e1cb3f1e9f7678dc8208f5b158e787b0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e1cb3f1e9f7678dc8208f5b158e787b0_JaffaCakes118
Size

134KB
MD5

e1cb3f1e9f7678dc8208f5b158e787b0
SHA1

b69f723543d84c74f051ec0ae4016faba66a6ac6
SHA256

99897838355d5c88f36dcf5d9ddc92598bce0d5f4ed7c969397f341a03cc8981
SHA512

f0d54b0680ddea4ffc569471899ae9bb183d2f593d5730fe694b58f8ba9d83eef18d9f81adb0028e3c082af0f0631cb1fd6ac24d40a7ec285427bb74ed2667ee
SSDEEP

1536:8QBWQ4filr7rjxfMCtO/jgj0e7w5sw06IvpmLbbCHxmtxxFtitaZhGkt1c:jBWClrXVftOa0eCpFrhXt1c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e1cb3f1e9f7678dc8208f5b158e787b0_JaffaCakes118

Files

e1cb3f1e9f7678dc8208f5b158e787b0_JaffaCakes118
.dll windows:4 windows x86 arch:x86

59faa37fe26e4c0de57a9d353410544a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateThread
GetExitCodeThread
TerminateThread
CloseHandle
GetTickCount
GetCurrentProcess
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileA
WriteFile
MapViewOfFile
UnmapViewOfFile
OpenFileMappingA
ResetEvent
WaitForSingleObject
CreateEventW
SetEvent
ExitThread
GetCurrentProcessId
GetLastError
InterlockedIncrement
DebugBreak
ReleaseSemaphore
GetQueuedCompletionStatus
CreateSemaphoreW
PostQueuedCompletionStatus
WaitForSingleObjectEx
GetSystemInfo
CreateIoCompletionPort
WaitForMultipleObjectsEx
LoadLibraryA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
HeapDestroy
HeapAlloc
HeapCreate
GetProcAddress
WideCharToMultiByte
HeapFree
LoadLibraryW
InterlockedDecrement
TlsGetValue
FreeLibrary
TlsAlloc
TlsSetValue
TlsFree
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
RaiseException
RtlUnwind
GetModuleHandleA
SetLastError
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode

user32

CharLowerA
PostMessageW
UnregisterClassW
PostQuitMessage
GetMessageW
TranslateMessage
IsWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
DispatchMessageW
DestroyWindow

ws2_32

WSAGetLastError
WPUCompleteOverlappedRequest
WSCGetProviderPath
WSCEnumProtocols
WSASetLastError

psapi

GetModuleBaseNameA

Exports

Exports

GetLspGuid
WSPStartup

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59faa37fe26e4c0de57a9d353410544a

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

psapi

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 101KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 5KB - Virtual size: 12KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 102KB - Virtual size: 101KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 5KB - Virtual size: 12KB

.reloc
Size: 9KB - Virtual size: 8KB