0d84329f47df5383e4e9b6e4209c9bf5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d84329f47df5383e4e9b6e4209c9bf5_JaffaCakes118
Size

291KB
MD5

0d84329f47df5383e4e9b6e4209c9bf5
SHA1

b65df0e57581761084d903fa03fbc063e977c115
SHA256

d3198a872804d06a5e36029a592aff089a88a1d5242be3934e3361d04d3443dc
SHA512

fb45bf735c0ff2876104631fc3d0ad98ef49f1474685dfeb9b6d5210de0ea6e3cf69732bf37892cea9819d5041c10e36eaab7a850978589cc96bd873d37eeed1
SSDEEP

6144:vmZQ8o8/of4+zBiYmzrB/DPWo+RwOwJJJeKDcw:OZBT/9+IYmfpBcGz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d84329f47df5383e4e9b6e4209c9bf5_JaffaCakes118

Files

0d84329f47df5383e4e9b6e4209c9bf5_JaffaCakes118
.exe windows:6 windows x64 arch:x64

eff4e37b63f82aaeb4e3020ab7425914

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

E:\development\sec-test\target\release\deps\sec_test.pdb

Imports

advapi32

RegCreateKeyExW
RegDeleteTreeW
RegSetValueExW
RegCloseKey
SystemFunction036

kernel32

InitializeCriticalSection
LeaveCriticalSection
CloseHandle
ReleaseMutex
DeleteCriticalSection
FindClose
FreeEnvironmentStringsW
GetLastError
Sleep
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetCommandLineW
WriteFile
FlushFileBuffers
DuplicateHandle
SetFilePointerEx
EnterCriticalSection
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
GetProcessHeap
HeapAlloc
HeapFree
TlsGetValue
TlsSetValue
TlsAlloc
HeapReAlloc
AddVectoredExceptionHandler
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleW
GetStdHandle
FindNextFileW
CreateFileW
GetFileInformationByHandle
DeviceIoControl
FormatMessageW
GetModuleFileNameW
ExitProcess
CreateProcessW
CreateNamedPipeW
GetSystemTimeAsFileTime
GetConsoleMode
WriteConsoleW
GetConsoleCP
HeapSize
LCMapStringW
CompareStringW
GetStringTypeW
GetFileType
SetStdHandle
WideCharToMultiByte
MultiByteToWideChar
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer

Sections

.text
Size: 203KB - Virtual size: 202KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eff4e37b63f82aaeb4e3020ab7425914

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

Sections

.text Size: 203KB - Virtual size: 202KB

.rdata Size: 71KB - Virtual size: 71KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 10KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 148B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 203KB - Virtual size: 202KB

.rdata
Size: 71KB - Virtual size: 71KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 10KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 148B

.reloc
Size: 2KB - Virtual size: 2KB