d6cf7c7b09191b2f1cedc6de5378e597_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6cf7c7b09191b2f1cedc6de5378e597_JaffaCakes118
Size

351KB
MD5

d6cf7c7b09191b2f1cedc6de5378e597
SHA1

f2db3cf4798b0d4ba16c3362f5d4a6df65226169
SHA256

018324eb61c4d436b7c1d1dd0c305d900112dee98ade8d8844d19f2b5ece785f
SHA512

a124a0ad8738a4bdea91123268e16c33b3ed85270d5c2ac46668ae18319473394619e5dc15cf8da8f4ff376beee651e507cd170b0ac591536f06de4d3b28a7cb
SSDEEP

6144:Y+Rvg216cHRoSrSxdLrJ0NPabD+P/SMXPVA84zKXq6eMfQrCleJVfoN9Nez:FRvg216ckxdL109ab6ngNzKXq6f6fo3E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6cf7c7b09191b2f1cedc6de5378e597_JaffaCakes118

Files

d6cf7c7b09191b2f1cedc6de5378e597_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4297e717ea89f54da2d691c2e6d047e3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

ntdll

NtInitiatePowerAction
RtlUnwind
RtlCreateUserThread

msvcrt

setbuf
free
malloc
_adjust_fdiv

user32

wvsprintfA
DrawFrame

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
ExitProcess
GetModuleHandleA
GetCurrentThreadId
SetLastError
LocalFree
GetTickCount
CloseHandle
DisableThreadLibraryCalls
ReleaseSemaphore
GetCurrentProcess
OutputDebugStringA
InterlockedCompareExchange
OpenSemaphoreW
LocalAlloc
WaitForSingleObject
GetProcAddress
QueryPerformanceCounter
LoadLibraryA
InterlockedPushEntrySList
SetUnhandledExceptionFilter
GetLastError
lstrlenW
GetCurrentThread

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegDeleteKeyW
TraceEventInstance
RegOpenCurrentUser

Sections

.text
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 512B - Virtual size: 54B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4297e717ea89f54da2d691c2e6d047e3

Headers

File Characteristics

Imports

ntdll

msvcrt

user32

kernel32

advapi32

Sections

.text Size: 73KB - Virtual size: 76KB

.data Size: 152KB - Virtual size: 151KB

.rdata Size: 110KB - Virtual size: 109KB

.bss Size: - Virtual size: 12KB

.idata Size: 1KB - Virtual size: 1KB

.crt Size: 512B - Virtual size: 54B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 73KB - Virtual size: 76KB

.data
Size: 152KB - Virtual size: 151KB

.rdata
Size: 110KB - Virtual size: 109KB

.bss
Size: - Virtual size: 12KB

.idata
Size: 1KB - Virtual size: 1KB

.crt
Size: 512B - Virtual size: 54B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 12KB - Virtual size: 11KB