfdcdd04576515e98ebd5a8bb40223ce65
SHA256

c1867a6d37b29848d6c0b7a8c0c4a978230dd74f71ecd2f08af5cb5a1f376cf4
SHA512

d2165aa1c77d0f9be44b4b7e4694999bde6533a851ca1969666eb4a9e7ae6cbcd61a09bb429cda1a37e5a698c895b8bd52a37332884db0610e06ce7abf61fdce
SSDEEP

98304:/PfHJlZCpTScvcFSXIDVT1wQyB+MRlx5MpcJs1w0R:/XnZCiF4IDVeQq/lxuksF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
6baa71534acbd51aa0257e82e9da22ba_JaffaCakes118

Files

6baa71534acbd51aa0257e82e9da22ba_JaffaCakes118
.exe windows:5 windows x86 arch:x86

447972cc6852282f6940e66336a5c086

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
lstrlenA
WritePrivateProfileStructA
SetLocalTime
GetNumberOfConsoleInputEvents
FindResourceExW
LoadLibraryExW
ReadConsoleA
InterlockedDecrement
CompareFileTime
GetUserDefaultLCID
InterlockedCompareExchange
OpenSemaphoreA
CallNamedPipeW
FreeEnvironmentStringsA
_lclose
SetTapeParameters
GetProcessPriorityBoost
CreateNamedPipeW
GetSystemTimeAsFileTime
WriteFile
TlsSetValue
GlobalAlloc
Sleep
DeleteVolumeMountPointW
IsDBCSLeadByte
lstrcatA
SetThreadPriority
GlobalUnlock
DisconnectNamedPipe
DeactivateActCtx
CreateJobObjectA
GetLastError
GetProcAddress
BeginUpdateResourceW
SetVolumeLabelW
WriteProfileSectionA
IsValidCodePage
EnterCriticalSection
_hwrite
LoadLibraryA
WriteConsoleA
LocalAlloc
SetCurrentDirectoryW
SetFileApisToANSI
GetTapeParameters
WaitForMultipleObjects
GetPrivateProfileSectionNamesA
GetOEMCP
EnumDateFormatsA
WaitCommEvent
GetModuleHandleA
GetCommTimeouts
CreateMutexA
RequestWakeupLatency
GetVersionExA
LocalSize
lstrcpyA
GetCommandLineA
GetStartupInfoA
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
RaiseException

Exports

Exports

_geek@8
_gekelberifin@8

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fayo
Size: 512B - Virtual size: 357B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pax
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

447972cc6852282f6940e66336a5c086

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 9KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 3.3MB

.fayo Size: 512B - Virtual size: 357B

.pax Size: 1024B - Virtual size: 4KB

.rsrc Size: 15KB - Virtual size: 23KB

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 3.3MB

.fayo
Size: 512B - Virtual size: 357B

.pax
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 15KB - Virtual size: 23KB