c11a0ce49de24acde5864f134c0c27ef_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c11a0ce49de24acde5864f134c0c27ef_JaffaCakes118
Size

5.8MB
MD5

c11a0ce49de24acde5864f134c0c27ef
SHA1

3e0929bd99a3e8bb24f387cf8f42a3df89fbc7ae
SHA256

44a8b72ebc691c91dfd7e44eea0774ffa28ae165eed5e4f9bce93ac4c018c479
SHA512

1a7c4c08e28021ef3245cc74e72ef4f884b777d59f484c2b4ae99eff5e0dbdeb0cde8ade644f2657cf5e73de1bd75196692208ad5b86f62a695d3ee49d03179c
SSDEEP

49152:T2xxgvcmaY29poqMLY7cT5jp/E1FGL2lXaqxQtTgW7JhmU:TAgkmaYAuc65jp2FGL2lXa1fjb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c11a0ce49de24acde5864f134c0c27ef_JaffaCakes118

Files

c11a0ce49de24acde5864f134c0c27ef_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9f843e17f598a0b028e8b6b9dc111066

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
CreateDirectoryA
GetModuleFileNameA
GetLocalTime
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetCommandLineA
GetVersion
IsBadWritePtr
IsBadReadPtr
HeapValidate
DebugBreak
GetStdHandle
WriteFile
OutputDebugStringA
ExitProcess
TerminateProcess
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
Sleep
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetCurrentThread
CloseHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapReAlloc
VirtualAlloc
SetConsoleCtrlHandler
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetUnhandledExceptionFilter
IsBadCodePtr
UnhandledExceptionFilter
SetStdHandle
FlushFileBuffers
CreateFileA
SetFilePointer
SetEndOfFile
ReadFile
SetEnvironmentVariableA

shell32

SHGetSpecialFolderPathA

shlwapi

PathIsDirectoryA

Exports

Exports

GetCoreFunctions
ScanMain

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 324KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f843e17f598a0b028e8b6b9dc111066

Headers

File Characteristics

Imports

kernel32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 3.4MB - Virtual size: 3.4MB

.rdata Size: 1.9MB - Virtual size: 1.9MB

.data Size: 324KB - Virtual size: 331KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 128KB - Virtual size: 124KB

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 1.9MB - Virtual size: 1.9MB

.data
Size: 324KB - Virtual size: 331KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 128KB - Virtual size: 124KB