c42d4d0aa21082e56b760a0917f8ccfe_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c42d4d0aa21082e56b760a0917f8ccfe_JaffaCakes118
Size

213KB
MD5

c42d4d0aa21082e56b760a0917f8ccfe
SHA1

1345f5bd1681ef0b492ce874a9bd0cfe6fad8cc2
SHA256

42a77b674f05ef1f33b397bbc7900e54de8b319c319cba9ca453bfa8e18899a6
SHA512

283899adf08f7aec8794dfb768f90a84181716e90d8725c696a93b61e82804be4af5ee795117d5484a789a9c4e4c0e9bc4e9ad4789b0403398f19deef0ce35ca
SSDEEP

3072:9NORKiBLRDM0duHhpPmkiMRbZUXH04YnmElhUDP+gWu/61bRdN4xaP5:bJiBI0zMdUXnzUhUDPfLudN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c42d4d0aa21082e56b760a0917f8ccfe_JaffaCakes118

Files

c42d4d0aa21082e56b760a0917f8ccfe_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1a19877f6a8abc8ec99f7d7d9ba94dbc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\timawiyewiyuw53 xog-pog.pdb

Imports

kernel32

TerminateProcess
SetProcessPriorityBoost
GetLastError
DebugActiveProcessStop
LockFile
CloseHandle
GetHandleInformation
GetTickCount
SetProcessWorkingSetSize
lstrlenA
GetFileAttributesExW
WTSGetActiveConsoleSessionId
GetNumberFormatA
PeekConsoleInputW
WriteConsoleW
SetFilePointerEx
SetStdHandle
VirtualProtect
GlobalAlloc
lstrcpynA
GetProcAddress
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
OutputDebugStringW
HeapReAlloc
GetCPInfo
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineW
IsProcessorFeaturePresent
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsDebuggerPresent
SetLastError
GetCurrentThreadId
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
CreateFileW

user32

GetPropW
CharToOemBuffA

gdi32

PaintRgn
DescribePixelFormat
UpdateColors

winhttp

WinHttpCrackUrl
WinHttpCloseHandle
WinHttpOpen
WinHttpQueryDataAvailable

msimg32

GradientFill

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1a19877f6a8abc8ec99f7d7d9ba94dbc

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winhttp

msimg32

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 113KB - Virtual size: 113KB

.data Size: 5KB - Virtual size: 461KB

.rsrc Size: 27KB - Virtual size: 27KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 113KB - Virtual size: 113KB

.data
Size: 5KB - Virtual size: 461KB

.rsrc
Size: 27KB - Virtual size: 27KB

.reloc
Size: 5KB - Virtual size: 4KB