6415055c445df1dc5ee5e2be2af10d91_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6415055c445df1dc5ee5e2be2af10d91_JaffaCakes118
Size

459KB
MD5

6415055c445df1dc5ee5e2be2af10d91
SHA1

eac963459807fc5685de0abfa003e6f1310a8037
SHA256

50eca88351b6829dccc86164d66f86e4f5589fdcddb5a09c0212e11f845591c2
SHA512

515c8c187e8baf9c3e22ab50a7f0d3184ae735230ceed10df33096bd17bce53e9b9703841104d2973d1590a0aa07797e3f488569a407afb7a6ce5d092568f5e9
SSDEEP

12288:eJDglg4bc3z92hnRXZI62sIqlqr6cZM9:6D+tI3z92hRpItsIfr3o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6415055c445df1dc5ee5e2be2af10d91_JaffaCakes118

Files

6415055c445df1dc5ee5e2be2af10d91_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3d0b9f93b1ae0e7f33a2644fcd628c71

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
SetEvent
CompareFileTime
GetCurrentThread
InitializeCriticalSectionAndSpinCount
GetFileSize
ReadFile
CreateFileW
WriteFile
CompareStringA
CloseHandle
CopyFileW
lstrlenW
CompareStringW
DebugBreak
DeleteFileW
UnregisterWaitEx
FormatMessageA
OutputDebugStringA
GetFileAttributesExW
FreeLibrary
GetProcAddress
LoadLibraryW
ExpandEnvironmentStringsW
GetCurrentProcess
InterlockedExchange
Sleep
InterlockedCompareExchange
GetCurrentThreadId
FlushFileBuffers
GlobalAlloc
GetStdHandle
LocalFree
LocalAlloc
SwitchToThread
VirtualProtect
LocalReAlloc
GetCommandLineA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
GetSystemInfo
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapSize
HeapAlloc
HeapFree
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
VirtualQuery
ExitProcess
TerminateProcess
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

rpcrt4

RpcStringFreeW
RpcBindingVectorFree
RpcStringBindingParseW
RpcBindingToStringBindingW
RpcServerInqBindings
RpcRevertToSelf
RpcServerRegisterIfEx
RpcServerRegisterAuthInfoW
RpcServerUseProtseqEpW
RpcServerUseProtseqW
RpcEpRegisterW

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 360KB - Virtual size: 716KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d0b9f93b1ae0e7f33a2644fcd628c71

Headers

File Characteristics

Imports

kernel32

advapi32

rpcrt4

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 360KB - Virtual size: 716KB

.rsrc Size: 20KB - Virtual size: 20KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 360KB - Virtual size: 716KB

.rsrc
Size: 20KB - Virtual size: 20KB