a04961e9e565e0be2717dc56d92cdb8d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a04961e9e565e0be2717dc56d92cdb8d_JaffaCakes118
Size

405KB
MD5

a04961e9e565e0be2717dc56d92cdb8d
SHA1

0e9453370248b57803a48e75dfa9a870dc68285b
SHA256

b02351755f4713f71e047920ab22ab67a38ab8dd20030804f85215a51a902a9f
SHA512

f9bb5101ea039a9ef024cfc9629fba36594e6f828de29604d4ddd65575a9c175198f946a5ef70eee1312fc79c3bb75f799bb3f607a670706f4698ebe942274ef
SSDEEP

6144:dO42ebhBAFQWXnmWHkyPtdvd056AKo3xycB9LOv+PH2h3Z7M8bkJDeYV3DlRqwS:1hbBQVd1056W3JBt+vI8oJDe6uw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
a04961e9e565e0be2717dc56d92cdb8d_JaffaCakes118

Files

a04961e9e565e0be2717dc56d92cdb8d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6653078bb1ea1e4acc1a97952c83ec15

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
BuildCommDCBAndTimeoutsA
GetCommState
ReadConsoleA
InterlockedDecrement
SetConsoleActiveScreenBuffer
GetProfileSectionA
CallNamedPipeW
LocalFlags
SetProcessPriorityBoost
GetPriorityClass
GlobalAlloc
LoadLibraryW
TerminateThread
GetBinaryTypeA
lstrcatA
lstrlenW
FindNextVolumeMountPointW
DisconnectNamedPipe
RaiseException
CreateJobObjectA
SetCurrentDirectoryA
GetStdHandle
FreeLibraryAndExitThread
SetLastError
GetProcAddress
CopyFileA
EnterCriticalSection
GetLocalTime
LoadLibraryA
FindAtomA
GetPrivateProfileStructA
GetTapeParameters
WaitForMultipleObjects
SetEnvironmentVariableA
GetOEMCP
CreateMutexA
EnumResourceNamesA
RequestWakeupLatency
GetCurrentDirectoryA
OpenSemaphoreW
lstrcpyW
AreFileApisANSI
GetLastError
MoveFileA
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RtlUnwind
HeapFree
DeleteCriticalSection
LeaveCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetModuleHandleW
Sleep
ExitProcess
WriteFile
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
IsValidCodePage
GetModuleHandleA
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

winhttp

WinHttpCloseHandle

Exports

Exports

_asdga@4
_weewgg@8
_wsefwrgwrg@4
_ydtiuiei7@8

Sections

.text
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 4.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6653078bb1ea1e4acc1a97952c83ec15

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winhttp

Exports

Exports

Sections

.text Size: 370KB - Virtual size: 369KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 7KB - Virtual size: 4.0MB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 370KB - Virtual size: 369KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 7KB - Virtual size: 4.0MB

.rsrc
Size: 14KB - Virtual size: 14KB