efda30e6d418b4f4cfb8f18934252e91_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

efda30e6d418b4f4cfb8f18934252e91_JaffaCakes118
Size

268KB
MD5

efda30e6d418b4f4cfb8f18934252e91
SHA1

42c6d026df7c1c1e1dfd853402f344862792961b
SHA256

4105e51e8f2df48d3cb69fcedef1b7609b8c6774195284840813ffc26a9cb402
SHA512

b376d1380ee76d2efe6eebb8cb4ac7dad26fb644fa561bf26f791fbcfdbdab7b175d65f432a93aa60fa2733383d2fe8e5f2dc35c7f5ec1d7493a1b4f3bcb6a1f
SSDEEP

6144:MJrdh5t6VFOKTGgd4bF5PUD4ifTxrXnoTBhYUpSxl8Q57Z/pL:srX5AVF/TGgdim4ifTxrXoTTyIQ57FpL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
efda30e6d418b4f4cfb8f18934252e91_JaffaCakes118

Files

efda30e6d418b4f4cfb8f18934252e91_JaffaCakes118
.exe windows:4 windows x86 arch:x86

05c062ca7dbd8873c358e533fdd77c95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AddAtomA
CheckRemoteDebuggerPresent
CloseHandle
CreateDirectoryA
CreateFileA
CreateMutexA
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindAtomA
FindResourceA
FreeLibrary
FreeResource
GetAtomNameA
GetConsoleWindow
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetTickCount
GetUserDefaultLangID
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
IsDebuggerPresent
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MoveFileExA
MultiByteToWideChar
OpenProcess
ReleaseMutex
ReleaseSemaphore
SetEndOfFile
SetLastError
SetUnhandledExceptionFilter
Sleep
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte

msvcrt

_write
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_beginthreadex
_cexit
_endthreadex
_errno
_flsbuf
_iob
_isctype
_onexit
_pctype
_setjmp
_setmode
_winmajor
abort
atexit
atof
calloc
exit
fclose
fflush
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
localeconv
longjmp
malloc
memcpy
printf
putchar
puts
realloc
signal
sscanf
strcpy
strerror
strlen
vfprintf
wcslen

ntdll

NtClose
NtFlushBuffersFile
NtQueryInformationFile
NtQueryInformationProcess
NtReadFile
NtSetInformationFile
NtWaitForSingleObject
NtWriteFile
atoi
memchr
memmove
sprintf
strchr
strcmp
strncmp
strncpy
strtoul
tolower

user32

CreateWindowExA
DefWindowProcA
DispatchMessageA
GetForegroundWindow
GetMessageA
GetRawInputData
IsWindowVisible
RegisterClassExA
RegisterRawInputDevices
SetForegroundWindow
TranslateMessage

version

VerQueryValueA

Sections

.__
Size: 163KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.__
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.__
Size: 30KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.__
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.__
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.__
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.__
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.__
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

05c062ca7dbd8873c358e533fdd77c95

Headers

File Characteristics

Imports

kernel32

msvcrt

ntdll

user32

version

Sections

.__ Size: 163KB - Virtual size: 164KB

.__ Size: 512B - Virtual size: 4KB

.__ Size: 30KB - Virtual size: 32KB

.__ Size: - Virtual size: 28KB

.__ Size: 4KB - Virtual size: 4KB

.__ Size: 512B - Virtual size: 4KB

.__ Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.__ Size: 9KB - Virtual size: 12KB

.rmnet Size: 56KB - Virtual size: 60KB

.__
Size: 163KB - Virtual size: 164KB

.__
Size: 512B - Virtual size: 4KB

.__
Size: 30KB - Virtual size: 32KB

.__
Size: - Virtual size: 28KB

.__
Size: 4KB - Virtual size: 4KB

.__
Size: 512B - Virtual size: 4KB

.__
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.__
Size: 9KB - Virtual size: 12KB

.rmnet
Size: 56KB - Virtual size: 60KB