0d4c55a64ab9f6e3b51ea07d8b68f62f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d4c55a64ab9f6e3b51ea07d8b68f62f_JaffaCakes118
Size

93KB
MD5

0d4c55a64ab9f6e3b51ea07d8b68f62f
SHA1

b113cf47fe76b7ae83c17a2dfa23c87792eaaaf2
SHA256

45b0f31604af74e75a31b52a77be53af708b35fa63aa2b66af0974981ee18af2
SHA512

99410308e64e7586311d1d03908a292d85855a604669d76d1439c94dabc022560b3a4413bb6283b44eb0afed8cbefaa2639e353caf3a9e8aa2d21415819663af
SSDEEP

1536:OZWFoIoBTY1i4T7i1XoKVtqhvNCWHV+bymNbvih:xSTYsu7iPVtgvNCcV+GmNmh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d4c55a64ab9f6e3b51ea07d8b68f62f_JaffaCakes118

Files

0d4c55a64ab9f6e3b51ea07d8b68f62f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a6840fce3bdef5ebf10ae6e930a186f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileSize
lstrcmpA
MoveFileExA
lstrcpynA
ExpandEnvironmentStringsA
GetFileAttributesA
CreateDirectoryA
SetCurrentDirectoryA
FindFirstFileA
GetLastError
SetLastError
RemoveDirectoryA
SetFileAttributesA
FindClose
FindNextFileA
GetCurrentDirectoryA
CloseHandle
DeleteFileA
lstrcpyA
SetFilePointer
lstrlenA
CreateFileA
MapViewOfFile
UnmapViewOfFile
SetConsoleTextAttribute
WritePrivateProfileSectionA
WriteFile
WideCharToMultiByte
Sleep
ReadFile
lstrcatA
GetStdHandle
CopyFileA
GetPrivateProfileStringA
GetLocalTime
WriteConsoleA
CreateFileMappingA
GetConsoleScreenBufferInfo
WritePrivateProfileStringA
GetPrivateProfileStructA
RtlUnwind
LoadLibraryW
WritePrivateProfileStructA
GetFullPathNameA
HeapSize
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
DeleteCriticalSection
GetStartupInfoW
HeapReAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
GetCommandLineA
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetModuleHandleW
GetCurrentThreadId
GetProcAddress
HeapFree
HeapAlloc
LCMapStringW
MultiByteToWideChar
RaiseException
ExitProcess

user32

CharNextA
CharUpperA

advapi32

IsTextUnicode

shlwapi

wnsprintfA
PathCombineA
PathSearchAndQualifyA
PathAddBackslashA
PathIsRelativeA
PathAppendA
PathIsDirectoryA

setupapi

SetupFindNextLine
SetupGetLineCountA
SetupDiGetActualSectionToInstallExA
SetupOpenInfFileA
SetupGetLineTextA
SetupGetFileCompressionInfoExA
SetupGetIntField
SetupGetSourceFileLocationA
SetupDecompressOrCopyFileA
SetupFindNextMatchLineA
SetupCloseInfFile
SetupGetFieldCount
SetupFindFirstLineA
SetupGetStringFieldA
SetupEnumInfSectionsA
SetupGetLineByIndexA

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6840fce3bdef5ebf10ae6e930a186f6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shlwapi

setupapi

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 3KB - Virtual size: 77KB

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 3KB - Virtual size: 77KB

.rsrc
Size: 17KB - Virtual size: 17KB