b386cb086e2e71b2c95d1d5e3fc9da84_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b386cb086e2e71b2c95d1d5e3fc9da84_JaffaCakes118
Size

5.1MB
MD5

b386cb086e2e71b2c95d1d5e3fc9da84
SHA1

9e02a9808346fc664381ddce10b40b0dcb34efb3
SHA256

8e3216bae5ee1348a40631704e1580c46cc0e991db3dffb2933362477e39beef
SHA512

73de170ee2d03c1f9c07e9930c96e3a370549e8413d1205ec362db85c2b754ade9ec5f26309416fd159b7e2aa730e6770ee32e85bad0e87683fc7353bf80dfec
SSDEEP

98304:QrfgbqLMe+Oogqp5iRKQO9Fo04zCYzl/OYBSrt2NBmpaBiQcoKdNRBHkgb:4vsgUIREctp2ySrt2NspFoKjbkgb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b386cb086e2e71b2c95d1d5e3fc9da84_JaffaCakes118

Files

b386cb086e2e71b2c95d1d5e3fc9da84_JaffaCakes118
.exe windows:6 windows x86 arch:x86

d7bec4fee2470e6b5df4c76403da2376

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

NtFreeVirtualMemory

kernel32

ReadFile
VirtualQuery
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetAsyncKeyState
GetProcessWindowStation
GetProcessWindowStation
GetUserObjectInformationW

advapi32

QueryServiceStatus

wtsapi32

WTSQuerySessionInformationW
WTSSendMessageW

Exports

Exports

AmdPowerXpressRequestHighPerformance
Brainstorm
NvOptimusEnablement

Sections

feslwue
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

zhnzkep
Size: 353KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

cevrohb
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

eflrsdr
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kutozbg
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fqfeolm
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

mdyjeso
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7bec4fee2470e6b5df4c76403da2376

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

user32

advapi32

wtsapi32

Exports

Exports

Sections

feslwue Size: 306KB - Virtual size: 306KB

zhnzkep Size: 353KB - Virtual size: 352KB

cevrohb Size: 5KB - Virtual size: 8KB

eflrsdr Size: 512B - Virtual size: 1B

kutozbg Size: 2.3MB - Virtual size: 2.3MB

fqfeolm Size: 1.9MB - Virtual size: 1.9MB

mdyjeso Size: 363KB - Virtual size: 362KB

feslwue
Size: 306KB - Virtual size: 306KB

zhnzkep
Size: 353KB - Virtual size: 352KB

cevrohb
Size: 5KB - Virtual size: 8KB

eflrsdr
Size: 512B - Virtual size: 1B

kutozbg
Size: 2.3MB - Virtual size: 2.3MB

fqfeolm
Size: 1.9MB - Virtual size: 1.9MB

mdyjeso
Size: 363KB - Virtual size: 362KB