89d7d4d58b8691bb4227caadd098a866_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

89d7d4d58b8691bb4227caadd098a866_JaffaCakes118
Size

202KB
MD5

89d7d4d58b8691bb4227caadd098a866
SHA1

66babca9673d34801bd59cd17f5a9bdb1f0fb72b
SHA256

b6d8c4a6ea47d3402ad8ff1a5cf7c3b85396521a10a2049cc6a9e247290020e0
SHA512

f340ac40f71ff5baf1e175be2ab8e0be72ad83e1c08d5cabf33e26baaffae6e090b2842638ad2c21464e739301a56d27c6c6ae4771e03ae7f1617db3e3c3ce44
SSDEEP

3072:kLXXUwEFny2btFc7H7dtLim5GecLBNjSz5tH11yutrMC9jnYj7LU:kLnJ+8j7dtLisGeAULKuthhYf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89d7d4d58b8691bb4227caadd098a866_JaffaCakes118

Files

89d7d4d58b8691bb4227caadd098a866_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4b2914c84975aa91a94a44bac82a6217

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
VirtualProtect
LocalAlloc
FlushConsoleInputBuffer
GetCPInfo
ConvertFiberToThread
_lopen
HeapValidate
OpenSemaphoreA
GetComputerNameA
lstrlenW
lstrlenA
CloseHandle
CreateFileA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceExA
EnumDateFormatsW
GetVolumeInformationA
SearchPathA
MapUserPhysicalPages
WriteConsoleA
SetStdHandle
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetLastError
HeapFree
RtlUnwind
GetStartupInfoW
LCMapStringA
LCMapStringW
HeapAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
GetLocaleInfoW

user32

GetClipboardFormatNameA
IsWindowEnabled
CharUpperBuffW
GetMenuInfo
GetCursor
RegisterDeviceNotificationW

advapi32

RegReplaceKeyA
RegSetValueExA
GetAce
SetSecurityDescriptorSacl
GetOldestEventLogRecord
LookupPrivilegeValueA

msimg32

TransparentBlt

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 541KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b2914c84975aa91a94a44bac82a6217

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msimg32

Sections

.text Size: 122KB - Virtual size: 122KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 17KB - Virtual size: 541KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 122KB - Virtual size: 122KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 17KB - Virtual size: 541KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 9KB - Virtual size: 9KB