46a6154009d39b8e2161ccb0ad0356c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46a6154009d39b8e2161ccb0ad0356c8_JaffaCakes118
Size

330KB
MD5

46a6154009d39b8e2161ccb0ad0356c8
SHA1

dee163beae35fab8bdb947c87f5a9a6e0248d968
SHA256

9ae13b67dfff3cd6aa973fc03cf8bcefb03aeca73b44c7c09450d3057a8395d4
SHA512

9d4a2995901432f9e8c3e7d470db8757caa0f968890c02440a9de959723960019fac871b81cd20b9ca295cc061312e1785e7f944d81a760dcd024ee33c302a9b
SSDEEP

6144:L9rx93iumc1OP8BvU1SD4LNkol3xsC+DE081vFUpizUR7+CT1py0w2NoF7EQEJJx:L9Fouv5BAScGgIpYUp0GKCO09oFTEJJ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46a6154009d39b8e2161ccb0ad0356c8_JaffaCakes118

Files

46a6154009d39b8e2161ccb0ad0356c8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

87e16cd38ab5651bd36ed477d5a6a2bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetLastError
lstrlenW
GetCurrentDirectoryA
CloseHandle
SwitchToThread
WaitForSingleObject
SetEvent
CreateEventW
ResumeThread
GetProcAddress
RaiseException
InitializeCriticalSection
DeleteCriticalSection
TlsAlloc
TlsFree
LoadLibraryW
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
SetThreadLocale
GetThreadLocale
GetSystemDefaultLCID
lstrcmpiW
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
GetSystemTimeAsFileTime
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetCurrentThreadId
OutputDebugStringW
FreeLibrary
SetCurrentDirectoryW
GetModuleFileNameW
GetCurrentDirectoryW
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange

user32

CharNextW
UnregisterClassA

advapi32

RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExW

rpcrt4

CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrOleFree
NdrOleAllocate
IUnknown_Release_Proxy
CStdStubBuffer_Connect
IUnknown_QueryInterface_Proxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease
IUnknown_AddRef_Proxy

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

odbc32

SQLFreeConnect

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.init
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 809KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87e16cd38ab5651bd36ed477d5a6a2bd

Headers

File Characteristics

Imports

kernel32

user32

advapi32

rpcrt4

ole32

odbc32

Sections

.text Size: 172KB - Virtual size: 171KB

.init Size: 3KB - Virtual size: 2KB

.data Size: 67KB - Virtual size: 809KB

.rsrc Size: 87KB - Virtual size: 87KB

.text
Size: 172KB - Virtual size: 171KB

.init
Size: 3KB - Virtual size: 2KB

.data
Size: 67KB - Virtual size: 809KB

.rsrc
Size: 87KB - Virtual size: 87KB