20d68dbd2e8aad57e0bfe55946db3ad2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

20d68dbd2e8aad57e0bfe55946db3ad2_JaffaCakes118
Size

208KB
MD5

20d68dbd2e8aad57e0bfe55946db3ad2
SHA1

22e35cce8779f00bfcd08254242daddcc4a96a49
SHA256

097d26fafbf4f49ffeef253315ef2e9f6a85863aa5044c5391aedc3452361139
SHA512

59fdd76c9051e8f0e4e4b14d0c04729855422465326ab163665d31746009be8762f3b7a1b7c7a245778ba7f41fe73a5eaaef9ec3dfaaf87c2b9ab7a878b6fb8c
SSDEEP

6144:nJFI7E7tTGCUHqxoc4WjUuM+p45jm/9e+tu9C:nJq7GJGCUKxOFuM+p4lm/M+tu9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20d68dbd2e8aad57e0bfe55946db3ad2_JaffaCakes118

Files

20d68dbd2e8aad57e0bfe55946db3ad2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

26026345020c7d29ccaf7e304e9c85bf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\elec\Fyh\Evagoca\anupipy\yvajak\Rodibiz\Wofilub.pdb

Imports

dbghelp

SymEnumerateSymbolsW64
SymUnloadModule
SymUnloadModule64
SymSetSearchPath
SymSetOptions
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymMatchString
SymMatchFileName
SymLoadModule
SymGetTypeInfo
EnumerateLoadedModules64
EnumerateLoadedModules
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
SearchTreeForFile
StackWalk
SymCleanup
SymEnumSymbols
SymEnumTypes
SymEnumerateSymbols64
UnmapDebugInformation
SymEnumerateSymbolsW
SymFunctionTableAccess
SymGetLineFromAddr
SymGetLineFromName64
SymGetLineFromName
SymGetLineNext64
SymGetLineNext
SymGetModuleInfo64
SymGetModuleInfo
SymGetModuleInfoW64
SymGetModuleInfoW
SymGetOptions
SymGetSearchPath
SymGetSymFromAddr
SymGetSymFromName64
SymGetSymFromName
SymGetSymPrev

imagehlp

UpdateDebugInfoFileEx
UnMapAndLoad
ReBaseImage
MapFileAndCheckSumA
MapAndLoad
ImageLoad
ImageGetDigestStream
BindImageEx

loadperf

LoadPerfCounterTextStringsA

kernel32

DeleteFileA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
GetCPInfo
GetOEMCP
GetACP
IsBadWritePtr
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
GetCurrentProcess
TerminateProcess
GetProcAddress
ExitProcess
GetVersionExA
GetCommandLineA
GetModuleHandleA
CreateEventA
PulseEvent
GetEnvironmentVariableA
GetProfileStringW
VirtualAlloc
VirtualFree
ResetEvent
CopyFileA
CreateDirectoryA
HeapCreate
HeapAlloc
HeapFree
CreateFileA
GetLocalTime
HeapReAlloc
HeapValidate
LoadLibraryA
Sleep
CreateProcessA
CloseHandle
GetStartupInfoA
GetTickCount
SetEvent
WaitForSingleObject

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

26026345020c7d29ccaf7e304e9c85bf

Headers

File Characteristics

PDB Paths

Imports

dbghelp

imagehlp

loadperf

kernel32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 108KB - Virtual size: 104KB

.data Size: 48KB - Virtual size: 570KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 108KB - Virtual size: 104KB

.data
Size: 48KB - Virtual size: 570KB

.reloc
Size: 8KB - Virtual size: 6KB