8689d045e1d729fbdcd5e27da3f72b8a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8689d045e1d729fbdcd5e27da3f72b8a_JaffaCakes118
Size

665KB
MD5

8689d045e1d729fbdcd5e27da3f72b8a
SHA1

10ea2f8f87f28c7136fc9a953f64378a89553cc4
SHA256

c5da033ef71253ec95468e12b47d4b07375c17cddff41d51ff607b840b524f99
SHA512

0a17c8c10b078e0a97fef7358770d05e7597b5fe9ff0131d60ad970d5cc16465865a8eac603090b23d7d27a77f5fde8af0398aa497b1fc0395b51595633f0fe6
SSDEEP

12288:53YnbInDM1VW55x5ovPhPxvG87E5oRaBzP3txVCU9hFujf8lWm:5oTg5oFxTaBb3t+U9Swt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8689d045e1d729fbdcd5e27da3f72b8a_JaffaCakes118

Files

8689d045e1d729fbdcd5e27da3f72b8a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

38283449a9f19be5b672dd4d7953f555

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
HeapSize
LoadLibraryA
GetEnvironmentStrings
VirtualProtect
UnhandledExceptionFilter
GetProcAddress
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetCPInfo
FreeResource
GetVersionExW
GetCurrentProcessId
LCMapStringW
GetCurrentProcess
DuplicateHandle
TerminateProcess
GetStringTypeW
CreateEventW
HeapAlloc
GetACP
InterlockedExchange
GetOEMCP
GetCurrentThreadId
InitializeCriticalSection
WriteFile
lstrcmpA
DeleteFileA
HeapFree
LockResource
GetDriveTypeW
GlobalAlloc
GetTickCount
GetFullPathNameA
GetModuleFileNameA
GetFileSize
GetSystemTimeAsFileTime
InterlockedIncrement
LoadLibraryExA
HeapDestroy
RemoveDirectoryW
IsValidLocale
CloseHandle
lstrlenA
IsValidCodePage
CreateEventA
GetModuleHandleW
GetCommandLineA
WideCharToMultiByte
GetCommandLineW
LCMapStringA
SetFilePointer
HeapReAlloc
LoadResource
CreateFileA
GetTempPathW
Sleep
TlsSetValue
DeleteFileW
DisableThreadLibraryCalls
GetCurrentThread
MulDiv
VirtualAlloc
QueryPerformanceCounter
LoadLibraryW

user32

GetDlgItem
GetForegroundWindow
LoadCursorA
SetParent
LoadStringA
SetWindowPlacement
EnableMenuItem
MessageBeep
CharNextA
SendMessageW
GetClassNameA
GetWindow
DispatchMessageA
ShowWindow
RegisterClassW
EndDialog
CopyRect
LoadCursorW
MsgWaitForMultipleObjects
PeekMessageA
IsWindow
UnionRect
GetMenuItemCount
InvalidateRect
SetScrollInfo
SetCursor
SetWindowPos
GetKeyState
ReleaseDC
GetCursorPos
SetScrollPos

msvcrt

memmove
__p__fmode
??3@YAXPAX@Z
memset
fprintf
_wcsicmp
fclose
realloc
malloc
_adjust_fdiv
_purecall
_XcptFilter

ntdll

ZwFindAtom

ole32

StringFromGUID2
CoInitialize

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38283449a9f19be5b672dd4d7953f555

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcrt

ntdll

ole32

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 3KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 40KB

.idata Size: 12KB - Virtual size: 11KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 64B

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 3KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 40KB

.idata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 64B