09101f49897c9ff2ab296d706a735dd7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

09101f49897c9ff2ab296d706a735dd7_JaffaCakes118
Size

113KB
MD5

09101f49897c9ff2ab296d706a735dd7
SHA1

e7b858e8559365219f23e414c3ed6d7cf27197f8
SHA256

3273779700bad0116c78c9724c76ecc1999dc3327150e13b91047ed3dce4c4ac
SHA512

52bd2650d145fa1eeda6369511f580ed9b74cde254e1d71b1cba997ed387faa8442d797034407557a141684907d52014725655118e5c86cbbe70f53a1b5ff04f
SSDEEP

1536:JsLihNNyPGRjoi9V6aET5YVqrA3uAdwp/u088wo5VHbbC0l9yC5xutqak7bTr:JsLOrjoi9sbOUA3CAlKhJYC5QtQP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09101f49897c9ff2ab296d706a735dd7_JaffaCakes118

Files

09101f49897c9ff2ab296d706a735dd7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a30a0500e42c1c2a47d73d6b33cde834

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
SearchPathW
SetPriorityClass
SetFilePointer
LoadResource
SetUnhandledExceptionFilter
InterlockedIncrement
_lwrite
ReadConsoleA
CompareFileTime
OpenSemaphoreA
ConnectNamedPipe
CallNamedPipeW
GetProcessPriorityBoost
GetModuleHandleW
SetCommState
GlobalAlloc
Sleep
CopyFileW
GetPrivateProfileStructW
SetSystemTimeAdjustment
GetFileAttributesW
IsBadWritePtr
EnumResourceNamesW
ExitThread
lstrlenW
FreeLibraryAndExitThread
SetLastError
GetProcAddress
SetStdHandle
SetFileApisToOEM
GetLocalTime
LoadLibraryA
BuildCommDCBAndTimeoutsW
IsSystemResumeAutomatic
GetTapeParameters
WaitForMultipleObjects
SetEnvironmentVariableA
lstrcatW
FreeEnvironmentStringsW
GetCurrentDirectoryA
FindAtomW
GetProfileSectionW
lstrcpyA
GetACP
FileTimeToDosDateTime
GetLastError
MoveFileA
GetStartupInfoW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
GetModuleHandleA
RaiseException

Exports

Exports

_gekkon@4
_gifgeek@8

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 43.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a30a0500e42c1c2a47d73d6b33cde834

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 6KB - Virtual size: 43.5MB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 6KB - Virtual size: 43.5MB

.rsrc
Size: 12KB - Virtual size: 12KB