c0bf9dbb61c1496e8da0388b91aa65c6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c0bf9dbb61c1496e8da0388b91aa65c6_JaffaCakes118
Size

273KB
MD5

c0bf9dbb61c1496e8da0388b91aa65c6
SHA1

ed966dfc99e1fb83600d7e16eaeb7e3e38de4e42
SHA256

6495dfaafc85be20e29e616027b378e91f95b8a6cb64e5ae6cd8ff03ab2b0818
SHA512

23dfbae232437a44b634664bb2fdeca1474ef2bf940931a33c4cb2a329dc37e1386d793fd096384437ac7805bfcdcb63943ab6deb00521ac595e94fdaf84527b
SSDEEP

6144:LsBFm+fWQX6VpYlaC0H2FLaOyaeYeflemO+r4RmdT3hl/FTYSkN1:0rfWVWlngwLaFaZef1r4RYRl/Nj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0bf9dbb61c1496e8da0388b91aa65c6_JaffaCakes118

Files

c0bf9dbb61c1496e8da0388b91aa65c6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f3ad8c1d2d1b3f683bc0c68e3cb54257

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysFreeString

ole32

CoCreateGuid
StringFromCLSID
CoGetMalloc
CoTaskMemFree

kernel32

DeleteCriticalSection
GetTimeZoneInformation
CloseHandle
GetModuleHandleW
VirtualQuery
CopyFileW
TlsFree
WaitForSingleObject
UnhandledExceptionFilter
FormatMessageW
ReadFile
WTSGetActiveConsoleSessionId
GetProcessHeap
GetTempPathW
InitializeCriticalSectionAndSpinCount
SetLastError
TlsAlloc
OpenProcess
DisableThreadLibraryCalls
DeviceIoControl
LoadLibraryExW
FindFirstFileW
CreateFileW
OpenThread
SetProcessAffinityMask
GetTempFileNameW
LeaveCriticalSection
LoadResource
TlsGetValue
LockResource
DeleteFileW
IsDebuggerPresent
CreateFileMappingW
FindResourceW
RaiseException
UnmapViewOfFile
QueryDosDeviceW
OutputDebugStringW
HeapFree
HeapSize
LocalAlloc
SizeofResource
GetSystemInfo
HeapAlloc
FreeLibrary
GetSystemTimeAsFileTime
EnterCriticalSection
GetVolumeInformationW
HeapDestroy
GetDriveTypeW
GetCurrentThreadId
GetProcessAffinityMask
IsBadStringPtrW
SetFileAttributesW
GetFileSize
SystemTimeToFileTime
TlsSetValue
MapViewOfFile
lstrlenW
ExpandEnvironmentStringsW
FindCloseChangeNotification
GetSystemTime
FindResourceExW
FindClose
FindFirstChangeNotificationW
GetThreadPriority
FileTimeToSystemTime
GetUserDefaultUILanguage
FindNextChangeNotification
LocalFree
WideCharToMultiByte
GetShortPathNameW
SetUnhandledExceptionFilter
SetThreadPriority
GetLogicalDrives
TryEnterCriticalSection
HeapReAlloc
GetFileAttributesExW
FindNextFileW
GetVersion
VirtualAllocEx

user32

MsgWaitForMultipleObjects
DispatchMessageA
IsWindowUnicode
DispatchMessageW
GetDesktopWindow
GetMessageA
PeekMessageW
GetSystemMetrics
TranslateMessage
GetMessageW

dbghelp

MakeSureDirectoryPathExists
SymRegisterFunctionEntryCallback64
SymLoadModule64
WinDbgExtensionDllInit
DbgHelpCreateUserDump
SymGetLineFromName
SymGetModuleBase64
SymLoadModule
SymEnumerateSymbolsW64
ImageRvaToVa
SymUnloadModule64
SymGetTypeFromName

dfsshlex

DllCanUnloadNow
DllUnregisterServer

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.TmyIJuZ
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pLeW
Size: 1024B - Virtual size: 631B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ODkL
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iFtr
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sVZxM
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.XSZcc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.NaKWH
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ghVZOjc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ueYo
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f3ad8c1d2d1b3f683bc0c68e3cb54257

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

ole32

kernel32

user32

dbghelp

dfsshlex

Sections

.text Size: 94KB - Virtual size: 94KB

.TmyIJuZ Size: 2KB - Virtual size: 2KB

.pLeW Size: 1024B - Virtual size: 631B

.ODkL Size: 4KB - Virtual size: 3KB

.data Size: 7KB - Virtual size: 34KB

.iFtr Size: 4KB - Virtual size: 4KB

.rdata Size: 130KB - Virtual size: 130KB

.sVZxM Size: 3KB - Virtual size: 3KB

.XSZcc Size: 2KB - Virtual size: 1KB

.rsrc Size: 17KB - Virtual size: 17KB

.NaKWH Size: 2KB - Virtual size: 2KB

.ghVZOjc Size: 2KB - Virtual size: 1KB

.ueYo Size: 512B - Virtual size: 436B

.text
Size: 94KB - Virtual size: 94KB

.TmyIJuZ
Size: 2KB - Virtual size: 2KB

.pLeW
Size: 1024B - Virtual size: 631B

.ODkL
Size: 4KB - Virtual size: 3KB

.data
Size: 7KB - Virtual size: 34KB

.iFtr
Size: 4KB - Virtual size: 4KB

.rdata
Size: 130KB - Virtual size: 130KB

.sVZxM
Size: 3KB - Virtual size: 3KB

.XSZcc
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 17KB - Virtual size: 17KB

.NaKWH
Size: 2KB - Virtual size: 2KB

.ghVZOjc
Size: 2KB - Virtual size: 1KB

.ueYo
Size: 512B - Virtual size: 436B