b6af3328ad30c934dcdaef9e3fb7b4ef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b6af3328ad30c934dcdaef9e3fb7b4ef_JaffaCakes118
Size

847KB
MD5

b6af3328ad30c934dcdaef9e3fb7b4ef
SHA1

4ffbd1d2e7ba3f22769eb00d311c8bc36dbe066e
SHA256

4f27c910d29a4bc703a6b004722d24d776c18d1aa3638bd470f637595bd2df01
SHA512

efd6177fbc582996a82b630d921afd550d7889a6cdbf59046fabc6d4c491dc638eb12d33cca7fb23bb5e5ebdeeaa9a2a2f36d3c2efd3663eb81d0a0ddb2273d8
SSDEEP

12288:9NS6fhoGWE59zu5fAQPWdMK3CCa5jj0rY16T+LDExjDgPla0MP7beRZd3SXDW7yz:91hsVnPWWOC30F+LDEWm7y/CXDF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b6af3328ad30c934dcdaef9e3fb7b4ef_JaffaCakes118

Files

b6af3328ad30c934dcdaef9e3fb7b4ef_JaffaCakes118
.exe windows:5 windows x86 arch:x86

170657a87e01540ca7e68370993d169f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlEnumerateGenericTableWithoutSplayingAvl
NtCreateEvent
RtlCompressBuffer
RtlSizeHeap
RtlNumberGenericTableElements
RtlUpcaseUnicodeToMultiByteN
_memccpy
NtStartProfile
NtWaitLowEventPair
NtSetIntervalProfile
NtCreateKey
ZwSetInformationKey
RtlSetUserFlagsHeap
ZwStopProfile
NtSetInformationFile
NtRestoreKey
RtlFindSetBitsAndClear
ZwMapUserPhysicalPagesScatter
ZwQuerySymbolicLinkObject
ZwQueryIoCompletion
ZwExtendSection
RtlxUnicodeStringToOemSize
ZwCreateProcessEx
RtlLengthRequiredSid

avifil32

AVIStreamWriteData
AVIFileExit
AVIFileInit
AVIStreamInfoA
AVIStreamStart
AVIStreamCreate
AVIFileReadData
AVISaveW
AVIStreamWrite
AVIStreamGetFrame
AVIStreamGetFrameClose
AVIFileInfoW
AVISaveA
AVIFileCreateStreamA
AVIStreamFindSample
AVIPutFileOnClipboard
AVIFileRelease

kernel32

LoadLibraryA
Process32Next
GetFileSizeEx
SetConsoleTitleW
VirtualProtectEx
GetNativeSystemInfo
HeapFree
FindAtomA
CreateMailslotW
lstrcpyW
GetVolumeNameForVolumeMountPointA
UpdateResourceA
GetConsoleAliasesLengthW
IsBadHugeReadPtr
CreateMutexW
DnsHostnameToComputerNameA
SleepEx
GetCPInfoExA
GetConsoleAliasExesLengthW
CompareStringA
MulDiv
GlobalGetAtomNameA
ReadConsoleOutputCharacterW
GetConsoleKeyboardLayoutNameA
HeapCompact
ReadFileScatter
GetConsoleNlsMode
IsValidCodePage
OpenEventA
GetConsoleCP
GetThreadTimes
LZCloseFile
OpenFileMappingA
LZOpenFileW
EscapeCommFunction
SetFilePointerEx
VirtualAlloc
OpenFile
SignalObjectAndWait
GetTickCount
LeaveCriticalSection
DeleteFileA
BaseInitAppcompatCacheSupport
LZCreateFileW

Sections

.text
Size: 749KB - Virtual size: 748KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

170657a87e01540ca7e68370993d169f

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

avifil32

kernel32

Sections

.text Size: 749KB - Virtual size: 748KB

.rdata Size: 91KB - Virtual size: 90KB

.data Size: 3KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 749KB - Virtual size: 748KB

.rdata
Size: 91KB - Virtual size: 90KB

.data
Size: 3KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB