317f047c677de2a06249b281f8f8f0be_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

317f047c677de2a06249b281f8f8f0be_JaffaCakes118
Size

324KB
MD5

317f047c677de2a06249b281f8f8f0be
SHA1

1e82ead6dc6c020007131fd8ad93d162f26a4751
SHA256

35c7369074d3bc6aaffdead3e8d1fda074b0d8bcfd3acb0894c8eee188165ff4
SHA512

df38c2c374b98984e4af5fa4fb35402d37d1643c37f836c12166fa0fb697603ccf6a1fe5fcaad23f82f08aa68ffb1f356854e2d4772149a72390992a109c4e7e
SSDEEP

6144:6qH8tuzvtrxOyF0oUD8ZZz230gOEXNBFsmyXN91D0JQ/Bhr8cYwz9ozH+n:6C0mv7FrUD8ZV2EgOGvzyd9pzhZhoH+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
317f047c677de2a06249b281f8f8f0be_JaffaCakes118

Files

317f047c677de2a06249b281f8f8f0be_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b99ddb79242f7c82cdf16f6f40475efe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc

ntdll

RtlAdjustPrivilege
NtAllocateVirtualMemory
RtlAddAccessAllowedAce

oleaut32

VariantClear

kernel32

LeaveCriticalSection
GetLastError
FindResourceW
lstrcatW
InterlockedIncrement
DisableThreadLibraryCalls
MultiByteToWideChar
GetStartupInfoA
LoadResource
HeapDestroy
SizeofResource
GetModuleFileNameW
FreeLibrary
EnterCriticalSection
lstrcpyW
lstrcpynW
LoadLibraryExW
lstrlenA
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
lstrlenW

rpcrt4

RpcStringFreeW

user32

CharNextW

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW

msvcrt

_purecall
realloc
malloc
free
__CxxFrameHandler
wcslen
wcsncpy
wcscpy
wcsncat
_adjust_fdiv
_initterm
_except_handler3

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 298KB - Virtual size: 298KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b99ddb79242f7c82cdf16f6f40475efe

Headers

DLL Characteristics

File Characteristics

Imports

ole32

ntdll

oleaut32

kernel32

rpcrt4

user32

advapi32

msvcrt

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 1.4MB

.rdata Size: 298KB - Virtual size: 298KB

.tls Size: 512B - Virtual size: 4KB

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 1.4MB

.rdata
Size: 298KB - Virtual size: 298KB

.tls
Size: 512B - Virtual size: 4KB