85a17a0cc9f5b895e5f7d140a50995db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

85a17a0cc9f5b895e5f7d140a50995db_JaffaCakes118
Size

96KB
MD5

85a17a0cc9f5b895e5f7d140a50995db
SHA1

aab36f9746d8e4f954449c63335393a8116ca6fd
SHA256

f862ba8c179001ca6deb58806b87f3b521e630a36c7fd0052c5e0dfd48c5b1f2
SHA512

722d9a12e2c954485c0d30c492ca162eb9530579fd306547d724e67099fa88784a55509c14182495aba2210d8eb5ac4c0788e98b94f2157973bc56a2f21fcd9c
SSDEEP

3072:V65ZNa/1rfBxtD2rECHNrB+OJSFhFCQBcLGA9GFoM:V0ZsxnhwHNluheWn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85a17a0cc9f5b895e5f7d140a50995db_JaffaCakes118

Files

85a17a0cc9f5b895e5f7d140a50995db_JaffaCakes118
.exe windows:6 windows x86 arch:x86

970b218b001713cb3cde2ea5ac9bfed5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

wlcomm.pdb

Imports

kernel32

FreeLibrary
GetLastError
SetLastError
GetVersionExW
LocalAlloc
LocalFree
GetProcAddress
LoadLibraryW
SetErrorMode
SetProcessShutdownParameters
SetConsoleCtrlHandler
GetModuleHandleExW
HeapSetInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedDecrement
GetModuleHandleW
InterlockedIncrement
LoadLibraryExW
TerminateProcess

msvcr90

_initterm_e
_configthreadlocale
__setusermatherr
_initterm
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_set_abort_behavior
_splitpath_s
_makepath_s
wcschr
memset
_vsnwprintf
_vsnprintf
wcsstr
_adjust_fdiv

shell32

SHGetFolderPathW
SHCreateDirectoryExW
SHGetKnownFolderPath

ole32

CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize
CoTaskMemFree

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

970b218b001713cb3cde2ea5ac9bfed5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr90

shell32

ole32

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 69KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 73KB - Virtual size: 76KB

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 69KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 73KB - Virtual size: 76KB