c8d5dcc5891c843fac6ac7ffb497bcf2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c8d5dcc5891c843fac6ac7ffb497bcf2_JaffaCakes118
Size

1.3MB
MD5

c8d5dcc5891c843fac6ac7ffb497bcf2
SHA1

76d192564405b7843166a04492bf02744774f499
SHA256

f5e52aebf0c21e2c1b159e5970baa64ef010bf35b611c5002ae255a955240d6c
SHA512

f1294ad57620ffe2975cbf3ce866c078011051cff99d7b105216ca6ab7ab6f10f0011908e96f0465f4ee081e589ea953ed01601b4e0ba0573843ac67228ef0a8
SSDEEP

24576:AzLXBnUMV3+FiBT9fe0rM5l4s3Yice16zXtK7txL2uHDu2ccO:AzLXBnUMV3+FiBTZe0rM5lLYicRXtiXu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8d5dcc5891c843fac6ac7ffb497bcf2_JaffaCakes118

Files

c8d5dcc5891c843fac6ac7ffb497bcf2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d368c9b6651037436cea43c215714803

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileW
GetLastError
Module32NextW
HeapReAlloc
VirtualQuery
FindFirstFileW
GetModuleFileNameW
GetLongPathNameW
FindClose
Sleep
GetVersionExW
SleepEx
GetTickCount
ReleaseMutex
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleA
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
RtlUnwind
OutputDebugStringA
LoadLibraryA
GetSystemTimeAsFileTime
SetLastError
GetCurrentProcess
HeapAlloc
FreeLibrary
GetProcAddress
LoadLibraryW
GetModuleHandleW
ExitProcess
SetUnhandledExceptionFilter
InterlockedExchange
InterlockedCompareExchange

user32

GetWindowThreadProcessId
EnumChildWindows
GetClassNameW
GetWindowTextW
PostMessageW
SwitchToThisWindow
MessageBoxW

advapi32

FreeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegOpenKeyExW
CheckTokenMembership

shell32

ShellExecuteExW

msvcrt

_stricmp
free
realloc
wcsncmp
rand
srand
_time64
_wcsicmp
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABQBD@Z
??0exception@@QAE@ABV0@@Z
malloc
wcsstr
_beginthreadex
_CxxThrowException
_callnewh
memset
memcpy
memmove
??1type_info@@UAE@XZ
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_amsg_exit
__setusermatherr
__p__commode
__p__fmode
__set_app_type
_unlock
__dllonexit
_lock
_onexit
mbtowc
__mb_cur_max
isleadbyte
_iob
_snprintf
_itoa
wctomb
ferror
_controlfp
__badioinfo
__pioinfo
_fileno
_lseeki64
_write
_isatty
_wcslwr
_errno
__CxxFrameHandler
?terminate@@YAXXZ

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d368c9b6651037436cea43c215714803

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcrt

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 97KB - Virtual size: 97KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 97KB - Virtual size: 97KB

.reloc
Size: 8KB - Virtual size: 8KB