c6e52cfc9db15b7b36f24e661b1dbdb6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c6e52cfc9db15b7b36f24e661b1dbdb6_JaffaCakes118
Size

3.9MB
MD5

c6e52cfc9db15b7b36f24e661b1dbdb6
SHA1

ed6a2482b22a69c377c9be8986d14cca0e409c3b
SHA256

be341d866627afe5210691bb86622974f9f409b97fa9203110c2cd91356bda24
SHA512

1f9d42d193cae3329541f22fdff9fb3bd42cda50ac2c4b6c5e1aecf19b03460021e1ebcf5e7f662a6a8210cb019fcf8c3b908c84d3ee7052ce0021ec0a11de8d
SSDEEP

98304:ElNuNm1FnRxgJ8W5liso1rTckmeccx3CvAy9pkEXIvwR:EUNCFRdelizBczLy3MAy9pz4vw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c6e52cfc9db15b7b36f24e661b1dbdb6_JaffaCakes118

Files

c6e52cfc9db15b7b36f24e661b1dbdb6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b08b53ba13adfe764fcaf8fd36738ae9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadConsoleW
InitializeCriticalSection
AddRefActCtx
LoadLibraryW
GetConsoleWindow
SetConsoleMode
CreateActCtxA
GetOverlappedResult
lstrlenW
GetStringTypeExA
GetProcAddress
EnumCalendarInfoExW
WriteConsoleA
LocalAlloc
CreateEventW
QueryDosDeviceW
FindFirstChangeNotificationA
lstrcatW
UpdateResourceW
PurgeComm
EndUpdateResourceA
GetCurrentThread
GetTickCount
InterlockedCompareExchange
GetSystemWindowsDirectoryW
InterlockedIncrement
GetCPInfo
ResetEvent
EnumDateFormatsExW
InterlockedDecrement
Sleep
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleFileNameW
HeapValidate
IsBadReadPtr
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
GetLastError
CloseHandle
GetModuleHandleW
ExitProcess
GetModuleFileNameA
WriteFile
GetStdHandle
GetFileType
FlushFileBuffers
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
TlsGetValue
TlsSetValue
GetCurrentThreadId
SetLastError
HeapAlloc
HeapSize
HeapReAlloc
HeapFree
VirtualFree
VirtualAlloc
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
SetStdHandle
LoadLibraryA
GetConsoleOutputCP
MultiByteToWideChar
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
GetModuleHandleA

user32

GetCursor

advapi32

SetSecurityDescriptorDacl
RegSaveKeyW
OpenThreadToken
RegFlushKey

Exports

Exports

@dfyldfg@0

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b08b53ba13adfe764fcaf8fd36738ae9

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.data Size: 13KB - Virtual size: 5.1MB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.data
Size: 13KB - Virtual size: 5.1MB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 37KB - Virtual size: 36KB