0b48df26653f95dcd0e4647f598b716f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b48df26653f95dcd0e4647f598b716f_JaffaCakes118
Size

324KB
MD5

0b48df26653f95dcd0e4647f598b716f
SHA1

d1b1960fdb20229d978d549cc77b571e781b25d0
SHA256

e142bdb2adc02c50ea74aa2f319e5b6fbc0c49f31aa8c6c8e4d6664d3f754cfe
SHA512

a06ad57361f482306ea11f1b2d4694fccd3ee6eac6c41ff6a48e454bda9d8025352004e5b12c3771626c8df824d2eabb73e7a8903fc1589533ade35b2481c06a
SSDEEP

6144:5Q8lytAOew9qoTwk73ZU1H3uYK6PPzN6dgPGbQdYUl4YOlp8aOf:PyymR3ZCX7356dOMwqv3ef

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b48df26653f95dcd0e4647f598b716f_JaffaCakes118

Files

0b48df26653f95dcd0e4647f598b716f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dc48cdf6ca3aabb819320f7aa491ecea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantClear

ntdll

RtlAdjustPrivilege
NtAllocateVirtualMemory
RtlAddAccessAllowedAce

rpcrt4

RpcStringFreeW

user32

CharNextW

kernel32

DisableThreadLibraryCalls
lstrcpynW
LoadResource
SizeofResource
GetModuleFileNameW
DeleteCriticalSection
HeapDestroy
LoadLibraryExW
lstrlenW
GetStartupInfoA
FindResourceW
LeaveCriticalSection
FreeLibrary
GetLastError
lstrcatW
EnterCriticalSection
lstrlenA
InterlockedIncrement
InitializeCriticalSection
InterlockedDecrement
MultiByteToWideChar
lstrcmpiW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

msvcrt

wcscpy
_adjust_fdiv
wcsncpy
_purecall
malloc
wcslen
__CxxFrameHandler
wcsncat
_initterm
free
_except_handler3
realloc

advapi32

RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dc48cdf6ca3aabb819320f7aa491ecea

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

ntdll

rpcrt4

user32

kernel32

ole32

msvcrt

advapi32

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 1.4MB

.rdata Size: 298KB - Virtual size: 298KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 1.4MB

.rdata
Size: 298KB - Virtual size: 298KB

.tls
Size: 512B - Virtual size: 4KB