25c85f287e04d49216a49bc2486ccd9a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

25c85f287e04d49216a49bc2486ccd9a_JaffaCakes118
Size

83KB
MD5

25c85f287e04d49216a49bc2486ccd9a
SHA1

b7fb1eb06bfc6f6c617008abf769920f0a37edb6
SHA256

99523d0a169d94196a8cc61ee8844a455d376e8ab75cf00e8cb82fcd06009686
SHA512

9c1c1f97548f187082f3fa7c47f8114f68ac3799921af9b0bd2fac33990fd436ddc751a766eb0b6d18709c5dbebaa328c328a8423613638c9a721882540d6966
SSDEEP

1536:aRKCX1yAqESLWuGj4y46XXBu0swbF2ZZ:TCEAqEpSyXbB2ZZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
25c85f287e04d49216a49bc2486ccd9a_JaffaCakes118

Files

25c85f287e04d49216a49bc2486ccd9a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7fbf78f62307fa460f6f8d2e28b84c90

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DeregisterEventSource
RegisterEventSourceA
RegCloseKey
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
ReportEventA
RegQueryValueExA

winmm

auxSetVolume

kernel32

HeapAlloc
MapViewOfFile
ResetEvent
DebugBreak
TlsSetValue
QueryPerformanceCounter
OutputDebugStringA
GlobalAlloc
GetSystemDefaultLangID
IsProcessorFeaturePresent
VirtualQuery
CreateFileMappingA
GetDiskFreeSpaceA
EnterCriticalSection
ReadFile
FindNextFileA
CreateSemaphoreA
GetDriveTypeA
SetEvent
GetCurrentProcessId
WriteFile
FlushFileBuffers
GetSystemInfo
RemoveDirectoryA
UnhandledExceptionFilter
SetEndOfFile
TlsFree
GetModuleHandleA
WaitForSingleObject
QueryPerformanceFrequency
GetExitCodeThread
SetThreadPriority
IsValidLocale
ReadFileEx
CreateDirectoryA
UnmapViewOfFile
GetCurrentProcess
GetCurrentThread
GlobalFree
CreateEventA
LCMapStringW
ReleaseSemaphore
InterlockedIncrement
GetCurrentThreadId
HeapCreate
GetOverlappedResult
GetProcAddress
GetLocalTime
GetUserDefaultLangID
lstrcmpA
DeleteFileA
LoadLibraryA
WriteFileEx
GlobalMemoryStatus
CreateThread
TlsAlloc
ReadProcessMemory
GetLastError
MoveFileA
CreateFileA
HeapFree
Sleep
GetVersionExA
lstrcpyA
ReleaseMutex
GetFileAttributesA
FreeLibrary
GetProcessHeap
GetFileSize
lstrlenA
TerminateProcess
LeaveCriticalSection
TlsGetValue
FindClose
SleepEx
FindFirstFileA
VirtualFree
WaitForMultipleObjectsEx
GetModuleFileNameA
InitializeCriticalSection
CloseHandle
CopyFileA
HeapDestroy
ExpandEnvironmentStringsA
VirtualAlloc
DeleteCriticalSection
WaitForSingleObjectEx
SetFilePointer
CreateMutexA
GetTickCount

lz32

LZClose

msvcrt

strchr
_vsnprintf
_ultoa
_itoa
wcslen
_strnicmp
_purecall
free
sprintf
vsprintf
atol
_iob
strtok
strncpy
fclose
_stricmp
_splitpath
_fullpath
_ltoa
swprintf
fflush
_ftol
_except_handler3
_adjust_fdiv
toupper
_onexit
_initterm
fprintf
strtoul
malloc
memmove
fopen
vprintf
_strupr
_snprintf
_makepath
isprint
time
rand
__dllonexit
strpbrk
printf

Sections

.textbss
Size: 77KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fbf78f62307fa460f6f8d2e28b84c90

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

winmm

kernel32

lz32

msvcrt

Sections

.textbss Size: 77KB - Virtual size: 1.2MB

.text Size: 512B - Virtual size: 420B

.idata Size: 4KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 28B

.textbss
Size: 77KB - Virtual size: 1.2MB

.text
Size: 512B - Virtual size: 420B

.idata
Size: 4KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 28B