8923445c4cea7afcd41b34526a0b9bd3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8923445c4cea7afcd41b34526a0b9bd3_JaffaCakes118
Size

31KB
MD5

8923445c4cea7afcd41b34526a0b9bd3
SHA1

63947281c58d902accb3fc4b83ccaa150c97b6c6
SHA256

45f279df9a17f237848ea106f1bd1c110bbf1aed9e7284c2d4b0c84340f59352
SHA512

7050fbe220adfe6d262d20a797a41aa88fb28b9681ceeead8ef21d94ae2fa585de84feb85457f7f770d5d9d1491ece8973991e04b8f851ebcd601bdd2cd10eec
SSDEEP

768:fnqgS8f7qV/2GGVf/UZncC57OR1fXeurBVt17cZch7lwgNxMKsdcGI:fnZS8810f/XC57OzfXNr77cK/wgNxfsK

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/DEE_demo/demo.e$e
unpack001/DEE_demo/killatom.exe
unpack001/bin2dee.exe
unpack001/examples/dee_ex.EXE
unpack001/image.EXE

Files

8923445c4cea7afcd41b34526a0b9bd3_JaffaCakes118
.zip
DEE_demo/dee.inc
DEE_demo/demo.asm
DEE_demo/demo.def
DEE_demo/demo.e$e
.exe windows:1 windows x86 arch:x86

87b12dee0f09cfc757e1a0983057b354

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CloseHandle
AllocConsole
CreateFileMappingA
ExitProcess
CreateFileA
GetEnvironmentVariableA
GetFileSize
GetModuleHandleA
GetStdHandle
GlobalAlloc
GlobalDeleteAtom
GetCommandLineA
GlobalFree
GlobalLock
MapViewOfFile
ReadFile
SetConsoleTextAttribute
SetEndOfFile
SetFilePointer
UnmapViewOfFile
WriteConsoleA
WriteFile
_lcreat
lstrlen
GlobalFindAtomA

user32

MessageBoxA

Sections

CODE
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
DEE_demo/file_id.diz
DEE_demo/killatom.exe
.exe windows:1 windows x86 arch:x86

9234eb547bd8a975d0475b2e1a3c96ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
LocalAlloc
LocalFree
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue

cw3230

@_CatchCleanup$qv
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__ExceptionHandler
___debuggerDisableTerminateCallback
__argc
__argv
__exitargv
__flushall
__setargv
__startup
_abort
_memcpy
_printf

Exports

Exports

__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DEE_demo/pe.inc
DEE_demo/readme.txt
bin2dee.cpp
bin2dee.exe
.exe windows:1 windows x86 arch:x86

f98a2f3312c1e0c3e1321d9d02668e91

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

cw3230

_abort
@__unlockDebuggerData$qv
@__lockDebuggerData$qv
@$bdele$qpv
__ExceptionHandler
__setargv
__argc
__argv
__exitargv
@$bnwa$qui
@_CatchCleanup$qv
__startup
___debuggerDisableTerminateCallback
_fclose
_filelength
_fopen
_fprintf
_fread
_memcpy
_printf
__flushall

kernel32

TlsSetValue
TlsFree
TlsAlloc
LocalFree
TlsGetValue
LocalAlloc
GetModuleHandleA

Exports

Exports

__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TLS
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
build.bat
dee.h
dee.inc
dee_r.txt
dees.inc
dizx32.inc
dizx32def.inc
examples/dee_ex.EXE
.exe windows:1 windows x86 arch:x86

8bcc8b356ffc701e04fab9c30bfce3fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

CloseHandle
CreateFileA
CreateFileMappingA
ExitProcess
GetCommandLineA
GetEnvironmentVariableA
GetFileSize
GetModuleHandleA
GetStdHandle
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomA
GlobalFree
GlobalLock
MapViewOfFile
ReadFile
SetConsoleTextAttribute
SetEndOfFile
SetFilePointer
UnmapViewOfFile
WriteConsoleA
WriteFile
_lcreat
lstrlen
AllocConsole

Sections

CODE
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
examples/dee_ex.asm
examples/make_dex.bat
examples/ring3krn.inc
file_id.diz
image.EXE
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
image.asm
image.bat

Sharing

General

Malware Config

Signatures

Files

87b12dee0f09cfc757e1a0983057b354

Headers

File Characteristics

Imports

kernel32

user32

Sections

CODE Size: 3KB - Virtual size: 4KB

DATA Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

9234eb547bd8a975d0475b2e1a3c96ba

Headers

File Characteristics

Imports

kernel32

cw3230

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

f98a2f3312c1e0c3e1321d9d02668e91

Headers

File Characteristics

Imports

cw3230

kernel32

Exports

Exports

Sections

CODE Size: 2KB - Virtual size: 4KB

DATA Size: 2KB - Virtual size: 4KB

TLS Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

8bcc8b356ffc701e04fab9c30bfce3fa

Headers

File Characteristics

Imports

kernel32

Sections

CODE Size: 2KB - Virtual size: 4KB

DATA Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 1KB - Virtual size: 4KB

DATA Size: 512B - Virtual size: 4KB

CODE
Size: 3KB - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.text
Size: 1KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

CODE
Size: 2KB - Virtual size: 4KB

DATA
Size: 2KB - Virtual size: 4KB

TLS
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB

CODE
Size: 2KB - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

CODE
Size: 1KB - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 4KB