c06f4e07398203d1191831e1998fe479_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c06f4e07398203d1191831e1998fe479_JaffaCakes118
Size

216KB
MD5

c06f4e07398203d1191831e1998fe479
SHA1

330983a80bcfb053425dc589b73da567a844cdd8
SHA256

4533579bcafcad1611183d7aa972ff65b748419ba69d04060d1fe75091a1817b
SHA512

575c2b563af3a8ec9a96b660ac019fd23fc0f260d59c39ac005338ced00a3737291b49a2f2be9687e6878214aae62a321cd6996ee7c8b5d7735e6b9bea09581b
SSDEEP

3072:/3Wb6dzePT+YqMzVhm/QU2Rxs268leatzfOGZ+Tbe:/Wb6RePXqMzTm4xRGn+fOG0G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c06f4e07398203d1191831e1998fe479_JaffaCakes118

Files

c06f4e07398203d1191831e1998fe479_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c92da6775650cd0fae49be275e583e31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Isymij\ufofo\otohe\Naheda\ejivaby\uto.pdb

Imports

dbghelp

SymEnumSymbols
SymUnloadModule
SymUnloadModule64
SymSetSearchPath
SymSetOptions
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymMatchString
SymMatchFileName
SymLoadModule
SymGetTypeInfo
EnumerateLoadedModules
FindDebugInfoFile
FindExecutableImage
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersionEx
MapDebugInformation
SearchTreeForFile
StackWalk
SymCleanup
UnmapDebugInformation
SymEnumTypes
SymEnumerateSymbols64
SymEnumerateSymbolsW64
SymEnumerateSymbolsW
SymFunctionTableAccess
SymGetLineFromAddr
SymGetLinePrev64
SymGetLinePrev
SymGetModuleInfo
SymGetOptions
SymGetSymFromAddr
SymGetSymFromName64
SymGetSymFromName
SymGetSymPrev

imagehlp

UpdateDebugInfoFileEx
UnMapAndLoad
MapFileAndCheckSumA
ImageLoad
ImageGetDigestStream
ImageEnumerateCertificates
BindImageEx

loadperf

SetServiceAsTrustedA
UpdatePerfNameFilesA

kernel32

CreateEventA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapSize
VirtualQuery
InterlockedExchange
RtlUnwind
GetCPInfo
GetOEMCP
GetACP
LoadLibraryA
IsBadWritePtr
HeapReAlloc
VirtualAlloc
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
GetCurrentProcess
TerminateProcess
GetProcAddress
ExitProcess
HeapAlloc
GetVersionExA
GetCommandLineA
GetStartupInfoA
WaitForSingleObject
SetEvent
GetFileAttributesA
CopyFileA
GetShortPathNameA
GetEnvironmentVariableA
WaitForMultipleObjects
InterlockedCompareExchange
InterlockedDecrement
RemoveDirectoryA
LocalFree
LocalAlloc
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
TlsAlloc
GetProfileStringW
ResetEvent

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 649KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c92da6775650cd0fae49be275e583e31

Headers

File Characteristics

PDB Paths

Imports

dbghelp

imagehlp

loadperf

kernel32

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 96KB - Virtual size: 94KB

.data Size: 56KB - Virtual size: 649KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 96KB - Virtual size: 94KB

.data
Size: 56KB - Virtual size: 649KB

.reloc
Size: 8KB - Virtual size: 6KB