2d36daba8ea4638401f45dd32f142e81_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d36daba8ea4638401f45dd32f142e81_JaffaCakes118
Size

50KB
MD5

2d36daba8ea4638401f45dd32f142e81
SHA1

512f8750911ac3b49a9629446d81c09692e194f9
SHA256

9584ff82754ba6f4fd6a314db634c25c2cb2ed18a6f0c42e3028d30be9ba0c11
SHA512

ba3e85b35a8e1913038330e0d76596e63d1448522d36c257af5c29104f2a1f89a6808b6ef18a059c83d452d277db8ce689b6ae20e00d4a31b519277ccefd678b
SSDEEP

768:UQByYjY4V3kT9DdEbTs7ZNV4T0mVR9wrslqP/JZSVQyvu+IZ7ptMaC1s15DUO33b:rBFnJ09iOfV80MqP/W92HC2VnNHnf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d36daba8ea4638401f45dd32f142e81_JaffaCakes118

Files

2d36daba8ea4638401f45dd32f142e81_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fbf7221d81bd5afe13ae074b76cec353

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

InitializeSecurityDescriptor
ReportEventA
RegSetValueExA
RegDeleteKeyA
RegisterEventSourceA
RegCloseKey
SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryValueExA
DeregisterEventSource
RegCreateKeyExA
RegDeleteValueA

kernel32

InterlockedIncrement
HeapDestroy
GetFileSize
ExpandEnvironmentStringsA
GlobalAlloc
ResetEvent
GetCurrentThreadId
GlobalFree
GetExitCodeThread
SetEvent
CreateFileA
MapViewOfFile
CreateSemaphoreA
GetProcAddress
GetUserDefaultLangID
GetOverlappedResult
lstrcmpA
TlsAlloc
CopyFileA
CreateThread
InitializeCriticalSection
CloseHandle
GetDriveTypeA
LoadLibraryA
MoveFileA
OutputDebugStringA
FindFirstFileA
GetTickCount
TerminateProcess
FindNextFileA
WaitForMultipleObjectsEx
GetCurrentProcessId
HeapFree
LeaveCriticalSection
EnterCriticalSection
GetSystemDefaultLangID
HeapCreate
WaitForSingleObject
CreateFileMappingA
GetSystemInfo
lstrlenA
SetThreadPriority
FlushFileBuffers
RemoveDirectoryA
LCMapStringW
SleepEx
DeleteFileA
QueryPerformanceCounter
ReleaseMutex
GetCurrentThread
GetVersionExA
WriteFile
GetFileAttributesA
Sleep
IsValidLocale
FindClose
QueryPerformanceFrequency
VirtualQuery
GlobalMemoryStatus
DeleteCriticalSection
TlsSetValue
ReleaseSemaphore
WaitForSingleObjectEx
CreateMutexA
ReadFile
VirtualFree
UnmapViewOfFile
GetLastError
IsProcessorFeaturePresent
GetDiskFreeSpaceA
lstrcpyA
HeapAlloc
CreateDirectoryA
GetCurrentProcess
CreateEventA
GetModuleHandleA
TlsGetValue
TlsFree
VirtualAlloc
GetModuleFileNameA
SetFilePointer
ReadProcessMemory
ReadFileEx
SetEndOfFile
DebugBreak
WriteFileEx
GetProcessHeap
GetLocalTime
FreeLibrary
UnhandledExceptionFilter

msvcrt

isprint
_splitpath
malloc
_makepath
strchr
_strnicmp
_iob
_snprintf
rand
_vsnprintf
time
_stricmp
fopen
toupper
vprintf
_fullpath
strpbrk
memmove
_ltoa
fclose
_ftol
printf
_itoa
free
swprintf
_except_handler3
wcslen
strncpy
vsprintf
__dllonexit
_initterm
strtok
strtoul
atol
sprintf
_strupr
_adjust_fdiv
fprintf
_purecall
_ultoa
fflush
_onexit

winmm

auxSetVolume

lz32

LZClose

Sections

.textbss
Size: 43KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 416B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbf7221d81bd5afe13ae074b76cec353

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

winmm

lz32

Sections

.textbss Size: 43KB - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 416B

.idata Size: 4KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 4B

.textbss
Size: 43KB - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 416B

.idata
Size: 4KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 4B