0b5b65bb0e13d8244c48443eadb4484b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b5b65bb0e13d8244c48443eadb4484b_JaffaCakes118
Size

1.1MB
MD5

0b5b65bb0e13d8244c48443eadb4484b
SHA1

ea600d4d152ce270eff39e946fda09e0391589b6
SHA256

975721dd1c8bf34eb1091278d33eccf5945c125225473942215d6dabd1b852e7
SHA512

b86278618b7af88a84d8b5fe9315663134c85c92af0a51fb40d6e913b48b96b2bc4e12b6efce5673dea0bb4f1618024cb95227360f9d775a5e5e190f6837e6ee
SSDEEP

12288:cYzyGRYUbgZun/9bRbn4PKG5um2jXh0CzKseOXBnHvyyqt9ChZl:cYP+IR6KGFSh0y3eOXBHay09I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b5b65bb0e13d8244c48443eadb4484b_JaffaCakes118

Files

0b5b65bb0e13d8244c48443eadb4484b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e5d1fdff61121441df83144b5baadc4b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
InterlockedExchange
GetModuleFileNameA
ReadFile
SetFilePointer
DeleteFileA
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
RtlUnwind
HeapReAlloc
RaiseException
GetLastError
GetFileAttributesA
GetCommandLineA
GetVersion
ExitProcess
LCMapStringA
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
HeapSize
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
Sleep
GetLocaleInfoW
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetUnhandledExceptionFilter
GetProcAddress
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
FlushFileBuffers
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
SetStdHandle
CreateFileA
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
LoadLibraryA
SetEndOfFile

user32

CharToOemA

ltmorph40

ord1

Exports

Exports

GetWWareObject

Sections

.text
Size: 420KB - Virtual size: 419KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 700KB - Virtual size: 707KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5d1fdff61121441df83144b5baadc4b

Headers

File Characteristics

Imports

kernel32

user32

ltmorph40

Exports

Exports

Sections

.text Size: 420KB - Virtual size: 419KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 700KB - Virtual size: 707KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 420KB - Virtual size: 419KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 700KB - Virtual size: 707KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 20KB