9e3111302c92059eb6062aacd98d26a8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9e3111302c92059eb6062aacd98d26a8_JaffaCakes118
Size

202KB
MD5

9e3111302c92059eb6062aacd98d26a8
SHA1

3acbb07fdb2674208d8f6757b4f640e21083a4be
SHA256

d555ce44fb36cf92eff841e4881f33be598c1231c52c23868cf6eddf5196be8d
SHA512

93d8f923b75308afe275107250a844ffb0c2c1a62342549ae83191a6fa0d97289fcebde2fea889f60fd44aae6338b69016020478dbd3e9b5aa2bdf9a74072ffe
SSDEEP

3072:7CMcFKLjxg6r5ocxe6pDdpeEOAtw7rYpXSVsPH9:mMDLjxg6dxeMmEJtkr2Xvf9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9e3111302c92059eb6062aacd98d26a8_JaffaCakes118

Files

9e3111302c92059eb6062aacd98d26a8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c436d36adcbdeaf0cafc4f310b858fbe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexW
lstrcpynA
FindActCtxSectionGuid
SetConsoleTextAttribute
ReadConsoleA
InterlockedDecrement
GetCurrentProcess
ZombifyActCtx
SetDefaultCommConfigW
InitializeSListHead
SetHandleInformation
GetTimeFormatA
BackupSeek
GetModuleHandleW
GenerateConsoleCtrlEvent
GetProcessHeap
WaitNamedPipeW
WriteFile
GlobalAlloc
AddRefActCtx
Sleep
GetSystemPowerStatus
FreeConsole
ReadProcessMemory
GetFileAttributesW
SetSystemPowerState
GetModuleFileNameW
CreateFileW
SetConsoleTitleA
DeactivateActCtx
LCMapStringA
VerifyVersionInfoW
SetLastError
GetProcAddress
GetTapeStatus
GetConsoleDisplayMode
VerLanguageNameW
ResetEvent
HeapLock
EnumDateFormatsA
GetModuleHandleA
CreateMutexA
GetConsoleTitleW
OpenEventW
DeleteCriticalSection
GetPrivateProfileSectionW
LocalFree
CommConfigDialogW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
ExitProcess
GetLastError
GetStdHandle
GetModuleFileNameA
HeapFree
CloseHandle
TerminateProcess
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
GetStringTypeA
GetStringTypeW
LCMapStringW
CreateFileA

Exports

Exports

@GetSecondVice@0
@GetVice@0

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 69KB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.nosijef
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c436d36adcbdeaf0cafc4f310b858fbe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 45KB

.data Size: 69KB - Virtual size: 5.4MB

.nosijef Size: 1024B - Virtual size: 963B

.rsrc Size: 85KB - Virtual size: 85KB

.text
Size: 45KB - Virtual size: 45KB

.data
Size: 69KB - Virtual size: 5.4MB

.nosijef
Size: 1024B - Virtual size: 963B

.rsrc
Size: 85KB - Virtual size: 85KB