eb4c72c5d82142335c230eb4991c57e5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eb4c72c5d82142335c230eb4991c57e5_JaffaCakes118
Size

201KB
MD5

eb4c72c5d82142335c230eb4991c57e5
SHA1

07e29920a6c3ef51c21caa21cabf0d1dba95183c
SHA256

7dbd7913c8da967e42d276dca90aaff3725ea664f72e7a2de68750b430a3cc46
SHA512

17f38a0cc9836cb08b2c022af0bd28f6b4c5084afcd5bf46ceccc741f462854998421a9406b4d2cee4550ba2dd23baf41de2eb08b6705d74069de9b7ed35292b
SSDEEP

3072:OXhZRLDHMyddxDa1iR9KW2Z6UuH/Mh07p8v3CjiSsDzvi5/vN+bofLwnrOCe1kRL:OXVU1iRsW/lmfCjE6t+bojwnHeO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
eb4c72c5d82142335c230eb4991c57e5_JaffaCakes118

Files

eb4c72c5d82142335c230eb4991c57e5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f9be1ce1ba136051c847a23baae8caf4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetVolumeLabelA
lstrlenA
WritePrivateProfileStructA
GetNumberOfConsoleInputEvents
LoadLibraryExW
ReadConsoleA
InterlockedDecrement
CompareFileTime
GetUserDefaultLCID
InterlockedCompareExchange
OpenSemaphoreA
CallNamedPipeW
_lclose
GetProcessPriorityBoost
CreateNamedPipeW
GetSystemTimeAsFileTime
WriteFile
TlsSetValue
FindResourceExA
GlobalAlloc
Sleep
GetVersionExW
DeleteVolumeMountPointW
IsDBCSLeadByte
lstrcatA
SetThreadPriority
GlobalUnlock
DisconnectNamedPipe
DeactivateActCtx
CreateJobObjectA
GetLastError
GetProcAddress
GetTapeStatus
WriteProfileSectionA
IsValidCodePage
EnterCriticalSection
_hwrite
GetLocalTime
LoadLibraryA
WriteConsoleA
LocalAlloc
SetCurrentDirectoryW
SetFileApisToANSI
BeginUpdateResourceA
WaitForMultipleObjects
GetPrivateProfileSectionNamesA
GetOEMCP
EnumDateFormatsA
WaitCommEvent
GetModuleHandleA
GetCommTimeouts
FreeEnvironmentStringsW
LocalSize
lstrcpyA
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
TlsGetValue
TlsAlloc
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetACP
HeapSize
RtlUnwind
GetLocaleInfoA
HeapAlloc
VirtualAlloc
HeapReAlloc
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
RaiseException

Exports

Exports

_geek@8
_gekelberifin@8

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9be1ce1ba136051c847a23baae8caf4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 171KB - Virtual size: 170KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 5KB - Virtual size: 11.4MB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 171KB - Virtual size: 170KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 5KB - Virtual size: 11.4MB

.rsrc
Size: 15KB - Virtual size: 15KB