9606b8843c18c42ce66380b44eff38a4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9606b8843c18c42ce66380b44eff38a4_JaffaCakes118
Size

254KB
MD5

9606b8843c18c42ce66380b44eff38a4
SHA1

823741fb1e27996e051c69d9af530dd28ffaab69
SHA256

860a70157f7232e3438bd2bd7c1fe84726ca36166478d8a1c69dbdd559a5f23f
SHA512

8d5379ea9ac9587aecb52f47984e80f6f7e8d61a44f2620d612791c88f94b176123710ac80556a6b529e1c09de2b20dd9947ebc0b2bfa9cb23d7d0ecf04d4385
SSDEEP

3072:GCmfm1CQEWbgNabbDSLiVdgpdmGPc3kcW1YnthR3PyIOWFGTJ5VVgT6:fmf6CcbgMbbBEP/gjrVGF5jgT6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9606b8843c18c42ce66380b44eff38a4_JaffaCakes118

Files

9606b8843c18c42ce66380b44eff38a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a040b3dbb3be9751047f32775e093039

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\sandbox\1296\windows\intel_manageability_configuration\configuration\certchainbuilder\release\CertChainBuilder.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RaiseException
RtlUnwind
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetCurrentThread
MultiByteToWideChar
ReadFile
CloseHandle
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
WriteFile
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
FatalAppExitA
VirtualAlloc
HeapReAlloc
GetCPInfo
GetTimeFormatA
GetDateFormatA
GetACP
GetOEMCP
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
SetStdHandle
FlushFileBuffers
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FreeLibrary
LoadLibraryA
LCMapStringA
LCMapStringW
GetTimeZoneInformation
SetEndOfFile
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a040b3dbb3be9751047f32775e093039

Headers

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 1KB

.rrdata Size: 72KB - Virtual size: 72KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.rrdata
Size: 72KB - Virtual size: 72KB