ef35c4395e186a6b6da67cf95813b27d_JaffaCakes118

General

Target

ef35c4395e186a6b6da67cf95813b27d_JaffaCakes118
Size

9KB
MD5

ef35c4395e186a6b6da67cf95813b27d
SHA1

aecaccf20cdf64b3d941d7d51b56326bd47930cd
SHA256

c7b783fb471bb17b22d33f3d534424ebab1eeaa8f9de62c247eeb53f6e1436f1
SHA512

65ce53e941bf556a35a2773e34a9c0667087d889d0199a479b5724f54fd89406467a67bca8ff1128024cba22d6125e4d20486565bf5cbe79efd4d8a1965f8b89
SSDEEP

192:10L7JPZnQg/2nETq3RQxp70dYtSzrSVQ1JMfr:mL7JJ/e+q3RUp70dYtSHSV8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ef35c4395e186a6b6da67cf95813b27d_JaffaCakes118

Files

ef35c4395e186a6b6da67cf95813b27d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b5c57f5eb33b96277b160481012e942a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

libbu

bu_getopt
bu_optarg
bu_log
bu_optind
bu_rb_create1
bu_rb_uniq_on
bu_rb_walk
bu_rb_insert
bu_rb_curr
bu_badmagic
bu_free
bu_malloc
bu_exit

msvcr100

_fileno
fopen
__iob_func
sscanf
_amsg_exit
__getmainargs
_cexit
_isatty
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
fread
fprintf
_exit

kernel32

IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
SetUnhandledExceptionFilter
EncodePointer
HeapSetInformation
Sleep
InterlockedExchange
InterlockedCompareExchange

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5c57f5eb33b96277b160481012e942a

Headers

DLL Characteristics

File Characteristics

Imports

libbu

msvcr100

kernel32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 916B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1024B - Virtual size: 634B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 916B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1024B - Virtual size: 634B