b645e80e2403c138a5ee79c82e2783ef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b645e80e2403c138a5ee79c82e2783ef_JaffaCakes118
Size

219KB
MD5

b645e80e2403c138a5ee79c82e2783ef
SHA1

ca67c17cda2e5785c135cbe911076c3f19062abc
SHA256

a3d14adb657a6e2cee0c5c88adfb8270e512d1c10e6abfafee85dfd66ac8a919
SHA512

8b6d18ee6a5c9864f34720b76f4b7e449b39a486224427fc0c8bd27551a10f64cdf61c03dcefba27c4d6b1505978a31bc11910762877e3f1deb4fc8bfa927620
SSDEEP

6144:j2v1Y8r4+r1BsDFrgg9NfnKpSZRxjV86rJpEkkprlTafDcdK:jK1Y8rLKDPcWtntpHk1lTa7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b645e80e2403c138a5ee79c82e2783ef_JaffaCakes118

Files

b645e80e2403c138a5ee79c82e2783ef_JaffaCakes118
.dll windows:4 windows x86 arch:x86

65cd0d5b3712bbfc13a8c45bcce23461

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

DeleteCriticalSection
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

GetKeyboardType
MessageBoxA

advapi32

RegQueryValueExA

oleaut32

SysFreeString

gdi32

SetDIBColorTable

wsock32

WSACleanup

ws2_32

inet_addr

winmm

waveInUnprepareHeader

msacm32

acmStreamUnprepareHeader

shell32

ShellExecuteA

wininet

InternetReadFile

urlmon

URLDownloadToFileA

avicap32

capGetDriverDescriptionA

msvfw32

ICCompressorFree

imm32

ImmReleaseContext

Exports

Exports

MainService
MainWork
ServiceMain

Sections

CODE
Size: - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 2KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp2
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65cd0d5b3712bbfc13a8c45bcce23461

Headers

File Characteristics

Imports

kernel32

user32

advapi32

oleaut32

gdi32

wsock32

ws2_32

winmm

msacm32

shell32

wininet

urlmon

avicap32

msvfw32

imm32

Exports

Exports

Sections

CODE Size: - Virtual size: 118KB

DATA Size: - Virtual size: 7KB

BSS Size: - Virtual size: 2KB

.idata Size: - Virtual size: 6KB

.edata Size: - Virtual size: 116B

.vmp0 Size: - Virtual size: 6KB

.rsrc Size: 6KB - Virtual size: 8KB

.vmp1 Size: - Virtual size: 88KB

.vmp2 Size: 211KB - Virtual size: 210KB

.reloc Size: 512B - Virtual size: 192B

CODE
Size: - Virtual size: 118KB

DATA
Size: - Virtual size: 7KB

BSS
Size: - Virtual size: 2KB

.idata
Size: - Virtual size: 6KB

.edata
Size: - Virtual size: 116B

.vmp0
Size: - Virtual size: 6KB

.rsrc
Size: 6KB - Virtual size: 8KB

.vmp1
Size: - Virtual size: 88KB

.vmp2
Size: 211KB - Virtual size: 210KB

.reloc
Size: 512B - Virtual size: 192B