c5d25323ff2485599bc5eb6646ea246e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c5d25323ff2485599bc5eb6646ea246e_JaffaCakes118
Size

335KB
MD5

c5d25323ff2485599bc5eb6646ea246e
SHA1

14066b1de7794e035f80aefd96b2a0ec48525e4a
SHA256

a95ce1288d1f507831a7c257d2ee148f8fffbe4690e2a8dc8d96ce4886e094a1
SHA512

71f3c0efb9139b41d21f8d190b1be3791da1e3e3610e15cc4ac193be1afd9200aac9663f9af62f885581d0128accff5c8b53076467f03a12db5cad7d5e8b00a1
SSDEEP

6144:nbaydxXqngWpKN+rbZnLrL2Mu1bUlhX0FZ9IhzM9oo6dWcB:nbDxXPWpKN+hjvoqhVUVa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c5d25323ff2485599bc5eb6646ea246e_JaffaCakes118

Files

c5d25323ff2485599bc5eb6646ea246e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

50b239cddfd8c29d4d8f70bf851a3a43

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\exploitdb\documents\visual studio 2013\Projects\LOOKOLIN\Release\LOOKOLIN.pdb

Imports

kernel32

GetThreadContext
CreateProcessW
VirtualFree
Sleep
GetModuleFileNameW
GetProcAddress
GetModuleHandleA
ResumeThread
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime

msvcp90

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z

msvcr90

exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
_ismbblead
__p__fmode
__set_app_type
_crt_debugger_hook
_except_handler4_common
?terminate@@YAXXZ
_invoke_watson
_controlfp_s
_XcptFilter
_exit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
isalnum
__p__commode
_cexit
__CxxFrameHandler3
memset

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50b239cddfd8c29d4d8f70bf851a3a43

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcp90

msvcr90

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 312KB - Virtual size: 312KB

.data Size: 512B - Virtual size: 936B

.rsrc Size: 1024B - Virtual size: 688B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 312KB - Virtual size: 312KB

.data
Size: 512B - Virtual size: 936B

.rsrc
Size: 1024B - Virtual size: 688B