a8528bd5247ee832a01f61050b6934df_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a8528bd5247ee832a01f61050b6934df_JaffaCakes118
Size

790KB
MD5

a8528bd5247ee832a01f61050b6934df
SHA1

bf1ac3bcb44896bd1f40c0bc3890bdfb7d9f38e7
SHA256

5ade892dc987960279847a0469e101738cc1ad57d18389c7d2a8c6548ad1d7f0
SHA512

0c4591f87c691d258b9b2a61a13a4376f57d3778c4f0dd8efa12210bb6f18fcd0dbb5966554d84ceb92b43daf9e1ab44942e26eb9d19d18043112485bbc4dce5
SSDEEP

24576:V1eFGufpsZOltPEYM+LtLQCiazeELe/doTkeG:HwGOwkRSCiijLel6kZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a8528bd5247ee832a01f61050b6934df_JaffaCakes118

Files

a8528bd5247ee832a01f61050b6934df_JaffaCakes118
.exe windows:4 windows x86 arch:x86

10eaa6c50c42824f150c45d6e5769a93

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAddAccessAllowedAce
RtlCreateUserThread
RtlUpcaseUnicodeString
RtlNormalizeProcessParams
_aulldiv
_allmul
RtlDeleteElementGenericTable
RtlSizeHeap
RtlCopySid
RtlComputeCrc32
NtCreateEvent
NtQueryPerformanceCounter
swprintf
RtlUnicodeStringToAnsiString
NtDelayExecution
NtQuerySystemTime
RtlPrefixUnicodeString
wcscmp
NtWaitForMultipleObjects
NtQueryInformationProcess

msvcrt

_pctype
exit
_controlfp
__getmainargs
_strnicmp
_except_handler3
wcslen
_XcptFilter
_initterm
__setusermatherr
??2@YAPAXI@Z
strchr
fopen
??3@YAXPAX@Z
time
__mb_cur_max
_acmdln
atoi
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z

ulib

??1OBJECT@@UAE@XZ
?Fatal@PROGRAM@@UBAXKKPADZZ
?Initialize@WSTRING@@QAEEPBGK@Z
??1DSTRING@@UAE@XZ
??0CLASS_DESCRIPTOR@@QAE@XZ
?QueryDirectory@SYSTEM@@SGPAVFSN_DIRECTORY@@PBVPATH@@E@Z
??0PATH@@QAE@XZ
?Strcat@WSTRING@@QAEEPBV1@@Z
?Initialize@WSTRING@@QAEEPBV1@KK@Z
?Initialize@PATH@@QAEEPBVWSTRING@@E@Z
??1ARRAY@@UAE@XZ
?Display@MESSAGE@@QAAEPBDZZ
??1STRING_ARGUMENT@@UAE@XZ
?DisplayMessage@PROGRAM@@UBEEKW4MESSAGE_TYPE@@@Z
??0ARRAY@@QAE@XZ
?Compare@OBJECT@@UBEJPBV1@@Z
?SetFileName@FSN_FILTER@@QAEEPBVWSTRING@@@Z
?SetCaseSensitive@ARGUMENT_LEXEMIZER@@QAEXE@Z
?GetStandardError@PROGRAM@@UAEPAVSTREAM@@XZ
??1STREAM_MESSAGE@@UAE@XZ
??1PATH@@UAE@XZ

kernel32

GlobalLock
GlobalAlloc
GetCommandLineA
VirtualAlloc
GetVersion
LocalAlloc
GetEnvironmentStrings
OpenProcess
GlobalFree
UnhandledExceptionFilter
GetTickCount
GetCommandLineW
HeapReAlloc
CloseHandle
lstrlenA
GlobalSize
GlobalUnlock
GetStringTypeA
FlushFileBuffers
WriteConsoleW
lstrcmpW
DeleteFileW
GetTimeFormatW
GetUserDefaultLCID
GetACP

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

10eaa6c50c42824f150c45d6e5769a93

Headers

File Characteristics

Imports

ntdll

msvcrt

ulib

kernel32

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 46KB - Virtual size: 46KB

.data Size: 33KB - Virtual size: 69KB

.rsrc Size: 1024B - Virtual size: 936B

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 46KB - Virtual size: 46KB

.data
Size: 33KB - Virtual size: 69KB

.rsrc
Size: 1024B - Virtual size: 936B