38b6ecad10cb90fdc3c58a2c4de436b6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

38b6ecad10cb90fdc3c58a2c4de436b6_JaffaCakes118
Size

124KB
MD5

38b6ecad10cb90fdc3c58a2c4de436b6
SHA1

f88cb258cab3c054d2e017eebdcbb81d5d34e69b
SHA256

445b8d87228b348888ae4e270d08a9606f76088bd6d67b333e708cccf71c7a2f
SHA512

c4bca020443b13bf932c9d97a7f0fa95bd2675aec57e25be424efd9afad50f328f8f6a5add8af44a03a88312fd058da91f3f71b4b91da837da10fb0a7e2ee691
SSDEEP

1536:Oh3qtBeo5YDoWnlHFAo6t4BoJHqbXUBwInXhDIcxIuwIxw0CCAk:N2zlHFJ24BabKSRIcxIu1xhuk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
38b6ecad10cb90fdc3c58a2c4de436b6_JaffaCakes118

Files

38b6ecad10cb90fdc3c58a2c4de436b6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ca6e64116abfcc5425028ed5495a26a5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ksproxy.ax

KsSynchronousDeviceControl

kernel32

CreateProcessA
UnmapViewOfFile
MapViewOfFile
Sleep
GetWindowsDirectoryA
CreateFileMappingA
CloseHandle
GetLastError
CreateMutexA
GetStringTypeW
GetStringTypeA
SetFilePointer
HeapSize
InterlockedExchange
GetCPInfo
GetOEMCP
GetACP
LoadLibraryA
VirtualQuery
GetSystemInfo
VirtualProtect
LCMapStringA
LCMapStringW
GetCommandLineA
MultiByteToWideChar
FlushFileBuffers
SetStdHandle
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
RtlUnwind
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoA
GetLocaleInfoA
GetVersionExA
HeapFree
HeapAlloc
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr

user32

RegisterDeviceNotificationA
UnregisterDeviceNotification
CreateWindowExA
DefWindowProcA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterClassExA
KillTimer
PostQuitMessage
SetTimer

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

ole32

CreateBindCtx
CoUninitialize
CoGetMalloc
CoCreateInstance
MkParseDisplayName
CoInitialize

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.prdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ca6e64116abfcc5425028ed5495a26a5

Headers

File Characteristics

Imports

ksproxy.ax

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 12KB - Virtual size: 11KB

.prdata Size: 68KB - Virtual size: 68KB

.text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 12KB - Virtual size: 11KB

.prdata
Size: 68KB - Virtual size: 68KB