06d8a44258a76371a00b86af881a3130_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06d8a44258a76371a00b86af881a3130_JaffaCakes118
Size

116KB
MD5

06d8a44258a76371a00b86af881a3130
SHA1

81c9ce8dc418fae5a8577cffe22a4a003c6764b5
SHA256

b6c7ec0f538051ab0533225d090d96d15403c71ec3bd25ceeeda4c0530e6b130
SHA512

00de89323c39d1c0f2928aaf880361787bd65bedea7cd5ad75c929ac0a7bdb2eba4c2f2c90fcd0b150f612896b7c75b5c550594ee4e333cac068f41053e221e2
SSDEEP

768:PiWUIc0gzvSoeB8t9wv06cEhByX/BAFtptMqYYpAT2eQB9MR/XzTaVCFBDB9Xhch:6WezSoeB8tecJEhumlMqYYCThzzBqem

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06d8a44258a76371a00b86af881a3130_JaffaCakes118

Files

06d8a44258a76371a00b86af881a3130_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9d46dcf74831771d900e8bc00ccfb5d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Authenticated\Assign\Software\Instances\User\Or.pdb

Imports

kernel32

TlsAlloc
GetProcAddress
TerminateProcess
FreeLibrary
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
LocalAlloc
GetComputerNameExW
LocalFree
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TlsFree
TlsGetValue
GetStringTypeW
GetComputerNameW
IsBadWritePtr
GetLastError
TlsSetValue
GetCurrentProcessId
lstrlenA
GetStartupInfoA
InterlockedExchange
GetModuleHandleA

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExW
RegDeleteKeyA
RegCloseKey
RegQueryValueExW

msvcrt

_controlfp
_unlock
?terminate@@YAXXZ
_lock
_onexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
__dllonexit
_cexit
atol
_chdir
__getmainargs

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
CM_Get_DevNode_Status
CM_Locate_DevNodeW
CM_Reenumerate_DevNode
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d46dcf74831771d900e8bc00ccfb5d5

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

msvcrt

setupapi

Sections

.text Size: 24KB - Virtual size: 22KB

.idata Size: 4KB - Virtual size: 2KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 20KB - Virtual size: 20KB

.rsrc Size: 52KB - Virtual size: 50KB

.text
Size: 24KB - Virtual size: 22KB

.idata
Size: 4KB - Virtual size: 2KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 52KB - Virtual size: 50KB