5f8717a10234624b4c463a76329c1d2a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5f8717a10234624b4c463a76329c1d2a_JaffaCakes118
Size

284KB
MD5

5f8717a10234624b4c463a76329c1d2a
SHA1

d3c8e0a84d898a4e388d5ab6af7d69eeec451e99
SHA256

5aa474fad7354527f40a43af2327a06830b708922e1103509b9a9acebe2637f2
SHA512

13cff292d982e44fbdc93f69858838d378ce570c1a73902fe7552cbedf95123e6558fbe2be718de0d386728572f70b1d840ca6233be61b4edccf33972c2a993c
SSDEEP

6144:bPNMmEsNFW0pbJPg5rpeemhG58vrTclEwLDCE2YK3/5LWt:RMmEQtUrAPhB7wH32V5qt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f8717a10234624b4c463a76329c1d2a_JaffaCakes118

Files

5f8717a10234624b4c463a76329c1d2a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a3a2f9264597b8b0372393c73872e709

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
lstrlenA
SetEvent
LocalAlloc
GetModuleFileNameA
GetCurrentThread
GetComputerNameA
Sleep
GlobalAlloc
GetVersionExA
GetEnvironmentStrings
GetModuleHandleW
VirtualAlloc
CompareStringW
CompareStringA
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
GetProcAddress
LoadLibraryA
SetConsoleCtrlHandler
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
SetEnvironmentVariableA

secur32

QueryContextAttributesW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 216KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3a2f9264597b8b0372393c73872e709

Headers

File Characteristics

Imports

kernel32

secur32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 216KB - Virtual size: 250KB

BSS Size: 4KB - Virtual size: 988B

.rsrc Size: 4KB - Virtual size: 144B

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 216KB - Virtual size: 250KB

BSS
Size: 4KB - Virtual size: 988B

.rsrc
Size: 4KB - Virtual size: 144B