26cb2b24ce82f6fc47eab30d74aaaf35_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

26cb2b24ce82f6fc47eab30d74aaaf35_JaffaCakes118
Size

90KB
MD5

26cb2b24ce82f6fc47eab30d74aaaf35
SHA1

657600977f87677bdafd083acef9a9d82392fd58
SHA256

eae413612b64210c38149529b2c9f0b545f40fe632105b28c9beba5dfb2fa316
SHA512

8bdf75a78e35f651cfe2593a9d2eb6a1914efc5f0bdda222ef3c3447a199d985eb38ed69c36d45912a2c7291c440646bcaf4e29f612f94c2f77150f4df463831
SSDEEP

1536:6ntNGX4As6Dd4v1jP0tAjFa35BTsuFsiFS5w0vnmCmAx60iW:WNGXrNDdfAjk35BAKsqS5Vn+Y60iW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
26cb2b24ce82f6fc47eab30d74aaaf35_JaffaCakes118

Files

26cb2b24ce82f6fc47eab30d74aaaf35_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b088e68ff02f60963ed13fdd1842697b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

mhaster.pdb

Imports

kernel32

FreeEnvironmentStringsA
LeaveCriticalSection
SetLastError
GetCurrentThreadId
ConnectNamedPipe
WaitForMultipleObjects
HeapAlloc
LCMapStringA
IsBadReadPtr
GetVersionExA
InitializeCriticalSection
ResetEvent
lstrcatW
HeapFree
GetSystemInfo
DeleteCriticalSection
WaitForSingleObject
DuplicateHandle
GetStdHandle
EnterCriticalSection
GetLocaleInfoA
LoadLibraryA
GetLastError
GetCPInfo
IsBadCodePtr
CreateTimerQueueTimer
GetOEMCP
WriteFile
GetModuleHandleA
SetUnhandledExceptionFilter
QueryPerformanceCounter
UnhandledExceptionFilter
GetStartupInfoA
GetEnvironmentStringsW
CreateNamedPipeA
GetACP
OpenProcess
SetEvent
ReleaseMutex
GetCurrentProcessId
GetSystemTimeAsFileTime
InterlockedExchangeAdd
WideCharToMultiByte
GetTickCount
UnmapViewOfFile
RtlUnwind
FreeEnvironmentStringsW
InterlockedExchange
MultiByteToWideChar
HeapDestroy
GetEnvironmentStrings
GetFileType
InterlockedCompareExchange
IsBadWritePtr
lstrcpyW
InterlockedDecrement
CreateMutexW
GetModuleFileNameA
LCMapStringW
GetBinaryTypeA
DisconnectNamedPipe
TerminateProcess
CreateEventA
DeleteTimerQueueTimer

user32

wsprintfW
LoadIconA
DrawIcon
CreateIconFromResource

advapi32

InitializeSecurityDescriptor
GetUserNameA
SetSecurityDescriptorDacl

msvcrt

_stricmp
_wtoi
_wcsnset
fflush
vwprintf
_strnicmp
memset
towupper
wcstol
wcsstr
_ltow
wcscmp
printf
wcstod
strtok
wprintf
calloc
memcpy
wcscpy
wcslen
realloc
fprintf
wcscat
fgetws
wcsncmp
malloc
memmove
wcschr
isdigit
swprintf
scanf
free
wcstok
exit

Exports

Exports

wefdjpx

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b088e68ff02f60963ed13fdd1842697b

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 60KB - Virtual size: 59KB

.data Size: 18KB - Virtual size: 47KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 1024B - Virtual size: 764B

.text
Size: 60KB - Virtual size: 59KB

.data
Size: 18KB - Virtual size: 47KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 1024B - Virtual size: 764B