817e14be1b3a0979390a8c3cc7c4f9d1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

817e14be1b3a0979390a8c3cc7c4f9d1_JaffaCakes118
Size

4.0MB
MD5

817e14be1b3a0979390a8c3cc7c4f9d1
SHA1

ce294e099cefdcfb41ef8463a52be5f0dcd0e992
SHA256

697a11fb5efab2c155e459623ea902409395463c379f4549cc471d806e90f783
SHA512

1fc1c1917b583d37ce57903c71a8b987bc3333d0cc309e933dde2f7f816ce5b8e42dd7c883eefd2cbd198952979fb38052cdb1e0756ae023263c4b85db898942
SSDEEP

98304:xiFrwPbHPPquDjTdNwoTPI//JSGZoTw899Y72en:x5bnqunT7woqJpyTw899iH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
817e14be1b3a0979390a8c3cc7c4f9d1_JaffaCakes118

Files

817e14be1b3a0979390a8c3cc7c4f9d1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0ca12ec0b821919ca2bc91020dce9044

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalUnfix
GetPrivateProfileSectionNamesA
SetSystemPowerState
CreateMutexW
GetStdHandle
InterlockedDecrement
GetSystemTimeAdjustment
CompareFileTime
Sleep
CallNamedPipeA
SizeofResource
SetPriorityClass
_lcreat
FreeLibraryAndExitThread
LoadLibraryW
BuildCommDCBAndTimeoutsA
GetProcAddress
lstrcpyA
GlobalAlloc
ExitProcess
SetFilePointer
CopyFileA
SetEnvironmentVariableA
GetCurrentDirectoryW
SetCommState
GetOEMCP
SetUnhandledExceptionFilter
FindAtomA
WaitForMultipleObjects
CreateSemaphoreW
SetFileApisToANSI
ConnectNamedPipe
GetPrivateProfileStructW
SetLocalTime
SetLastError
lstrlenW
IsBadWritePtr
RaiseException
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
SetHandleCount
GetFileType
GetModuleHandleW
InterlockedIncrement
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
GetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
HeapFree
VirtualFree
WriteFile
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetCPInfo
IsValidCodePage
GetConsoleCP
GetConsoleMode
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
MultiByteToWideChar
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
FlushFileBuffers
ReadFile
CreateFileA
CloseHandle

Exports

Exports

_fourthSoldier@4
_gekkon@4
_gifgeek@8
_thirdSoldier@8

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ca12ec0b821919ca2bc91020dce9044

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 42KB - Virtual size: 42KB

.data Size: 7KB - Virtual size: 4.6MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 7KB - Virtual size: 4.6MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 7KB - Virtual size: 7KB