88983562d1e3b618aa88fec58dbea6a3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

88983562d1e3b618aa88fec58dbea6a3_JaffaCakes118
Size

351KB
MD5

88983562d1e3b618aa88fec58dbea6a3
SHA1

e3c892a4bd17e6e1642b830e559083aff08b42c4
SHA256

0806150318462ff77736adcb5e95f2c2cb26945f5c6db42e765dbfedcffbd8b7
SHA512

e323c3a0009e555a9ddc0b14c411817af4c69f5cd50f3da49afb7e5de875618688d8620ddad0e4d92983f9a0a7cfddfd750e8e13939fa213fa144002b46d29fb
SSDEEP

6144:Y+Rvg216cHRoSrSxdLrJ0NPabD+P/SMXPVA84zKXq6eMfQrCleJVfoN9Nee:FRvg216ckxdL109ab6ngNzKXq6f6fo3H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
88983562d1e3b618aa88fec58dbea6a3_JaffaCakes118

Files

88983562d1e3b618aa88fec58dbea6a3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4297e717ea89f54da2d691c2e6d047e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

NtInitiatePowerAction
RtlUnwind
RtlCreateUserThread

msvcrt

setbuf
free
malloc
_adjust_fdiv

user32

wvsprintfA
DrawFrame

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
ExitProcess
GetModuleHandleA
GetCurrentThreadId
SetLastError
LocalFree
GetTickCount
CloseHandle
DisableThreadLibraryCalls
ReleaseSemaphore
GetCurrentProcess
OutputDebugStringA
InterlockedCompareExchange
OpenSemaphoreW
LocalAlloc
WaitForSingleObject
GetProcAddress
QueryPerformanceCounter
LoadLibraryA
InterlockedPushEntrySList
SetUnhandledExceptionFilter
GetLastError
lstrlenW
GetCurrentThread

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegDeleteKeyW
TraceEventInstance
RegOpenCurrentUser

Sections

.text
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4297e717ea89f54da2d691c2e6d047e3

Headers

File Characteristics

Imports

ntdll

msvcrt

user32

kernel32

advapi32

Sections

.text Size: 73KB - Virtual size: 76KB

.data Size: 152KB - Virtual size: 151KB

.rdata Size: 110KB - Virtual size: 109KB

.bss Size: - Virtual size: 12KB

.idata Size: 1KB - Virtual size: 1KB

.crt Size: 512B - Virtual size: 54B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 73KB - Virtual size: 76KB

.data
Size: 152KB - Virtual size: 151KB

.rdata
Size: 110KB - Virtual size: 109KB

.bss
Size: - Virtual size: 12KB

.idata
Size: 1KB - Virtual size: 1KB

.crt
Size: 512B - Virtual size: 54B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 12KB - Virtual size: 11KB