ef0452b8e9c0723f3c9e294e7b92f641_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ef0452b8e9c0723f3c9e294e7b92f641_JaffaCakes118
Size

324KB
MD5

ef0452b8e9c0723f3c9e294e7b92f641
SHA1

a46377694ab4221a419431c64307f6712568ca06
SHA256

e8bdfd36c01572ba8a73aff2030c6ccb773e624d593f3bdb1476b92b7ccb56e4
SHA512

1938576d461688713916c170ef87ccf35d9a1b875c8a6108bf943aa7b30edb985fee4d1cc2f7dcebf96a03948634d62fdb21a4435c93dbf9d224ae1b8f57318d
SSDEEP

6144:/FGmWeqFpiE7FA/BqAfmjXvmT4SKz/tW1SpPONxS5oWrAl5dIYd:/FGmWmEazfKXOSgSpPOfSkr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef0452b8e9c0723f3c9e294e7b92f641_JaffaCakes118

Files

ef0452b8e9c0723f3c9e294e7b92f641_JaffaCakes118
.exe windows:4 windows x86 arch:x86

956563ed3dc7296d4c2b1f707b1e1195

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Run\Option.pdb

Imports

kernel32

LocalFree
GetLastError
Sleep
GetCommandLineA
GetVersionExW
lstrcpynW
lstrcatW
CreateEventA
ResetEvent
HeapReAlloc
HeapCreate
GetProcessHeap
DisableThreadLibraryCalls
FreeLibrary
GetOverlappedResult
SetEvent
WaitForSingleObjectEx
GetCommState
SetCommState
GetCommConfig
GetTickCount
GetCommModemStatus
GetSystemDirectoryA
ReadFile
SetEndOfFile
LocalAlloc
WriteFile
DeleteCriticalSection
lstrcatA
EnterCriticalSection
lstrcmpA
HeapFree
LeaveCriticalSection
HeapAlloc
lstrcpyA
InitializeCriticalSection
lstrlenA
EscapeCommFunction
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
lstrcpyW
GetDefaultCommConfigA
ClearCommError
ReadFileEx
SetCommTimeouts
ExitProcess
CompareStringA
GetTempPathA
OutputDebugStringW
OutputDebugStringA
CloseHandle
WaitForSingleObject
GetCurrentProcess
GlobalAlloc
MultiByteToWideChar
GetComputerNameW
GetCurrentThread
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
ExpandEnvironmentStringsW
GlobalFree
WideCharToMultiByte
CreateFileA
lstrlenW

user32

wvsprintfA
wsprintfA
UpdateWindow
CharPrevW
wsprintfW
GetParent
IsChild
LoadStringA

advapi32

RegOpenKeyW
QueryServiceStatus
OpenProcessToken
OpenThreadToken
RegCreateKeyExA
RegDeleteValueA
RegCreateKeyExW
RegEnumValueA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegSetValueExA
RegSetValueExW
RegDeleteValueW

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

msvcrt

malloc
free
isprint
isdigit
toupper
atol
strstr
wcslen

rpcrt4

RpcStringFreeW
RpcBindingFromStringBindingW
RpcStringBindingComposeW

ws2_32

WSALookupServiceNextW
WSALookupServiceBeginW

Sections

.text
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

956563ed3dc7296d4c2b1f707b1e1195

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

version

msvcrt

rpcrt4

ws2_32

Sections

.text Size: 120KB - Virtual size: 117KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 188KB - Virtual size: 186KB

.text
Size: 120KB - Virtual size: 117KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 188KB - Virtual size: 186KB