9f35961be31f1f9cdf24d5e20b9536fe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9f35961be31f1f9cdf24d5e20b9536fe_JaffaCakes118
Size

1.3MB
MD5

9f35961be31f1f9cdf24d5e20b9536fe
SHA1

24bcf0ceee1bbbb600c40523edd111cd85437b03
SHA256

3642ba0e262f576c152453beb30380803be88543afe6a229d2dc77ebe03531b4
SHA512

ebff14431181963ca10dac24e25e7068f75146881ac1d947ca4c01c4e5e0fdd802f1f47207b20c59136473c39b93de2ccb5bbd579f41af2d5e1a08399c23e08d
SSDEEP

24576:9XD5Kwyx/C4jHYDvUi6vx/OyWgWwZUT85idv8ImYODvzh5kiU8tjvvU/axmdRdRu:lD5KwPy4Dv/sZxRiN8I7avzPkiU8t7U9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9f35961be31f1f9cdf24d5e20b9536fe_JaffaCakes118

Files

9f35961be31f1f9cdf24d5e20b9536fe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

193cfc85c919097f05d4ee6942223f4d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\8.10.2018\GostWell\Release\Dropper.pdb

Imports

kernel32

CreateDirectoryW
Sleep
GetTempPathW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetCurrentThreadId

shell32

ShellExecuteW

msvcp90

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?uncaught_exception@std@@YA_NXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

msvcr90

_acmdln
_initterm
_initterm_e
_configthreadlocale
exit
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_ismbblead
_XcptFilter
_cexit
__getmainargs
_amsg_exit
fclose
fwrite
_waccess
_wfopen
__setusermatherr
_exit
__CxxFrameHandler3

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

193cfc85c919097f05d4ee6942223f4d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

shell32

msvcp90

msvcr90

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 1.3MB - Virtual size: 1.3MB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 1.3MB - Virtual size: 1.3MB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 3KB - Virtual size: 3KB