bb35ae788d7b1d0262493de6eb1539ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bb35ae788d7b1d0262493de6eb1539ad_JaffaCakes118
Size

5.0MB
MD5

bb35ae788d7b1d0262493de6eb1539ad
SHA1

9a46dd011316a1cef9efa1967ecf480e592ea209
SHA256

dd20b92eab3df7ef4096031f489dd435753fb086549a011cbb6c37f27c11be2b
SHA512

4f8097da60b62b5a7ebaeded5910f76a89cecd6f8d3aa87ecdbbd64a175660ce0175fda70d94c9592c22cdef89ced9a5dc9890ac878de617eda0585643ed2309
SSDEEP

98304:zY5qdpdUYjyv6cnh+1cdbrDn9uzGfImtTttnvlbgLmzsxe0HK:z2qdpmfMmdbHnSOtTtVtUmzsLK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb35ae788d7b1d0262493de6eb1539ad_JaffaCakes118

Files

bb35ae788d7b1d0262493de6eb1539ad_JaffaCakes118
.exe windows:5 windows x64 arch:x64

4c3aa0d89512a05380301ca2eda65f21

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

DestroyWindow
RegisterClassExA
MsgWaitForMultipleObjects
TranslateMessage
UnregisterClassA
CreateWindowExA
PeekMessageA
DefWindowProcA
DispatchMessageA

advapi32

CreateProcessAsUserA

kernel32

HeapSize
GetLocaleInfoA
UnmapViewOfFile
FreeConsole
FreeLibrary
VirtualFree
OpenProcess
Thread32First
Thread32Next
GetLastError
SetLastError
GetProcAddress
VirtualAlloc
VirtualProtectEx
VirtualAllocEx
LoadLibraryA
OpenThread
CreateToolhelp32Snapshot
CloseHandle
WriteProcessMemory
ResumeThread
GetCurrentThreadId
CreateThread
CreateRemoteThread
GetModuleHandleA
GetThreadContext
SetThreadContext
ReadProcessMemory
CreateProcessA
TerminateProcess
CreatePipe
FindResourceA
GetModuleHandleExA
FindResourceExW
FindResourceW
LoadResource
LoadLibraryExW
GetModuleHandleExW
GetModuleHandleW
InitializeCriticalSection
FindResourceExA
WideCharToMultiByte
LoadLibraryW
SizeofResource
LeaveCriticalSection
GetModuleFileNameW
MultiByteToWideChar
EnterCriticalSection
LocalAlloc
GetModuleFileNameA
LoadLibraryExA
LocalFree
CreateFileA
GetNativeSystemInfo
lstrlenA
MapViewOfFile
HeapAlloc
HeapFree
GetProcessHeap
IsBadReadPtr
GetThreadLocale
RtlAddFunctionTable
CreateFileMappingA
VirtualProtect
GetCommandLineW
SetErrorMode
GetCurrentProcess
GetCommandLineA
GetStartupInfoA
Sleep
ExitProcess
HeapReAlloc
SetConsoleCtrlHandler
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlCaptureContext
WriteFile
GetStdHandle
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW

Exports

Exports

ReflectiveLoader

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 268KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xzdata
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4c3aa0d89512a05380301ca2eda65f21

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 107KB - Virtual size: 106KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 268KB - Virtual size: 272KB

.pdata Size: 3KB - Virtual size: 2KB

.xzdata Size: 4.6MB - Virtual size: 4.6MB

.text
Size: 107KB - Virtual size: 106KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 268KB - Virtual size: 272KB

.pdata
Size: 3KB - Virtual size: 2KB

.xzdata
Size: 4.6MB - Virtual size: 4.6MB