00d940d8aff4aaf7af85c060cb35cbd3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

00d940d8aff4aaf7af85c060cb35cbd3_JaffaCakes118
Size

296KB
MD5

00d940d8aff4aaf7af85c060cb35cbd3
SHA1

7251d943d2892bf487c0f9c730c665d48cc9f3e7
SHA256

ca5f56e868ed94ead05afba36d9281e2515458e0e350f6cc421821bf3115049a
SHA512

4fd157651e77e3de7aaaef297a2e7468b370555145dabd14a61706b2c9e59a942ea439bc4ae2bfb646d357c49395b6a1234a60bd1037f2e606a6d23c7a38b42f
SSDEEP

6144:d70dWiPV6MVFPhLTmM/aBmiwpOtwqvrjOflbQDStU:d7VicEPRTNasqZvUc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00d940d8aff4aaf7af85c060cb35cbd3_JaffaCakes118

Files

00d940d8aff4aaf7af85c060cb35cbd3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c79559e115c0636cd01769f7af26c67b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Imports

kernel32

GetLocaleInfoA
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
GetACP
GetProcAddress
LoadLibraryA
HeapAlloc
GetProcessHeap
Sleep
GetCurrentProcessId
InterlockedExchange
SetEndOfFile
GetLocaleInfoW
InterlockedDecrement
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
ExitProcess
HeapFree
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LCMapStringW
GetCPInfo
HeapReAlloc
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
VirtualQuery
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
WriteFile
FlushFileBuffers
SetFilePointer
CloseHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
TerminateProcess
GetCurrentProcess
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
VirtualProtect
GetSystemInfo
IsBadReadPtr
IsBadCodePtr
GetOEMCP
SetStdHandle
ReadFile
CreateFileA

gdi32

StartPage

winspool.drv

AddPrinterA
OpenPrinterA

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d2
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.d1
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 184KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.d3
Size: 4KB - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c79559e115c0636cd01769f7af26c67b

Headers

File Characteristics

PDB Paths

Imports

kernel32

gdi32

winspool.drv

Sections

.text Size: 56KB - Virtual size: 53KB

.d2 Size: 12KB - Virtual size: 9KB

.d1 Size: - Virtual size: 41KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 184KB - Virtual size: 187KB

.d3 Size: 4KB - Virtual size: 64B

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 56KB - Virtual size: 53KB

.d2
Size: 12KB - Virtual size: 9KB

.d1
Size: - Virtual size: 41KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 184KB - Virtual size: 187KB

.d3
Size: 4KB - Virtual size: 64B

.rsrc
Size: 20KB - Virtual size: 18KB