bc8364dad1d63454d47d3c0875600de3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bc8364dad1d63454d47d3c0875600de3_JaffaCakes118
Size

20KB
MD5

bc8364dad1d63454d47d3c0875600de3
SHA1

2c0c591008c494b71dd163377b210a85fc0cbe4e
SHA256

390745f1abdbc203f9c7cf675e8f54ceb76064d058e564e8998747d07a0b34c2
SHA512

45d80ed6be2a0ae20c3870c32f6c544c8a5b1a9d2a6919dad4b34f3a3b9621297b5db1cd1bd9aa0e678a9212618d9bb9f5519734d4472ae695ba70f91ad7e3d0
SSDEEP

384:R0sSqPCV/2GG2cDpVWidgHByIg2m23aAHBAsp4iSgLWkJ4T0rv3O1hyCiuV9m:es7qV/2GG2MWxHByf2H3Erg/4TSG10T

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/demo.2
unpack001/killatom/killatom.exe

Files

bc8364dad1d63454d47d3c0875600de3_JaffaCakes118
.zip
FILE_ID.DIZ
FIO.INC
IMPORT.ASH
MACROS.ASH
MEMORY.INC
PE.ASH
WIN32API.ASH
dee/DEE.ASH
dee/dee.inc
demo.2
.exe windows:1 windows x86 arch:x86

98c88d882f01a3f6ac1e5f7dfd761624

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

ExitProcess

user32

MessageBoxA

Sections

CODE
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
demo.asm
import.inc
ipc.inc
killatom/killatom.c
killatom/killatom.exe
.exe windows:1 windows x86 arch:x86

9234eb547bd8a975d0475b2e1a3c96ba

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetModuleHandleA
GlobalDeleteAtom
GlobalFindAtomA
LocalAlloc
LocalFree
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue

cw3230

@_CatchCleanup$qv
@__lockDebuggerData$qv
@__unlockDebuggerData$qv
__ExceptionHandler
___debuggerDisableTerminateCallback
__argc
__argv
__exitargv
__flushall
__setargv
__startup
_abort
_memcpy
_printf

Exports

Exports

__DebuggerHookData
__GetExceptDLLinfo
___CPPdebugHook

Sections

.text
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ldizx/LDIZX.ASH
ldizx/ldizx.inc
make.bat
rnd.inc
search.inc
system.inc

Sharing

General

Malware Config

Signatures

Files

98c88d882f01a3f6ac1e5f7dfd761624

Headers

File Characteristics

Imports

kernel32

user32

Sections

CODE Size: 3KB - Virtual size: 4KB

DATA Size: 512B - Virtual size: 4KB

.idata Size: 512B - Virtual size: 4KB

9234eb547bd8a975d0475b2e1a3c96ba

Headers

File Characteristics

Imports

kernel32

cw3230

Exports

Exports

Sections

.text Size: 1KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 4KB

.tls Size: 512B - Virtual size: 4KB

.rdata Size: 512B - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

CODE
Size: 3KB - Virtual size: 4KB

DATA
Size: 512B - Virtual size: 4KB

.idata
Size: 512B - Virtual size: 4KB

.text
Size: 1KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 4KB

.rdata
Size: 512B - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB