b8ed4a537f44e20054c3301a994223f6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8ed4a537f44e20054c3301a994223f6_JaffaCakes118
Size

265KB
MD5

b8ed4a537f44e20054c3301a994223f6
SHA1

52a23bbd39c629fdbc54a8987f0030d7ee32c6a8
SHA256

10c739b959f667d4168e38194eb417f773f3c5953e7209bed79ebd2c9d48ba55
SHA512

7d3e016487c0234115b5472478574c598aaec8ebf7a76701ff40b2b9ebb969aa8fe8c18a596f8fbb24b42c130b38e2f863168ad39b3afabc1797df8cfb5cfd26
SSDEEP

6144:fzo6u2SxA3QPwFT36wOFmMoD0UZpPh/tOf/pIiQ:fs+wA3QMKw/MM0UZnUf/pj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8ed4a537f44e20054c3301a994223f6_JaffaCakes118

Files

b8ed4a537f44e20054c3301a994223f6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

23e819e0457e2d214e80d77820c2ce2e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Rob\Desktop\stuff\CrypterStubs\Cryption Basic - runpe\Release\Loader.pdb

Imports

psapi

GetModuleFileNameExW

kernel32

IsProcessorFeaturePresent
RtlUnwind
ResumeThread
SetThreadContext
VirtualAllocEx
WriteProcessMemory
GetProcAddress
GetModuleHandleW
CreateProcessW
GetStartupInfoW
GetCurrentProcess
GetCommandLineA
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
GetCurrentThread
HeapFree
HeapAlloc
RaiseException
HeapReAlloc
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
MultiByteToWideChar
GetStringTypeW
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
Sleep
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSize
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryW

Sections

.text
Size: 82KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.hao
Size: 97KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

23e819e0457e2d214e80d77820c2ce2e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

psapi

kernel32

Sections

.text Size: 82KB - Virtual size: 84KB

.rdata Size: 15KB - Virtual size: 16KB

.data Size: 3KB - Virtual size: 12KB

.rsrc Size: 62KB - Virtual size: 61KB

.reloc Size: 4KB - Virtual size: 8KB

.hao Size: 97KB - Virtual size: 100KB

.text
Size: 82KB - Virtual size: 84KB

.rdata
Size: 15KB - Virtual size: 16KB

.data
Size: 3KB - Virtual size: 12KB

.rsrc
Size: 62KB - Virtual size: 61KB

.reloc
Size: 4KB - Virtual size: 8KB

.hao
Size: 97KB - Virtual size: 100KB