b0c8bd4c3d747e84bd46e8d5167b9263_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b0c8bd4c3d747e84bd46e8d5167b9263_JaffaCakes118
Size

467KB
MD5

b0c8bd4c3d747e84bd46e8d5167b9263
SHA1

b9b925625bb047dc7a39978bd2c4f70160452b47
SHA256

223ebb84039eb0a3bb87f74bd35e5bd065c3cb508f381f085f9b43d33fc497a1
SHA512

abca53391d8067f565f1b80e3e550a1d4709abc509c377a1486ec2481cbcf14539782abb88b5a461374f18d5b2b2cd81b2f0acb245755451503e6d34ec06675e
SSDEEP

12288:mSwV/kMfszWNDSUZx8m5wyhcvBpXCXX+VaQj:9mcMDDSUZem5ADau

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0c8bd4c3d747e84bd46e8d5167b9263_JaffaCakes118

Files

b0c8bd4c3d747e84bd46e8d5167b9263_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6bac80c9f998b37090d5cd42f445f790

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

PulseEvent
CreateFileA
CreateMutexW
TryEnterCriticalSection
AllocConsole
FindActCtxSectionGuid
InterlockedDecrement
GetCurrentProcess
ZombifyActCtx
InitializeSListHead
GetTimeFormatA
GetModuleHandleW
GetConsoleTitleA
ReadConsoleW
WaitNamedPipeW
WriteFile
AddRefActCtx
GetSystemPowerStatus
ReadProcessMemory
HeapValidate
GetFileAttributesW
VerifyVersionInfoA
GetModuleFileNameW
ReleaseActCtx
GetHandleInformation
SetLastError
GetProcAddress
AttachConsole
BackupWrite
GetConsoleDisplayMode
VerLanguageNameW
LocalAlloc
HeapLock
SetConsoleWindowInfo
GetTapeParameters
EnumDateFormatsA
SetConsoleTitleW
GetModuleHandleA
GetPrivateProfileSectionA
OpenEventW
ReleaseMutex
GetCurrentProcessId
LocalFree
LCMapStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
ExitProcess
GetLastError
GetStdHandle
GetModuleFileNameA
HeapFree
CloseHandle
TerminateProcess
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
SetFilePointer
GetStringTypeA
GetStringTypeW
LCMapStringA

Exports

Exports

@GetSecondVice@0
@GetVice@0

Sections

.text
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 35.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.haroyov
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.kic
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bac80c9f998b37090d5cd42f445f790

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 390KB - Virtual size: 390KB

.data Size: 32KB - Virtual size: 35.5MB

.haroyov Size: 512B - Virtual size: 1B

.kic Size: 1024B - Virtual size: 963B

.rsrc Size: 42KB - Virtual size: 42KB

.text
Size: 390KB - Virtual size: 390KB

.data
Size: 32KB - Virtual size: 35.5MB

.haroyov
Size: 512B - Virtual size: 1B

.kic
Size: 1024B - Virtual size: 963B

.rsrc
Size: 42KB - Virtual size: 42KB