86507f1fa6c42fd57adb26f34e76e340_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

86507f1fa6c42fd57adb26f34e76e340_JaffaCakes118
Size

237KB
MD5

86507f1fa6c42fd57adb26f34e76e340
SHA1

d844a9757a57e76c4bef883311650553f4c86da2
SHA256

5ba99e1025ea7ef221442bb7f0250d6bbed16751d839ce7e4652b8253d8da4eb
SHA512

e5209801f4f78f46108a40302f0ff39138eec8f452c567eef3b67ef15b6bc3e7619b73e169425f1cb8a8f62eaf76a8e36a1e82f3d70a8fe4e2b97ccd385f22a0
SSDEEP

3072:lZU34kQhUpQkOIT7ptOLR5X9Kbl7+9wkC3:gR5/ptOLBK5aE3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86507f1fa6c42fd57adb26f34e76e340_JaffaCakes118

Files

86507f1fa6c42fd57adb26f34e76e340_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e09089a2b25be43668e10d5174064933

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

kernel32

CloseHandle
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FindFirstFileA
FindNextFileA
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
Process32First
Process32Next
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrlenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

wsock32

closesocket
gethostbyname
htons
setsockopt

user32

CharLowerA
EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

___CPPdebugHook
iuehv

Sections

.text
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 149KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e09089a2b25be43668e10d5174064933

Headers

File Characteristics

Imports

advapi32

kernel32

version

wsock32

user32

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 80KB

.data Size: 149KB - Virtual size: 168KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 8KB

.text
Size: 78KB - Virtual size: 80KB

.data
Size: 149KB - Virtual size: 168KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 8KB