6fa912ac034a453fc0df9bd09c0c3e85_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6fa912ac034a453fc0df9bd09c0c3e85_JaffaCakes118
Size

23KB
MD5

6fa912ac034a453fc0df9bd09c0c3e85
SHA1

1caf36d1bf970d7c4239612dd364c842e2c79c13
SHA256

2d6caad528ec803486c5ce6cc020b2a46668e59228428f97bb659974ee48c7a7
SHA512

f4f51dd03e812e4622bf34b48c8f59d6231a80b642d6fe07465e120199f12ddb6724ed18d36e99e6de5476b4cdd77eaea146ecb3be6badaede0c10f7b0ebacc9
SSDEEP

384:vGHB1rVCUxYl8+TbUcrFgsZ+p8UQVPgRW7ROxj9F+bG6OF1:vs5CrlVbNlkp8UQVPgE7sB8G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fa912ac034a453fc0df9bd09c0c3e85_JaffaCakes118

Files

6fa912ac034a453fc0df9bd09c0c3e85_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9700f859580aa3c40e97583eff0114ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

apphelp

ApphelpQueryModuleData
ApphelpCheckRunApp

kernel32

VirtualAlloc
GetSystemInfo
TerminateProcess
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
GetCurrentThreadId
GetLastError
QueryPerformanceCounter
UnhandledExceptionFilter
OutputDebugStringA
GetCurrentProcess
DisableThreadLibraryCalls
SetUnhandledExceptionFilter

advapi32

RegisterEventSourceW
ReportEventW
SetServiceStatus
DeregisterEventSource
RegisterServiceCtrlHandlerExW

atl

AtlMarshalPtrInProc

ntdll

NtCreatePort
NtResumeThread
NtSetInformationThread
RtlRegisterWait
NtOpenThread
NtWriteRequestData
NtCreateEvent
RtlFreeHeap
NtWaitForMultipleObjects
RtlAllocateHeap
NtReplyWaitReceivePort
NtTerminateThread
RtlLengthSid
NtQuerySystemInformation
NtSetEvent
NtAddAtom
RtlCreateAcl
RtlInitializeSid
NtOpenProcess
RtlExitUserThread
NtOpenKey
NtDelayExecution
RtlAddAccessAllowedAce
NtImpersonateThread
NtRequestWaitReplyPort
NtQueryVirtualMemory
RtlSetDaclSecurityDescriptor
RtlInitUnicodeString
_vsnprintf
NtClose
RtlUnwind
NtQueryValueKey
RtlInitializeCriticalSection
RtlAllocateAndInitializeSid
RtlCreateHeap
RtlEnterCriticalSection
NtDuplicateObject
NtAcceptConnectPort
RtlLeaveCriticalSection
RtlSubAuthoritySid
NtReadRequestData
RtlCreateUserThread
RtlCreateSecurityDescriptor
NtResetEvent
NtCompleteConnectPort
RtlDeleteCriticalSection
RtlLengthRequiredSid
RtlDestroyHeap
NtReplyPort

Sections

.textbss
Size: - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9700f859580aa3c40e97583eff0114ac

Headers

DLL Characteristics

File Characteristics

Imports

apphelp

kernel32

advapi32

atl

ntdll

Sections

.textbss Size: - Virtual size: 80KB

.text Size: 512B - Virtual size: 424B

.rdata Size: 512B - Virtual size: 32B

.idata Size: 21KB - Virtual size: 20KB

.data Size: 512B - Virtual size: 76KB

.textbss
Size: - Virtual size: 80KB

.text
Size: 512B - Virtual size: 424B

.rdata
Size: 512B - Virtual size: 32B

.idata
Size: 21KB - Virtual size: 20KB

.data
Size: 512B - Virtual size: 76KB