b3a4f4f44b51729682ca014aaa7b4355_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3a4f4f44b51729682ca014aaa7b4355_JaffaCakes118
Size

149KB
MD5

b3a4f4f44b51729682ca014aaa7b4355
SHA1

67a7b9b5c8ec7c3f9c1dd6b23330e930bbbe99b6
SHA256

a51cc0259ab6e41af26dee668a27e93ec6643e1c7078a0e8c69e56bbc19387a6
SHA512

c802051b924e53375285dc22d5f84771a4618a01699962b6574b0616e9c79fffbb23e09404c252bce06890d2eeeb59b47d4c75d44eb1e60d997ed608276fb2f7
SSDEEP

3072:uelzumUpHEgoJ0ooijuyfyAomqbYy6L1PcDf84LFHqukkkkfkkkk4kkkZkk:ue1UpToesjuy6AFi78qkkkkfkkkk4kk+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3a4f4f44b51729682ca014aaa7b4355_JaffaCakes118

Files

b3a4f4f44b51729682ca014aaa7b4355_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e5b230284b90b15ca10cfd4c971bed07

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbg0sym3.p2d3b4

Imports

kernel32

LoadLibraryExW
HeapSize
SetHandleCount
GetACP
GetEnvironmentStringsW
GetSystemInfo
InterlockedCompareExchange
InterlockedDecrement
GetStartupInfoA
SetLastError
WideCharToMultiByte
IsBadWritePtr
LCMapStringA
CreateFileMappingW
GetStdHandle
VirtualQuery
WaitForSingleObject
ConnectNamedPipe
GetModuleHandleA
CloseHandle
GetVersionExA
GetCurrentProcess
Sleep
GetTickCount
LCMapStringW
FreeEnvironmentStringsW
lstrcatW
CreateTimerQueueTimer
InterlockedExchangeAdd
FreeEnvironmentStringsA
ResetEvent
DeleteTimerQueueTimer
OpenProcess
VirtualAlloc
IsBadReadPtr
lstrcpyW
CreateEventA
ReleaseMutex
GetSystemTimeAsFileTime
CreateThread
IsBadCodePtr
GetEnvironmentStrings
GetFileType
GetCurrentThreadId
HeapFree
ExitProcess
SetEvent
DisconnectNamedPipe
InterlockedIncrement
RtlUnwind
InitializeCriticalSection
GetProcAddress
DeleteCriticalSection
CreateNamedPipeA
HeapCreate
SetUnhandledExceptionFilter
WriteFile
HeapDestroy
CreateMutexW
GetOEMCP
VirtualFree
GetCPInfo
DuplicateHandle
LoadLibraryA
GetCommandLineA
RaiseException
GetLastError
HeapAlloc
QueryPerformanceCounter
LeaveCriticalSection
GetStringTypeA
GetCurrentProcessId
VirtualProtect
GetLocaleInfoA
EnterCriticalSection
GetStringTypeW
ReadFile
MapViewOfFile
GetModuleFileNameA
MultiByteToWideChar
InterlockedExchange
TerminateProcess
UnmapViewOfFile
CopyFileA
UnhandledExceptionFilter
HeapReAlloc
WaitForMultipleObjects

user32

wsprintfW

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Exports

Exports

fpntcbvkyuxzefovzyfvkuteofjkloexcadaifrfzbsyqyauqggympztmynanyvohchpwxizybqkdlqpfioklpfkxtksg

Sections

.text
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5b230284b90b15ca10cfd4c971bed07

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 91KB

.data Size: 18KB - Virtual size: 47KB

.rsrc Size: 37KB - Virtual size: 36KB

.reloc Size: 1024B - Virtual size: 754B

.text
Size: 92KB - Virtual size: 91KB

.data
Size: 18KB - Virtual size: 47KB

.rsrc
Size: 37KB - Virtual size: 36KB

.reloc
Size: 1024B - Virtual size: 754B