606a2154d708716078d02e6a63a26ab7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

606a2154d708716078d02e6a63a26ab7_JaffaCakes118
Size

124KB
MD5

606a2154d708716078d02e6a63a26ab7
SHA1

02a9b29f8a5413e625bf3aaf49779fc8d255e282
SHA256

dd53f27eec37098dd4fa76f58fd7ed645cc3dadb34a72736d3f9c82cd48a0bac
SHA512

0ac63db266c4447e245a3035ca72fa54f30dd91803ce840f03b54037028e86a0296980f83a08c70c2346005204e01a134050fbb7ed0176ac3512af77d81e1720
SSDEEP

3072:QQRR88LPRVSIVfwUidjgQzjzoFl2MqqDLy/B7wXGB4Kdrp:G8LHclgQHQqqDLuB7wsDT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
606a2154d708716078d02e6a63a26ab7_JaffaCakes118

Files

606a2154d708716078d02e6a63a26ab7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

f62df4af1a4eacc0af7e2ee0981c0888

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
InterlockedExchange
InterlockedCompareExchange
lstrlenW
FindResourceW
LockResource
LoadResource
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
OutputDebugStringA
LoadLibraryW
FormatMessageW
GetCurrentProcess
GetStartupInfoW
WideCharToMultiByte
CloseHandle
WaitForSingleObject
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
VirtualProtect
GetCommandLineW
LocalFree
LocalAlloc
GetCommandLineA
CompareFileTime
HeapReAlloc
VirtualAlloc
GetCPInfo
GetOEMCP
GetACP
RtlUnwind
GetVersionExA
VirtualQuery
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
WriteFile
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
HeapAlloc
GetSystemInfo

user32

wsprintfW
TranslateMessage
SetDlgItemTextW
GetMessageW
DialogBoxParamW
LoadStringW
DispatchMessageW

advapi32

ReportEventW
OpenThreadToken
DuplicateToken
OpenProcessToken
DeregisterEventSource
GetTokenInformation
RegisterEventSourceW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW

ole32

CoUninitialize
CoCreateInstance

rpcrt4

RpcStringFreeW

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f62df4af1a4eacc0af7e2ee0981c0888

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

rpcrt4

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 48KB - Virtual size: 91KB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 48KB - Virtual size: 91KB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 3KB