bb7d57f118471826383bea3a1ee91a49_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bb7d57f118471826383bea3a1ee91a49_JaffaCakes118
Size

128KB
MD5

bb7d57f118471826383bea3a1ee91a49
SHA1

3fadda6364ba3c1407ef3cd5c8f1e4af6d9ebc09
SHA256

a2ed7676628f332f8118fcb38dca1d6f0fe206a8daee62b810b352e30fb729e8
SHA512

208cfcf3fce4a45b581ec978b773a3e82a135e39cb953575a56f3038acb990ff721998e688726456d3e573b9209d3b583812650ff78c8abb1323141968cae872
SSDEEP

3072:/F74BZPLtFd98jWHRv7r0ygmvEf8WEaAXm0lWP:hyPLndyOp0yL5UilW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bb7d57f118471826383bea3a1ee91a49_JaffaCakes118

Files

bb7d57f118471826383bea3a1ee91a49_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9a56725fd7c4269df82d962e3f3df88d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pdh

PdhOpenQueryA
PdhParseInstanceNameA
PdhOpenLogA
PdhMakeCounterPathA
PdhLookupPerfNameByIndexA
PdhLookupPerfIndexByNameA
PdhExpandWildCardPathHA
PdhExpandWildCardPathA
PdhFormatFromRawValue
PdhGetCounterInfoA
PdhGetCounterTimeBase
PdhGetDataSourceTimeRangeH
PdhGetDataSourceTimeRangeA
PdhGetDefaultPerfCounterHA
PdhGetDefaultPerfCounterA
PdhGetFormattedCounterArrayA
PdhGetFormattedCounterValue
PdhGetLogFileSize
PdhGetLogSetGUID
PdhGetRawCounterArrayA
PdhOpenQueryH
PdhParseCounterPathA
PdhGetRawCounterValue

sisbkup

SisFreeAllocatedMemory
SisRestoredCommonStoreFile
SisRestoredLink
SisCreateBackupStructure
SisFreeBackupStructure
SisCSFilesToBackupForLink

msvcrt

__dllonexit
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_strnicoll
malloc
free
realloc
exit
_onexit

kernel32

GetLocalTime
GetFileTime
GetProfileStringW
lstrlenA
GetWindowsDirectoryA
GetModuleHandleA
GetStartupInfoA
GetCurrentProcessId

Sections

.text
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.data
.debug0
.rdata
.reloc
.rsrc/MANIFEST/1
.xml
.rsrc/RCDATA/832
.text

Sharing

General

Malware Config

Signatures

Files

9a56725fd7c4269df82d962e3f3df88d

Headers

File Characteristics

Imports

pdh

sisbkup

msvcrt

kernel32

Sections

.text Size: 8KB - Virtual size: 6KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 48KB - Virtual size: 720KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 8KB - Virtual size: 6KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 48KB - Virtual size: 720KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 4KB