8a1d1965b2d8501e692394bb801f58ca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8a1d1965b2d8501e692394bb801f58ca_JaffaCakes118
Size

67KB
MD5

8a1d1965b2d8501e692394bb801f58ca
SHA1

2d91e96fbdd58a14cb8e48d18552aecb0d66a6ec
SHA256

bdbb694798213d542a0b060d1fb390a059854b70966dffbfad8fc1ade1462062
SHA512

ded3c7cb39a8ec50e9583053619203aeb61416e30f0662dc0b1dfd6928f3293e3272d1f1c23410439c44827fe005307681632c8a74b4d09748ef114f6e5d7c74
SSDEEP

1536:CxWS6u+LLWkmNET0cKbRdyBbuE9axfCq+R1KRan:3S6ykLT0tb3yBjaCPR1Kgn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a1d1965b2d8501e692394bb801f58ca_JaffaCakes118

Files

8a1d1965b2d8501e692394bb801f58ca_JaffaCakes118
.dll windows:5 windows x64 arch:x64

1d4d5bf207c88f7f3a08ea9310c6d2b4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA

kernel32

ReadFile
Sleep
GetLastError
MapViewOfFile
CreateFileMappingA
GetFileSizeEx
GetWindowsDirectoryA
SetLastError
GetProcAddress
GetModuleHandleA
IsBadReadPtr
HeapFree
FreeLibrary
HeapAlloc
EncodePointer
DecodePointer
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RtlUnwindEx
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
HeapSize
GetModuleHandleW
FlsGetValue
FlsFree
FlsAlloc
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
LoadLibraryW
GetStringTypeW
SetStdHandle
WriteConsoleW
CreateFileW
FlushFileBuffers
GetModuleFileNameW
GetLocalTime
GetCurrentProcessId
OutputDebugStringA
CreateFileA
SetFilePointer
WriteFile
UnmapViewOfFile
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameA
ExitProcess
GetCurrentProcess

Exports

Exports

Install
Tset

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d4d5bf207c88f7f3a08ea9310c6d2b4

Headers

DLL Characteristics

File Characteristics

Imports

shell32

kernel32

Exports

Exports

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 5KB - Virtual size: 14KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 1KB - Virtual size: 1KB