ae8a5b3c6bdefa322c7fc1bc2fc6327b_JaffaCakes118

General

Target

ae8a5b3c6bdefa322c7fc1bc2fc6327b_JaffaCakes118
Size

91KB
MD5

ae8a5b3c6bdefa322c7fc1bc2fc6327b
SHA1

ddb65f94f73c5b97caf6a9881d5461673b2b3649
SHA256

131194818ad8a41211d493124fc04906eb2e3a516f7004327d8ce45840e0cec2
SHA512

db27885a49fd50f89511e2a9f5769ba08e5bb759a05ae20e7795072698219661b56d2c3cb372d8888746c214a7d4f8480445853d11ab9393d650f4a0bd66c125
SSDEEP

1536:gqLN/0OjfVku+IhTq2tZwKkQVX9b1WThRx7b8ZD/MKOiK/IBS:r5/0MfipIRttZwC9hWT3x7Ar3cR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ae8a5b3c6bdefa322c7fc1bc2fc6327b_JaffaCakes118

Files

ae8a5b3c6bdefa322c7fc1bc2fc6327b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

820f1c9feed1d8af0f995593cd199702

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteConsoleA
GetStdHandle
GetPrivateProfileStructA
GetConsoleCursorInfo
FindFirstChangeNotificationA
CallNamedPipeW
GetTickCount
_lclose
GetExitCodeProcess
VirtualAlloc
CloseConsoleHandle
LoadLibraryA
FreeEnvironmentStringsW
EnumDateFormatsA
PostQueuedCompletionStatus
SetEnvironmentVariableW
GetUserDefaultLangID
RegisterWaitForInputIdle
BuildCommDCBW

wiadss

UnloadImportDS
FindNextImportDS
CloseFindContext
FindFirstImportDS
LoadImportDS
FindImportDSByDeviceName
GetLoaderStatus

msvcrt20

?tie@ios@@QAEPAVostream@@PAV2@@Z
_spawnle
frexp
??4ostrstream@@QAEAAV0@ABV0@@Z
?write@ostream@@QAEAAV1@PBDH@Z
??6ostream@@QAEAAV0@J@Z
_CIlog10
strtol
_safe_fdiv
_isatty
?close@ofstream@@QAEXXZ
??_8stdiostream@@7Bostream@@@
_tzset

rpcrt4

NdrSimpleTypeMarshall
I_RpcBindingCopy
CStdStubBuffer_DebugServerQueryInterface
NdrCorrelationFree
double_from_ndr
NdrProxyErrorHandler
RpcStringBindingComposeW
tree_size_ndr
I_RpcAllocate
NdrGetSimpleTypeMemorySize
RpcCancelThread
NdrConformantStructFree
CStdStubBuffer_DebugServerRelease
I_RpcClearMutex

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

820f1c9feed1d8af0f995593cd199702

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wiadss

msvcrt20

rpcrt4

Sections

.text Size: 40KB - Virtual size: 39KB

.data Size: 24KB - Virtual size: 34KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 512B - Virtual size: 300B

.text
Size: 40KB - Virtual size: 39KB

.data
Size: 24KB - Virtual size: 34KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 512B - Virtual size: 300B