c1968c1d35bbb712660dab04c20fc0e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c1968c1d35bbb712660dab04c20fc0e5_JaffaCakes118
Size

260KB
MD5

c1968c1d35bbb712660dab04c20fc0e5
SHA1

e9ec2cb2c300cf1a79ac636265b6aa5225891d3b
SHA256

0890763ea984f079762818c8b71b93006670b763336c273b7c0c4bd28fcf6599
SHA512

63181642f02f86230c2b0706517213c45beb2924dfa0a9e2071245637d1ce9f711a4ded00437451a4aeea395c399f130f8d76158081eb0afbc252e195ab9d4e9
SSDEEP

3072:IbZg75KjSQR4AP5PG9TvsUE1QqiGexMUf0HGPG3zKDd:Ib+75Kj14TkUuif3cknR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c1968c1d35bbb712660dab04c20fc0e5_JaffaCakes118

Files

c1968c1d35bbb712660dab04c20fc0e5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

50101eea4e4d6b7085ba47680b199cd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcpynA
LeaveCriticalSection
EnterCriticalSection
lstrcmpiA
lstrlenA
DeleteCriticalSection
LoadLibraryA
GetModuleHandleA
SearchPathA
GetModuleHandleW
GetProcAddress
LoadLibraryW
lstrcmpA
ExitProcess
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CreateFileA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
SetFilePointer
GetFileType
SetHandleCount
ReadFile
MultiByteToWideChar
CloseHandle
GetModuleFileNameA
GetStdHandle
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
Sleep
WriteFile

iphlpapi

RestoreMediaSense
GetIpStatistics
AddIPAddress

msi

ord194
ord232
ord264
ord40
ord109
ord84
ord204
ord111
ord129
ord70
ord262
ord38
ord168
ord37
ord10
ord8
ord209
ord81
ord227
ord256
ord67
ord213
ord211
ord16
ord88
ord243
ord156
ord93
ord43
ord174
ord252
ord241
ord224
ord15
ord266
ord274
ord192
ord195
ord238
ord215
ord223
ord217
ord169
ord214
ord203
ord253
ord14
ord219
ord45
ord82
ord268
ord208
ord108
ord218
ord7
ord44
ord89
ord225
ord257

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 192KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50101eea4e4d6b7085ba47680b199cd7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

iphlpapi

msi

Sections

.text Size: 54KB - Virtual size: 53KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 192KB - Virtual size: 198KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 54KB - Virtual size: 53KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 192KB - Virtual size: 198KB

.reloc
Size: 5KB - Virtual size: 4KB