bd8d12dcc31a003ee9169088061dfea8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bd8d12dcc31a003ee9169088061dfea8_JaffaCakes118
Size

153KB
MD5

bd8d12dcc31a003ee9169088061dfea8
SHA1

636dfcdf7a48d84241be6bb463711a6931eebed3
SHA256

8e7b8582e8b53563ec38888812b143e38e7c84316691e35614a441ffbf3e7540
SHA512

6402e08fb22027df5d7c84ed55dbb1cd648d68c730ae12b355db10a9e25adc4b9e0e14ea88e7182f0b3d2aece65f3d19c1fa894b8667507298c573084c760122
SSDEEP

3072:vlhTufPd5UeZI+46kernNhbvB7qmv5Y+jGIAhpvRG:vlMfPTemrXbJ7qI5Y9J5R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd8d12dcc31a003ee9169088061dfea8_JaffaCakes118

Files

bd8d12dcc31a003ee9169088061dfea8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bdb98856b649aba6449ad8fab0e7e4b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
GetProcessAffinityMask
SetProcessAffinityMask
GetProcessIoCounters
SetProcessWorkingSetSize
GetCurrentProcessId
TerminateProcess
GetLastError
CloseHandle
DuplicateHandle
SetHandleInformation
CompareFileTime
lstrcpyA
lstrcpyW
GlobalMemoryStatus
GetTempPathA
GetCPInfo
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
OutputDebugStringW
HeapReAlloc
GetOEMCP
GetACP
IsValidCodePage
LoadLibraryW
GetProcAddress
LoadLibraryExW
LeaveCriticalSection
EnterCriticalSection
EncodePointer
DecodePointer
IsProcessorFeaturePresent
RaiseException
RtlUnwind
GetCommandLineA
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsDebuggerPresent
SetLastError
GetCurrentThreadId
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
WriteFile
GetModuleFileNameW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
CreateFileW

user32

BeginPaint
EndPaint
ReleaseDC
GetDC
PostMessageW
CopyImage
LoadImageW
DestroyIcon
GetPropW
SetPropA
ShowScrollBar

gdi32

GetMapMode

shell32

ShellExecuteW

winhttp

WinHttpOpen
WinHttpCloseHandle
WinHttpWriteData
WinHttpQueryOption
WinHttpCreateUrl

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 63KB - Virtual size: 348KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mysec
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bdb98856b649aba6449ad8fab0e7e4b0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

winhttp

Sections

.text Size: 52KB - Virtual size: 52KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 63KB - Virtual size: 348KB

.mysec Size: 1024B - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 52KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 63KB - Virtual size: 348KB

.mysec
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 4KB