a6108f264dae035e0903bc7e08260ac7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a6108f264dae035e0903bc7e08260ac7_JaffaCakes118
Size

166KB
MD5

a6108f264dae035e0903bc7e08260ac7
SHA1

0279b1b1573e386690f235b25fbf6e5c75cbc204
SHA256

deea050c6a09256bba6f49d0fa375fa14adb664b6fc49c518310e3caae2d83cb
SHA512

e5bf6416e18d03cf856fd2dd29c5e323ebbb9c2dadc633819ab25f7d4900167b2f948c2e7b641cb784ee82c339206819b4ac7f00a596217972ac0bd367cc587a
SSDEEP

3072:T920/N+a3uebKN5IGsmKEbN6wMJUImER6RulpmRDjWBOBeMs53CGq5F4f1cCmOaa:P/okuebKfIR3EUwM+ImcUulpsDjWBf5p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a6108f264dae035e0903bc7e08260ac7_JaffaCakes118

Files

a6108f264dae035e0903bc7e08260ac7_JaffaCakes118
.exe .ps1 windows:5 windows x86 arch:x86 polyglot

bb001673d6974e0b124900da0c8e5f10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
GlobalFlags
lstrcpyW
CreateEventW
GetProcessWorkingSetSize
GetFileTime
lstrcpyA
GetCurrentProcess
GetCurrentProcessId
GetCompressedFileSizeA
GetPriorityClass
GetACP
GetEnvironmentStringsW
ReadFile
GetStartupInfoW
RemoveDirectoryA
GetSystemTime
DisableThreadLibraryCalls
GetModuleHandleA
GetStdHandle
GetProcessTimes
GetStartupInfoA
CreateFileW
TerminateProcess
IsDebuggerPresent
GetCurrentDirectoryW
GetProcessPriorityBoost
GetOEMCP
LoadLibraryW
LoadLibraryA
SetPriorityClass
CloseHandle
CopyFileW
GetThreadLocale
DeviceIoControl
GetComputerNameW
FlushFileBuffers
ContinueDebugEvent
GetCurrentThreadId
GetVersionExW
GlobalSize
GetUserDefaultLCID
SetProcessPriorityBoost
GlobalDeleteAtom
VirtualAlloc
WaitForSingleObject
CreateEventA
GetProcAddress
IsBadReadPtr
VirtualProtect
ExitProcess
VirtualFree

user32

GetForegroundWindow
HideCaret
BringWindowToTop
GetFocus
GetSystemMetrics
GetCursorInfo
InSendMessage
DestroyWindow
ShowCursor
IsHungAppWindow
IsChild
CloseWindow
GetCaretPos
GetCapture
GetMessageTime
GetWindowDC
IsWindowEnabled
GetKeyboardLayout
GetDialogBaseUnits
GetLastActivePopup
GetKeyboardType
GetInputState
PostQuitMessage
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
MessageBoxA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA

winscard

SCardEstablishContext
SCardReleaseContext

Sections

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bb001673d6974e0b124900da0c8e5f10

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

winscard

Sections

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 200KB

.text Size: 122KB - Virtual size: 122KB

.rsrc Size: 38KB - Virtual size: 38KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 200KB

.text
Size: 122KB - Virtual size: 122KB

.rsrc
Size: 38KB - Virtual size: 38KB