fdd3c7b29c9f3161f2164abfdd8c86a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fdd3c7b29c9f3161f2164abfdd8c86a0_JaffaCakes118
Size

204KB
MD5

fdd3c7b29c9f3161f2164abfdd8c86a0
SHA1

8987454aa0af27c6fb6931e22b102cc9131998d5
SHA256

56d7de3790f3fe7d946d492a31b30cb96cfede4b14202d7f51060928fcfdd5de
SHA512

94de5c6b3b0c900bb04b63ed37b3b454ef7ba86bb8471dc57855a83c6b393b10c4cbe8f61c2121280fc6f879185a683089574936aaf2054abbbd0d29260b4f6a
SSDEEP

3072:c3cqiHL4WoDxtB67eSxJFKawKgy3sLSE5Ef+hyE16Kn2cRfHKisQ5:gcNUHpQHxJ4uZ8LSE5+L8rn2coTq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fdd3c7b29c9f3161f2164abfdd8c86a0_JaffaCakes118

Files

fdd3c7b29c9f3161f2164abfdd8c86a0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2696ef01e16e421ff21e52d710c29a07

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Ryan Project\Anti-AntiVirus\AntiAntiVirus_command1.3\bin\release\stub.pdb

Imports

kernel32

VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
SetThreadContext
WideCharToMultiByte
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
CreateProcessA
TerminateProcess
WriteProcessMemory
WaitForSingleObject
ResumeThread
GetCommandLineW
GetThreadContext
OutputDebugStringW
GetProcAddress
VirtualAlloc
GetModuleHandleW
IsBadReadPtr
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetLastError
SetFilePointer
RaiseException
RtlUnwind
MultiByteToWideChar
ReadFile
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
HeapReAlloc
CloseHandle
CreateFileA
InitializeCriticalSection
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile

shell32

CommandLineToArgvW

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Smiley0
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.Smiley
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2696ef01e16e421ff21e52d710c29a07

Headers

File Characteristics

PDB Paths

Imports

kernel32

shell32

Sections

.text Size: 45KB - Virtual size: 45KB

Smiley0 Size: 2KB - Virtual size: 2KB

.rdata Size: 11KB - Virtual size: 11KB

.Smiley Size: 11KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

. Size: 58KB - Virtual size: 58KB

. Size: 58KB - Virtual size: 58KB

.text
Size: 45KB - Virtual size: 45KB

Smiley0
Size: 2KB - Virtual size: 2KB

.rdata
Size: 11KB - Virtual size: 11KB

.Smiley
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.
Size: 58KB - Virtual size: 58KB

.
Size: 58KB - Virtual size: 58KB