f162d6eda27d3849739a23f500d26850_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f162d6eda27d3849739a23f500d26850_JaffaCakes118
Size

3.8MB
MD5

f162d6eda27d3849739a23f500d26850
SHA1

b71f1322292ec73c830b74de184165f1c87e9a33
SHA256

a9bc38284dccc4d1b1a6c71b046df80f839602b1f5d75cfb3d5b3e9dc673a05e
SHA512

9d3a57d7ac2b53b110bdb3babb403e19460ab43836e50a4c33d0b9eac3235809f5dc324307ecd7de37967f77869c55def3bf4b8b93e341faf378bfc7117cca63
SSDEEP

98304:xiL7xvXv+jV5Uctji3CzlgCe9wDP0BkKoTlHad9y:IxvXv+jrPWSGCIwd6b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f162d6eda27d3849739a23f500d26850_JaffaCakes118

Files

f162d6eda27d3849739a23f500d26850_JaffaCakes118
.exe windows:5 windows x86 arch:x86

13a71a6b7e0cfc4a80db84449920a480

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEndOfFile
BuildCommDCBAndTimeoutsA
InterlockedIncrement
GetCommState
ReadConsoleA
SetConsoleActiveScreenBuffer
GetProfileSectionA
CallNamedPipeW
LocalFlags
SetProcessPriorityBoost
GetPriorityClass
GlobalAlloc
LoadLibraryW
TerminateThread
GetBinaryTypeA
lstrcatA
lstrlenW
FindNextVolumeMountPointW
DisconnectNamedPipe
RaiseException
CreateJobObjectA
SetCurrentDirectoryA
GetStdHandle
FreeLibraryAndExitThread
SetLastError
GetProcAddress
CopyFileA
EnterCriticalSection
GetLocalTime
LoadLibraryA
FindAtomA
GetPrivateProfileStructA
GetTapeParameters
WaitForMultipleObjects
SetEnvironmentVariableA
GetOEMCP
CreateMutexA
EnumResourceNamesA
RequestWakeupLatency
GetCurrentDirectoryA
OpenSemaphoreW
lstrcpyW
AreFileApisANSI
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
HeapValidate
IsBadReadPtr
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
GetLastError
DebugBreak
WriteFile
OutputDebugStringA
WriteConsoleW
GetFileType
OutputDebugStringW
GetModuleFileNameA
GetACP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
HeapDestroy
HeapCreate
HeapFree
VirtualFree
FlushFileBuffers
GetConsoleCP
GetConsoleMode
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
SetFilePointer
CloseHandle
CreateFileA

winhttp

WinHttpCloseHandle

Exports

Exports

_asdga@4
_weewgg@8
_wsefwrgwrg@4
_ydtiuiei7@8

Sections

.text
Size: 3.8MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 39.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

13a71a6b7e0cfc4a80db84449920a480

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winhttp

Exports

Exports

Sections

.text Size: 3.8MB - Virtual size: 3.8MB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 7KB - Virtual size: 39.5MB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 3.8MB - Virtual size: 3.8MB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 7KB - Virtual size: 39.5MB

.rsrc
Size: 14KB - Virtual size: 14KB