89fd6b12b59c0d7ce61a3b86dbabdb5a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

89fd6b12b59c0d7ce61a3b86dbabdb5a_JaffaCakes118
Size

84KB
MD5

89fd6b12b59c0d7ce61a3b86dbabdb5a
SHA1

a43d00e4d2f864d0ccfe64506b1b61990e577c3c
SHA256

22b64656e0707d23975570822271d6c392ccbdcc7b9cdff78ca6fd1b01473a85
SHA512

76caafb82555e30847723dab7ce374a84559f6c5015ce291d154acbf666d53daa80ee95cced9a4e9b2c59d8b4756511dc6bc418213377ab749b3e4e85f19d96c
SSDEEP

1536:lnEKgDTyDi2pVQXLakvSPuCs4+ZS7HxlpLbgxiiv02RCu3JVgP1oS33U:9JgDTyDVQYuCMCHxl5coihRQ33U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
89fd6b12b59c0d7ce61a3b86dbabdb5a_JaffaCakes118

Files

89fd6b12b59c0d7ce61a3b86dbabdb5a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

24b27058514a5a210cecf9f27d141ec0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

?pbackfail@?$basic_filebuf@DU?$char_traits@D@std@@@std@@MAEHH@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?setp@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXPAG00@Z
??1_Timevec@std@@QAE@XZ
??5std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??Hstd@@YA?AV?$complex@N@0@ABV10@@Z
??Kstd@@YA?AV?$complex@O@0@ABV10@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?out@?$codecvt@GDH@std@@QBEHAAHPBG1AAPBGPAD3AAPAD@Z
??Dstd@@YA?AV?$complex@N@0@ABNABV10@@Z
?_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ
??_7?$basic_istream@GU?$char_traits@G@std@@@std@@6B@

ntdll

ZwUnloadKey
ZwDebugActiveProcess
NtLockFile
NlsMbOemCodePageTag
ZwUnlockVirtualMemory
NtAllocateUserPhysicalPages
_i64tow
RtlAllocateAndInitializeSid
NtQueryDebugFilterState
ZwResumeThread
NtSetInformationThread
ZwDeleteValueKey
atoi
RtlApplyRXact
atol
LdrUnloadAlternateResourceModule
NtOpenIoCompletion
_itoa
atan
RtlGetElementGenericTable
ZwOpenObjectAuditAlarm
RtlTraceDatabaseEnumerate
NtMakeTemporaryObject
ZwReplaceKey
RtlAddAuditAccessAce
RtlGetSaclSecurityDescriptor

kernel32

GetProfileSectionW
SearchPathW
GetConsoleCursorInfo
SetFileAttributesA
VirtualAlloc
LocalShrink
GetLargestConsoleWindowSize
GetCurrentDirectoryW
SetConsoleOutputCP
SetConsoleCursorInfo
SetHandleContext
TryEnterCriticalSection
CopyFileA
RegisterConsoleVDM
_lwrite
HeapUnlock
GetModuleHandleExW
FindNextFileA
ReadConsoleInputA
LoadLibraryA
SetCurrentDirectoryW
EnumDateFormatsExA
AddConsoleAliasW
GetFullPathNameW
GetProcessHeap
Module32First
lstrcmpiA
VirtualQuery

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24b27058514a5a210cecf9f27d141ec0

Headers

DLL Characteristics

File Characteristics

Imports

msvcp60

ntdll

kernel32

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 19KB - Virtual size: 27KB

.rsrc Size: 21KB - Virtual size: 20KB

.reloc Size: 512B - Virtual size: 232B

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 19KB - Virtual size: 27KB

.rsrc
Size: 21KB - Virtual size: 20KB

.reloc
Size: 512B - Virtual size: 232B