743cb916a0ab733306a059bbbd9cdea8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

743cb916a0ab733306a059bbbd9cdea8_JaffaCakes118
Size

106KB
MD5

743cb916a0ab733306a059bbbd9cdea8
SHA1

f6e09696a9a23bfeb55be97c67328e4bb3624ccb
SHA256

0aeb96e050a7b92fd2b9d447fa7cba6517fc194369f7de7fa69f86386cd15622
SHA512

053836189677a1ce3c464d33de58182f667af78d1765ff8f1b193716cecaa2cf150f5b62000984c50b72f1bf7b71d189ba57b9b843e8cd0c76ebeec6898c2224
SSDEEP

1536:IvXod1fuXvmSfzb6CQz5e1WbJO8Xas13ldT2mmlqJSTKRF0MNPlPtzRYTL:MXoX7SfI9+WFOwaqVdCmJnN1zRYT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
743cb916a0ab733306a059bbbd9cdea8_JaffaCakes118

Files

743cb916a0ab733306a059bbbd9cdea8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a6dc6386eae7f17e5b61aa505c6d1604

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalUnlock
FileTimeToDosDateTime
lstrlenA
FindResourceExW
LoadLibraryExW
ReadConsoleA
InterlockedDecrement
ScrollConsoleScreenBufferW
GetUserDefaultLCID
InterlockedCompareExchange
CallNamedPipeW
FreeEnvironmentStringsA
_lclose
SetTapeParameters
GetSystemTimeAsFileTime
WriteFile
TlsSetValue
LoadLibraryW
Sleep
GetVersionExW
DeleteVolumeMountPointW
LeaveCriticalSection
WritePrivateProfileStructW
SetConsoleMode
WriteConsoleW
lstrcatA
DisconnectNamedPipe
ReleaseActCtx
SetCurrentDirectoryA
GetLastError
IsDBCSLeadByteEx
GetProcAddress
BeginUpdateResourceW
CreateNamedPipeA
SetVolumeLabelW
WriteProfileSectionA
IsValidCodePage
GetLocalTime
LoadLibraryA
LocalAlloc
IsSystemResumeAutomatic
WaitForMultipleObjects
GetPrivateProfileSectionNamesA
GetOEMCP
GetThreadPriority
WaitCommEvent
GetCommTimeouts
EnumDateFormatsW
OpenSemaphoreW
AreFileApisANSI
lstrcpyA
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP
HeapSize
RtlUnwind
GetLocaleInfoA
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetModuleHandleA
RaiseException

Exports

Exports

_geek@8
_gekelberifin@8

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6dc6386eae7f17e5b61aa505c6d1604

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 80KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 5KB - Virtual size: 11.4MB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 11.4MB

.rsrc
Size: 11KB - Virtual size: 10KB