c897ec8d06daab99bc2ecc2a5c8e4c62_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c897ec8d06daab99bc2ecc2a5c8e4c62_JaffaCakes118
Size

250KB
MD5

c897ec8d06daab99bc2ecc2a5c8e4c62
SHA1

b74a6ba6c6d842999750069611a5ef361af49106
SHA256

055678ece559e043b45a48a74ad5650515dadf49e72159f68a42a425c0bff8b7
SHA512

9e6ae79046813d6cefe7e5a462d922d6ad51bb596763ac4afcadebb85fb858d7b02b462774c13217c2070fa834ff7c67f52206c1382cbad067a12a867c74c42b
SSDEEP

6144:ogIU/63FJS4j1CcSUngTpKeT0Oa3LnPI3DJ3F:ogIUy3FJB5COgTBT9ALPIzdF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c897ec8d06daab99bc2ecc2a5c8e4c62_JaffaCakes118

Files

c897ec8d06daab99bc2ecc2a5c8e4c62_JaffaCakes118
.exe windows:4 windows x86 arch:x86

137bb303b8ff55a3656b5f5fb42d54b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetModuleFileNameExW

kernel32

WaitForSingleObject
CreateMutexW
SetEvent
WaitForMultipleObjects
GetVersionExW
OpenEventW
ExpandEnvironmentStringsW
DuplicateHandle
GetCurrentProcess
GetLocalTime
IsBadReadPtr
SetErrorMode
GetCurrentThreadId
CreateEventW
SearchPathW
GetComputerNameA
GetCurrentProcessId
FreeLibrary
Sleep
LoadLibraryW
GetLastError
GetModuleHandleW
InitializeCriticalSection
GetTickCount
CompareFileTime
GetLogicalDriveStringsW
GetStartupInfoA
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
CreateMutexA
GetProcAddress

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegisterServiceCtrlHandlerW
SetServiceStatus
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
GetUserNameA

dhcpsapi

DhcpAddServer
DhcpEnumMScopeClients
DhcpGetSuperScopeInfoV4
DhcpDeleteClientInfo
DhcpScanDatabase
DhcpGetOptionInfo
DhcpGetAllOptions
DhcpGetMScopeInfo
DhcpSetOptionInfo
DhcpSetServerBindingInfo
DhcpDeleteServer
DhcpRemoveOptionValueV5
DhcpServerSetConfigV4
DhcpGetClientInfoV4

avifil32

AVIFileReadData
AVIStreamWriteData
AVIStreamReadFormat
AVIStreamInfoW
DllCanUnloadNow

Sections

.icode
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 108KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.W
Size: 2KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 107KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

137bb303b8ff55a3656b5f5fb42d54b5

Headers

File Characteristics

Imports

psapi

kernel32

advapi32

dhcpsapi

avifil32

Sections

.icode Size: 9KB - Virtual size: 8KB

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 2KB - Virtual size: 20KB

.edata Size: 108KB - Virtual size: 116KB

.W Size: 2KB - Virtual size: 437KB

.data Size: 6KB - Virtual size: 104KB

.edata Size: 107KB - Virtual size: 131KB

.rsrc Size: 2KB - Virtual size: 1KB

.icode
Size: 9KB - Virtual size: 8KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 2KB - Virtual size: 20KB

.edata
Size: 108KB - Virtual size: 116KB

.W
Size: 2KB - Virtual size: 437KB

.data
Size: 6KB - Virtual size: 104KB

.edata
Size: 107KB - Virtual size: 131KB

.rsrc
Size: 2KB - Virtual size: 1KB