76126a037fe492fb26cdb02d519854b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

76126a037fe492fb26cdb02d519854b9_JaffaCakes118
Size

184KB
MD5

76126a037fe492fb26cdb02d519854b9
SHA1

e3bbfb78b95ce87df09612fa96bfd2ef71dcade8
SHA256

4487974e3b1353083de645cb10536706d4478ba0998adc65f4b4f62d52220a50
SHA512

448dc09eaa4e9cea8bdc87a65fab2cb95c4e41d30ad08b529c50e53c667c2082c244cd2b4eaa829c95ebf4df1b3d7517c68ea96a1d43f309d3a9492e03f5468f
SSDEEP

3072:UxTmwtvJCT+6l3o19DGuYDG1HiwaOPADbGx6JbB0lGZQyGZIehClJns:UxTmwNJsKnDGpKoh595B9ZsZXhE9s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
76126a037fe492fb26cdb02d519854b9_JaffaCakes118

Files

76126a037fe492fb26cdb02d519854b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7e31285eb1db95529c06c4f1edda1e3f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ihiko\Wiv\apazik\Nixes\Ramuw\Vir\Koh\ikaga.pdb

Imports

ole32

CoInitialize
CoRevokeClassObject
OleInitialize
OleSetContainedObject

hlink

ord24
ord31
ord26
ord23
ord29

msdmo

MoCopyMediaType
DMOGetTypes
MoFreeMediaType
MoCreateMediaType
DMOUnregister
DMORegister

ntdsapi

DsReplicaDelA
DsReplicaConsistencyCheck
DsReplicaAddA
DsRemoveDsServerA
DsRemoveDsDomainA
DsQuoteRdnValueA
DsIsMangledDnA
DsInheritSecurityIdentityA
DsBindWithCredA
DsCrackNamesA
DsFreeNameResultA
DsUnquoteRdnValueA

oleaut32

SysStringLen
SysFreeString
SysReAllocStringLen
SysAllocStringLen
SysReAllocString
SysAllocString
VariantInit

kernel32

GetVersionExA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
GetCPInfo
GetOEMCP
GetACP
LoadLibraryA
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
GetCurrentProcess
TerminateProcess
GetProcAddress
ExitProcess
IsBadWritePtr
WriteConsoleW
GetTempPathA
lstrcmpiA
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 759KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.rdata
.rsrc/MANIFEST/1
.xml
.text

Sharing

General

Malware Config

Signatures

Files

7e31285eb1db95529c06c4f1edda1e3f

Headers

File Characteristics

PDB Paths

Imports

ole32

hlink

msdmo

ntdsapi

oleaut32

kernel32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 44KB - Virtual size: 759KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 44KB - Virtual size: 759KB

.rsrc
Size: 4KB - Virtual size: 1KB