bec6952a31fee7b111da393795e23524_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

bec6952a31fee7b111da393795e23524_JaffaCakes118
Size

584KB
MD5

bec6952a31fee7b111da393795e23524
SHA1

13bfa1452f73694e9c0a01201851bb5315993a2b
SHA256

06de7742591ebf82c828da1435102996aee63d97593301830d6be4cf51c19c2a
SHA512

5aa32e4ec66561dc6fcb070e1173d67d8dbb6316a37e72ba77f79d57e13042fb1c52e9506774f213e3fd8904849f60fb2625fb61f7ac7fa3568d3735fd5495e1
SSDEEP

12288:b+phx+2HHmXGMY8u3JTC+HJoM4SMCQrWD5u9xtwh/7PgJeYykvVq:b+N+MHqGMYJZ20ojSXQEiwh/7P0nvE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bec6952a31fee7b111da393795e23524_JaffaCakes118

Files

bec6952a31fee7b111da393795e23524_JaffaCakes118
.exe windows:5 windows x86 arch:x86

02045c355e4b40bdcc72adc82490513e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
lstrlenA
Sleep
GetComputerNameA
GetCurrentDirectoryA
SetEvent
GetEnvironmentStrings
GetModuleFileNameA
GetVersionExA
GetCurrentThread
GetModuleHandleW
VirtualAlloc
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
HeapReAlloc
IsBadWritePtr
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetEnvironmentVariableA

shell32

SHFileOperationW

secur32

RevertSecurityContext

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 273KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 261KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02045c355e4b40bdcc72adc82490513e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

secur32

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 273KB - Virtual size: 304KB

BSS Size: 261KB - Virtual size: 261KB

.rsrc Size: 512B - Virtual size: 144B

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 273KB - Virtual size: 304KB

BSS
Size: 261KB - Virtual size: 261KB

.rsrc
Size: 512B - Virtual size: 144B