fe586021fef00c052702d3a6a07b9f9d_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fe586021fef00c052702d3a6a07b9f9d_JaffaCakes118
Size

596KB
MD5

fe586021fef00c052702d3a6a07b9f9d
SHA1

256d471549a023bdf67975ed56b3b27df3eee549
SHA256

c305a324b87f4ae86f9cfab88b84f34f4b484ae929198c9720cf88adde57a018
SHA512

447438dce24a8fd5739e11a8ccd0d5c54df82312e3c4bc8255af4bd3f79ec4d1d71e7962444ccac2919fc0e7e8f30cffa08160b8b3f9a614d2015226918443c6
SSDEEP

12288:4PnIidX5oVGUwCsH1RzVzE6LNxgSBmB896FNJ:4jJZUwZ1RzVzE6LNOSBmBzPJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe586021fef00c052702d3a6a07b9f9d_JaffaCakes118

Files

fe586021fef00c052702d3a6a07b9f9d_JaffaCakes118
.dll windows:4 windows x86 arch:x86

7c3633e473ccd3dabfc9db68e587eaad

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileMappingA
CreateFileA
FlushViewOfFile
GlobalFree
GlobalAlloc
IsDBCSLeadByte
lstrcmpA
lstrcmpiA
FindClose
FindFirstFileA
MapViewOfFile
GetTempPathA
GetSystemDirectoryA
SetEnvironmentVariableA
CompareStringW
UnmapViewOfFile
CloseHandle
lstrlenA
lstrcpyA
DeleteFileA
lstrcatA
CompareStringA
RtlUnwind
HeapFree
HeapAlloc
GetLastError
SetEndOfFile
GetFileType
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetProcAddress
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WriteFile
SetFilePointer
ReadFile
RaiseException
FlushFileBuffers
DeleteCriticalSection
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetStdHandle
GetStartupInfoA
SetStdHandle
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
LCMapStringA
LCMapStringW
GetCurrentProcessId

Exports

Exports

GetNewInf

Sections

.text
Size: 428KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c3633e473ccd3dabfc9db68e587eaad

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 428KB - Virtual size: 424KB

.rdata Size: 96KB - Virtual size: 92KB

.data Size: 48KB - Virtual size: 54KB

.rsrc Size: 4KB - Virtual size: 888B

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 428KB - Virtual size: 424KB

.rdata
Size: 96KB - Virtual size: 92KB

.data
Size: 48KB - Virtual size: 54KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 16KB - Virtual size: 13KB