8bc09023385f6ec33a29188f34e74b64_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8bc09023385f6ec33a29188f34e74b64_JaffaCakes118
Size

152KB
MD5

8bc09023385f6ec33a29188f34e74b64
SHA1

158521d2aab032a51eb72005a2f89f1256254bfb
SHA256

484f9f9ce8ae82e75dd70c749ddc6507121033f4616969617d0d93603ef0260a
SHA512

ee2f24572ede947ddcaf90db4417fdf6981ecfce65a46b451f20cc8db7cf9d84b1024db369284e25cf051d69cce1981ea670b78df7e734012cdbf3602ec804ab
SSDEEP

3072:ZAfNRDCQm11BziWo+MMpwgMnRhKkjEWDy+ydgYBrW:ZAfvDv+YWhNOgMnRhPAEgdZr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8bc09023385f6ec33a29188f34e74b64_JaffaCakes118

Files

8bc09023385f6ec33a29188f34e74b64_JaffaCakes118
.dll windows:4 windows x86 arch:x86

adadf136440f882876a0115d4ab09c3a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetConsoleAliasesLengthW
GetEnvironmentStringsA
Module32Next
GetLogicalDriveStringsA
SetFileAttributesA
RaiseException
VirtualAllocEx
GetFileTime
VirtualUnlock
OpenProcess
SetEvent
GetProcessTimes
ResetEvent
FindNextChangeNotification
IsValidCodePage
ReleaseSemaphore
GetTempPathA
IsValidLanguageGroup
IsBadHugeWritePtr
DeleteTimerQueueTimer
LocalFlags
CopyFileExW
SetThreadIdealProcessor
ReadConsoleOutputA
RaiseException
SetProcessShutdownParameters
GetConsoleWindow
GetWindowsDirectoryA
SetVolumeLabelA

wininet

FtpRemoveDirectoryW
InternetUnlockRequestFile
InternetQueryDataAvailable
ResumeSuspendedDownload
InternetGetConnectedStateExA
FtpSetCurrentDirectoryW
FtpSetCurrentDirectoryW
InternetCrackUrlA

Exports

Exports

Wupqpgt
Nceqiadgt
Jwauikqicen
CreateDpnlwwrlw
ReadXitgure
IsUckybmecabf
CreateOudqiycfo
WriteAbdmedhm

Sections

.itext
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 140KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ