5c8e421afa3ffc12f26175579aa84f57_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5c8e421afa3ffc12f26175579aa84f57_JaffaCakes118
Size

305KB
MD5

5c8e421afa3ffc12f26175579aa84f57
SHA1

20055ccfd3e0917a0f72c7efdcf00c4edc181a78
SHA256

bea72b64ec14cad20bda906108090062bd8cd517c0b140454394a36e0e790231
SHA512

db83959a6bd97d38040ee723380a6e6841c63d25ba02332606f404a9d48e320373aed5876eba95e3cbde79995bd404e44b7b3cb94cab0dfc79055228e1fe4401
SSDEEP

6144:oV1rhrT6XFwPMviz0BinT1G1frl1dnIcXHky71NkQGNsHAM2ckW:oVDru6MvizM2GJlbLky71NzGi/2ck

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c8e421afa3ffc12f26175579aa84f57_JaffaCakes118

Files

5c8e421afa3ffc12f26175579aa84f57_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c55c63b72d53ef24d858756c10fe13c6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

memmove
NtDuplicateObject
NtClose
RtlNewSecurityObject
ZwClose
RtlReleasePebLock
NtQueryVolumeInformationFile
NtCompleteConnectPort
NtPowerInformation
RtlImageNtHeader
iswctype
RtlCreateEnvironment

activeds

ord25
ord12
ord21
ord5
ord22
ord3
ord6
ord26
ord27
ord18
ord20
ord7
ord13
ord16
ord17

kernel32

ExitProcess
GetCommTimeouts
DeleteTimerQueue
CreateTimerQueue
FormatMessageW
lstrcmpiA
LCMapStringA
VirtualAlloc
Module32FirstW
GetFileTime
GetDateFormatA
GlobalFree
CopyFileA
GetVersion

msjet40

ord302
ord110
ord148
ord155
ord172
ord113
ord912
ord195
ord112
ord158
ord146
ord106
ord132
ord803
ord187
ord176
ord316
ord171
ord906
ord804

msvcrt

rand
asctime
sinh
strstr
fprintf
__p__commode
_purecall
_putch
tolower
__crtLCMapStringA
__p__fmode
wcsstr
fscanf
_fstati64
ferror
iswascii
_exit
_rotl

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.textbs
Size: 74KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 85KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 55KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 62KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c55c63b72d53ef24d858756c10fe13c6

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

activeds

kernel32

msjet40

msvcrt

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 512B - Virtual size: 19KB

.textbs Size: 74KB - Virtual size: 127KB

.data Size: 85KB - Virtual size: 137KB

DATA Size: 55KB - Virtual size: 104KB

.CRT Size: 62KB - Virtual size: 111KB

.rsrc Size: 19KB - Virtual size: 18KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 512B - Virtual size: 19KB

.textbs
Size: 74KB - Virtual size: 127KB

.data
Size: 85KB - Virtual size: 137KB

DATA
Size: 55KB - Virtual size: 104KB

.CRT
Size: 62KB - Virtual size: 111KB

.rsrc
Size: 19KB - Virtual size: 18KB