a9c39d059961872d488f5419178a20a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a9c39d059961872d488f5419178a20a0_JaffaCakes118
Size

170KB
MD5

a9c39d059961872d488f5419178a20a0
SHA1

6df080939256f51fa6ead9ab8f134bb5643de2d8
SHA256

95ad086e29d0ec792458b1f5cfe223c33cf8e546554f40694571b48c04481090
SHA512

02fa6a1d454d51790203f75998c413a17b584c8f0d240f5d513bafa76084bd2943f2b1addbeb6c7acb7bed4a7d01d1f8cff5c2df054d1cdf640194f7f7754977
SSDEEP

3072:c8/vGfdqgaB21ORoO2QxRDlzjhfBJJ3eiOfO75J5GArqqAB57JbZs6wTCp2HGZWh:c8/vGfdqfB21ORJ2sDlzFfBJJ3ePf455

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9c39d059961872d488f5419178a20a0_JaffaCakes118

Files

a9c39d059961872d488f5419178a20a0_JaffaCakes118
.exe windows:6 windows x86 arch:x86

2a5aae458fc0d4b12c3c293f26469545

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

VaultCmd.pdb

Imports

kernel32

GetModuleHandleW
LocalFree
GetLastError
LocalAlloc
FormatMessageW
SetThreadUILanguage
GetConsoleOutputCP
WideCharToMultiByte
GetProcessHeap
HeapAlloc
GetStdHandle
WriteFile
HeapFree
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
InterlockedExchange

msvcrt

_amsg_exit
_iob
fwprintf
_controlfp
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_wsetlocale
_initterm
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_wtoi
wcsstr
memset
_vsnwprintf
wprintf
_wcsicmp

ntdll

RtlGUIDFromString
RtlNtStatusToDosError

user32

LoadStringW

vaultcli

VaultCreateVault
VaultGetItemType
VaultSetInformation
VaultEnumerateItems
VaultRemoveItem
VaultAddItem
VaultCloseVault
VaultLockVault
VaultFree
VaultGetInformation
VaultOpenVault
VaultUnlockVault
VaultEnumerateVaults
VaultLoadVaults
VaultUnloadVaults
VaultCopyVault
VaultEnumerateItemTypes

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

PACK
Size: 148KB - Virtual size: 392KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a5aae458fc0d4b12c3c293f26469545

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ntdll

user32

vaultcli

Sections

.text Size: 17KB - Virtual size: 17KB

.data Size: 512B - Virtual size: 968B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 904B

PACK Size: 148KB - Virtual size: 392KB

.text
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 968B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 904B

PACK
Size: 148KB - Virtual size: 392KB