477543cf2a46c3ba4717106acec212d5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

477543cf2a46c3ba4717106acec212d5_JaffaCakes118
Size

227KB
MD5

477543cf2a46c3ba4717106acec212d5
SHA1

c8ac05a1413eaa8a85bc321886060ca9fe4273a5
SHA256

9c61a5a9ee42020d87d80a0591b1a7220d8f3552b5f553812a303b64b6c26452
SHA512

116b8747436ab96e28d21340903f5adb59770bb97deb026df524a1edde3816a9cbe2ff2799c7709e85eac11a7dcb3c3122c21858874b47f2d176d0c214a70dee
SSDEEP

6144:CHfM+oQ1Bv76X/lmXn2gkbUiLlzgBpPSYQktQwv:C001Bv7o4X7kjLVmlSYX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
477543cf2a46c3ba4717106acec212d5_JaffaCakes118

Files

477543cf2a46c3ba4717106acec212d5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

ea59a8788d75a2c973204fa5f39aedf6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
GetProcAddress
VirtualQuery
VirtualProtect
Thread32Next
OpenThread
GetCurrentProcessId
CloseHandle
Thread32First
CreateToolhelp32Snapshot
AddVectoredExceptionHandler
SetUnhandledExceptionFilter
lstrcmpiA
ReadFile
GetFileSize
CreateFileA
CreateThread
GetModuleFileNameA
IsBadStringPtrA
Sleep
GetTickCount
Process32Next
Process32First
CreateRemoteThread
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
WriteFile
SetEndOfFile
SetFilePointer
RtlUnwind
RaiseException
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetVersionExA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
HeapFree
HeapAlloc
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
TerminateProcess
GetCurrentProcess
HeapSize
QueryPerformanceCounter
GetSystemTimeAsFileTime
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
UnhandledExceptionFilter
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetCPInfo
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
InitializeCriticalSection
InterlockedExchange
LoadLibraryA
SetStdHandle
FlushFileBuffers
GetSystemInfo

user32

MessageBoxA
wsprintfA
GetAsyncKeyState

shlwapi

PathStripPathA

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ea59a8788d75a2c973204fa5f39aedf6

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 157KB - Virtual size: 165KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 157KB - Virtual size: 165KB

.reloc
Size: 6KB - Virtual size: 5KB