d1c6dbb3436f9eeb0b358bba2df42ec4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d1c6dbb3436f9eeb0b358bba2df42ec4_JaffaCakes118
Size

697KB
MD5

d1c6dbb3436f9eeb0b358bba2df42ec4
SHA1

ebae489645b984b7f38f5608b3a86680e9f014cd
SHA256

05b644656378330614e5edb705a0cbc93c98ee7940864d48c8e5bb8a73599ab6
SHA512

053abc7f2d0b95f012675d6a7295c44634eaba04fabf30638951dfa995a06555019381d475a9c5aa54e75daca0f33684c410a8e2c3f7e202ed8820f547c20775
SSDEEP

12288:HOKLaeVlr1JGDb1scd6SNouvXM1otw+qItSRkEqe+bOD5W+bPgUDuUAzsqnu+Yu8:l9tcd6SNoy81yw+OwOD0yPgQos+uTx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d1c6dbb3436f9eeb0b358bba2df42ec4_JaffaCakes118

Files

d1c6dbb3436f9eeb0b358bba2df42ec4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

58a050b0964abb8c970b146dccb38276

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\Project\Utilities\Dongle3\Dongle Utilities\Release\GenUpdate.pdb

Imports

kernel32

CloseHandle
DeviceIoControl
LocalFree
CreateFileA
LocalAlloc
FormatMessageA
GetLastError
GetVolumeInformationA
GetEnvironmentVariableA
FreeLibrary
GetProcAddress
LoadLibraryA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InterlockedCompareExchange
InitializeCriticalSection
Sleep
TlsSetValue
TlsGetValue
TlsAlloc
SystemTimeToFileTime
GetSystemTime
FileTimeToSystemTime
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
TlsFree
GetModuleHandleA
ReadFile
WriteFile
GetFileSize
FindClose
GetLocalTime
GetVersion
SetErrorMode
FindFirstFileA
FindNextFileA
GetModuleFileNameA
WaitForSingleObject
CreateMutexA
ReleaseMutex
InterlockedDecrement
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
SearchPathA
CreateSemaphoreA
OpenSemaphoreA
ReleaseSemaphore
InterlockedIncrement
SetConsoleMode
ReadConsoleInputA
FlushFileBuffers
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
GetCommandLineA
WideCharToMultiByte
GetTimeZoneInformation
SetLastError
RaiseException
GetStdHandle
InterlockedExchange
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCPInfo
VirtualAlloc
RtlUnwind
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
HeapSize
GetLocaleInfoW
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA

user32

GetForegroundWindow
ShowWindow
MessageBoxW

Sections

.text
Size: 567KB - Virtual size: 567KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58a050b0964abb8c970b146dccb38276

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 567KB - Virtual size: 567KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 76KB - Virtual size: 1.2MB

.rsrc Size: 512B - Virtual size: 436B

.text
Size: 567KB - Virtual size: 567KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 76KB - Virtual size: 1.2MB

.rsrc
Size: 512B - Virtual size: 436B