ff6b0583b45f418445c054c054953e22_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ff6b0583b45f418445c054c054953e22_JaffaCakes118
Size

922KB
MD5

ff6b0583b45f418445c054c054953e22
SHA1

dd63264875a0f5f9255bb5c0d1d1e20d6aaff282
SHA256

c29ebe42dfe7703c905f775263c5c1f2668e5c36d1ceabf4544851b1c877636c
SHA512

8a512b4000dfe6b7657e1f5bb521ecf8fd40e1c7b7cfdadb84ba927044d82fa1d97db0b97461be00b96cc8077d1814f95e25b38b503ace8bda8ee15008362609
SSDEEP

24576:6D2RhZw5fO1EuBKMpoEh7mdZfvghR6sAStxvwsK61FSQ7OCDhzkhc9t:ELW25M1h7oBvmRzj4rMOCOhA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff6b0583b45f418445c054c054953e22_JaffaCakes118

Files

ff6b0583b45f418445c054c054953e22_JaffaCakes118
.exe windows:5 windows x64 arch:x64

0c8bfd36f13e8f7347ea605d4201576c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
GetLastError
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
RtlUnwindEx
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
HeapFree
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CloseHandle
HeapAlloc
RtlPcToFileHeader
RaiseException
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThreadId
WriteFile
GetModuleFileNameW
LoadLibraryExW
GetProcessHeap
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetStringTypeW
OutputDebugStringW
HeapSize
HeapReAlloc
LCMapStringW
SetFilePointerEx
CreateFileW
WriteConsoleW

advapi32

CryptDestroyKey
CryptAcquireContextW
CryptReleaseContext
CryptImportKey
CryptEncrypt

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 818KB - Virtual size: 826KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c8bfd36f13e8f7347ea605d4201576c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 818KB - Virtual size: 826KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 818KB - Virtual size: 826KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 480B