b990af32d78da66df5a610c49c3a2e5b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b990af32d78da66df5a610c49c3a2e5b_JaffaCakes118
Size

184KB
MD5

b990af32d78da66df5a610c49c3a2e5b
SHA1

01134cf6450f728459ff4788c31725ea878b32dd
SHA256

be525004eac3cf155339e33ce95ffcbbabcb33341ba0412a471544509b1257b2
SHA512

07b167cf572bb8e976df8c66c2326a99aba5d984bb2299bb4d7bf17d7c31639d5c3112dba250858090b4d232277e5bfb9aad4e42db63ddd3f9204179d69ba80e
SSDEEP

3072:wroPjXqLxIlBXmzIfSWvc3m3tMRwy1AWAgQ1HDszUYflWJ9nYGKQ+RD4Eb3W3I6l:6orXqLxIlRmzZmCWy1wgQ1kK7LKQUDHD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b990af32d78da66df5a610c49c3a2e5b_JaffaCakes118

Files

b990af32d78da66df5a610c49c3a2e5b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c8078674b9c103356b9167c87fb74303

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Cub\Ahucuco\Yhufi\Adil\yloz.pdb

Imports

advapi32

GetUserNameA

oleaut32

OleLoadPicture
OleCreatePropertyFrame
OleCreatePropertyFrameIndirect
OleCreateFontIndirect

pdh

PdhCloseLog
PdhCloseQuery
PdhCollectQueryDataEx
PdhComputeCounterStatistics
PdhEnumObjectItemsHA
PdhEnumObjectItemsA
PdhEnumObjectsHA
PdhEnumObjectsA
PdhExpandCounterPathA
PdhGetCounterTimeBase
PdhGetDataSourceTimeRangeH
PdhGetDefaultPerfCounterA
PdhGetDllVersion
PdhGetFormattedCounterArrayA
PdhCalculateCounterFromRawValue
PdhGetRawCounterArrayA
PdhGetRawCounterValue
PdhLookupPerfIndexByNameA
PdhLookupPerfNameByIndexA
PdhParseCounterPathA
PdhParseInstanceNameA
PdhReadRawLogRecord
PdhSelectDataSourceA
PdhSetCounterScaleFactor
PdhSetDefaultRealTimeDataSource
PdhSetLogSetRunID
PdhUpdateLogFileCatalog
PdhUpdateLogA
PdhValidatePathA
PdhVerifySQLDBA
PdhBrowseCountersA
PdhBrowseCountersHA
PdhBindInputDataSourceA
PdhAddCounterA
PdhGetFormattedCounterValue

kernel32

GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
GetCPInfo
GetOEMCP
GetACP
LoadLibraryA
IsBadWritePtr
HeapReAlloc
VirtualAlloc
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
GetCurrentProcess
SetTapePosition
PulseEvent
ResetEvent
CreateEventA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapAlloc
ExitProcess
GetProcAddress
TerminateProcess

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 720B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8078674b9c103356b9167c87fb74303

Headers

File Characteristics

PDB Paths

Imports

advapi32

oleaut32

pdh

kernel32

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 52KB - Virtual size: 710KB

.rsrc Size: 4KB - Virtual size: 720B

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 52KB - Virtual size: 710KB

.rsrc
Size: 4KB - Virtual size: 720B