f62dd9ad2b95a4a77b4da42c01052a03_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f62dd9ad2b95a4a77b4da42c01052a03_JaffaCakes118
Size

90KB
MD5

f62dd9ad2b95a4a77b4da42c01052a03
SHA1

86327fcb0d23276da96c19512e610a71c796350b
SHA256

58d409bea05dd325ce5a2db1b46db3c9b8ee1cd495928fd5477a0f7e054231a7
SHA512

759c6aa3b5357dbdd9f0457796237877c8d48ef4b9d0b15f817c896c34d2595fa9d55887ca16b9ac7796841cc99cd4c33542169465b07915f019ec83b25a6a76
SSDEEP

1536:Co/VgEoI9VK6drQxS0QwhWSfaa1VpkTmDx4dqByfM:wEoIa6drwQwhxn1VpkTY4d/U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f62dd9ad2b95a4a77b4da42c01052a03_JaffaCakes118

Files

f62dd9ad2b95a4a77b4da42c01052a03_JaffaCakes118
.exe windows:4 windows x64 arch:x64

40268a789e0b5a57afcbe54518e7bd64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateThread
CreateEventA
lstrlenW
MultiByteToWideChar
GetModuleHandleA
GetModuleFileNameA
lstrcmpiA
LeaveCriticalSection
EnterCriticalSection
Sleep
GetCurrentThreadId
GetCommandLineA
FreeLibrary
GetSystemDirectoryA
GetSystemWow64DirectoryA
GetProcAddress
LoadLibraryExA
LoadLibraryA
GetStringTypeW
SetEvent
LCMapStringW
LCMapStringA
GetCPInfo
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
GetLastError
WideCharToMultiByte
__C_specific_handler
VirtualQuery
GetSystemInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
GetLocaleInfoA
SetUnhandledExceptionFilter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
WriteFile
ExitProcess
VirtualAlloc
VirtualProtect
GetVersionExA
WaitForSingleObject
GetStringTypeA
CloseHandle
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
GetProcessHeap
GetStartupInfoA
RaiseException
RtlPcToFileHeader
HeapSetInformation
HeapCreate

user32

PostThreadMessageA
GetMessageA
DispatchMessageA
CharUpperA
CharNextA
LoadStringA

advapi32

RegConnectRegistryA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyA
RegEnumKeyExA

shell32

SHGetSpecialFolderPathA

ole32

StringFromCLSID
CreateItemMoniker
CoInitialize
CoUninitialize
CoTaskMemFree
GetRunningObjectTable

oleaut32

SysFreeString
LoadRegTypeLi
SysStringLen
SysAllocStringLen
SysAllocString

rpcrt4

UuidFromStringA

atl

ord21
ord58
ord32
ord16
ord30

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vyigban
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

40268a789e0b5a57afcbe54518e7bd64

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

rpcrt4

atl

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 28KB - Virtual size: 29KB

vyigban Size: - Virtual size: 4KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 28KB - Virtual size: 29KB

vyigban
Size: - Virtual size: 4KB