0c89594a34aff89b07dc889628c9e3cf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c89594a34aff89b07dc889628c9e3cf_JaffaCakes118
Size

120KB
MD5

0c89594a34aff89b07dc889628c9e3cf
SHA1

2f76491e600404b17479a32d9b2115c4b0dbcbe3
SHA256

8413f3fa78fd5f55f90b7f562c3dd0e6dec4193e0e8f8425dc48cf313321ab43
SHA512

ce3ae5e5a7ca14510e7386e60425f421762799dd539fdf2dfb9556d8c95b049c46e677f1f6393a3c0e590f7918fc5ab9bb5373795ac55f70fca69fc00f7425ca
SSDEEP

1536:Lt7EOHrU7DDFVpc6Be5Qo36gHpyacD41eU2AwhcwvBpQn10/kPx16JBKAD7ZX:LtYOLU7DBjc6oQo3ByaR1eXRpc10cPs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c89594a34aff89b07dc889628c9e3cf_JaffaCakes118

Files

0c89594a34aff89b07dc889628c9e3cf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0f997822e50b9fbeb1605b1a68f58be1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

atl

ord15
ord43
ord44
ord45
ord32
ord16
ord21
ord18
ord22

ntdll

RtlCreateUnicodeString
RtlFreeUnicodeString

kernel32

ResetEvent
GetCurrentThreadId
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetVersion
GetFileAttributesW
GetProcAddress
WaitForSingleObject
SetEvent
GetModuleHandleW
LoadLibraryW
GetModuleHandleA
GlobalSize
CreateEventW
DeleteCriticalSection
CloseHandle
InterlockedExchange
InterlockedCompareExchange
QueryPerformanceCounter
GlobalAlloc
GlobalFree
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
InterlockedDecrement
lstrlenW
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetTickCount
GlobalUnlock
GlobalLock
Sleep
LocalFree
LocalAlloc
MultiByteToWideChar
FindClose
FindFirstFileW
FormatMessageW
CompareStringW
GetCommandLineW
GetFullPathNameW
ExpandEnvironmentStringsW
GetProcessHeap
HeapFree
HeapAlloc
LoadLibraryA
VirtualAlloc
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
VirtualFree

oleaut32

SysStringLen
SysAllocString
SafeArrayGetVartype
VariantClear
VariantInit
VariantChangeType
SafeArrayGetElement
SafeArrayGetUBound
SafeArrayGetLBound
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString
SafeArrayGetDim

ole32

CoInitialize
CoUninitialize
ReleaseStgMedium
CoCreateInstance
StringFromCLSID
CoTaskMemFree
CoTaskMemAlloc
CreateStreamOnHGlobal
StringFromGUID2

shlwapi

PathFindFileNameW
PathAddBackslashW
PathRemoveFileSpecW
PathStripPathW

secur32

TranslateNameW

ntdsapi

DsCrackNamesW
DsFreeNameResultW

activeds

ord13
ord9

Sections

.text
Size: 66KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cbss
Size: - Virtual size: 168KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ctls
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.msshare
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mstp
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f997822e50b9fbeb1605b1a68f58be1

Headers

File Characteristics

Imports

atl

ntdll

kernel32

oleaut32

ole32

shlwapi

secur32

ntdsapi

activeds

Sections

.text Size: 66KB - Virtual size: 80KB

.cbss Size: - Virtual size: 168KB

DATA Size: 4KB - Virtual size: 4KB

.pdata Size: 4KB - Virtual size: 4KB

.rdata Size: 4KB - Virtual size: 4KB

.ctls Size: 4KB - Virtual size: 4KB

.msshare Size: 4KB - Virtual size: 4KB

.mstp Size: 4KB - Virtual size: 4KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 25KB - Virtual size: 25KB

.reloc Size: 4KB - Virtual size: 220B

.text
Size: 66KB - Virtual size: 80KB

.cbss
Size: - Virtual size: 168KB

DATA
Size: 4KB - Virtual size: 4KB

.pdata
Size: 4KB - Virtual size: 4KB

.rdata
Size: 4KB - Virtual size: 4KB

.ctls
Size: 4KB - Virtual size: 4KB

.msshare
Size: 4KB - Virtual size: 4KB

.mstp
Size: 4KB - Virtual size: 4KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 25KB - Virtual size: 25KB

.reloc
Size: 4KB - Virtual size: 220B