86b7f328217fe15567345321e31f7c5a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

86b7f328217fe15567345321e31f7c5a_JaffaCakes118
Size

140KB
MD5

86b7f328217fe15567345321e31f7c5a
SHA1

6f69c40d3918b2e5fc646953bd1e1322acd3f7ee
SHA256

98e4678511d215a6243d6012d9f71ae78d5afcb0f5cc93cf4e3aa403ef716443
SHA512

9986c5a9e88bef527a41a860a8763e71e4468ed9951a37557dee4172db95caec8a892439fb2110f54360ff3102b3b1645d75d7004c744376bc6612082f54b994
SSDEEP

3072:xlJjsSFgXhVq+98ky3bgeMzDlGoTz/xDQJ0oN8:tjsSKXhVq+6k48eMzZXxDQJ0o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
86b7f328217fe15567345321e31f7c5a_JaffaCakes118

Files

86b7f328217fe15567345321e31f7c5a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

98518ba59d2008a5140c0a3c48b2ef67

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\aguzy\Ysiny\eluzem\Quko\Gajubuq.pdb

Imports

kernel32

CloseHandle
ReadFile
GetFileSize
SetEndOfFile
CreateFileW
DeleteCriticalSection
CreateProcessW
SetFileAttributesW
WriteConsoleW
GetModuleHandleW
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
IsBadWritePtr
HeapReAlloc
VirtualAlloc
HeapAlloc
LoadLibraryA
HeapFree
VirtualFree
GetModuleHandleA
GetStartupInfoW
GetVersionExA
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
WriteFile
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
GetSystemTimeAsFileTime

user32

LoadMenuW

winspool.drv

GetJobW
DocumentPropertiesW
OpenPrinterW
ClosePrinter

userenv

UnloadUserProfile
DestroyEnvironmentBlock
CreateEnvironmentBlock

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98518ba59d2008a5140c0a3c48b2ef67

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

userenv

winmm

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 52KB - Virtual size: 600KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 52KB - Virtual size: 600KB

.rsrc
Size: 4KB - Virtual size: 3KB