089b8e660a6166dab314b6f13610adae_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

089b8e660a6166dab314b6f13610adae_JaffaCakes118
Size

192KB
MD5

089b8e660a6166dab314b6f13610adae
SHA1

0fcb68b60a9c450ec1c1d774b6b490e829ebe519
SHA256

f049dfe673df5f8567c2d6eb22d8a6d037ae7d59c9acc00a0143a7c77dd07187
SHA512

80737d4c6e9068a1adf06a83c01cb8f561c1428281c552f48d8bc6f7c9a1109d7cd9f473ac92385f3ff904023f7b8792223f09e4d544ba619d2532a49ba90518
SSDEEP

3072:4YyyRTUZNRmdsCXPJajlCr60VnwGTCQA2nGXFR:nrsC/JajlC+ezPnuL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
089b8e660a6166dab314b6f13610adae_JaffaCakes118

Files

089b8e660a6166dab314b6f13610adae_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fe9051fa81f10bae57a6995c0b869ea5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

fhsdk526.pdb

Imports

kernel32

GetComputerNameW
FreeLibrary
LoadLibraryA
SetEvent
ResetEvent
CreateEventA
OpenEventW
InterlockedDecrement
UnregisterWait
RegisterWaitForSingleObjectEx
WideCharToMultiByte
GetTickCount
GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetComputerNameExW
CreateFileA
GetProfileStringA
GetModuleFileNameA
LeaveCriticalSection
CreateFileW
LoadLibraryW
DeleteCriticalSection
GetLocalTime
WaitForSingleObject
GetCurrentThread
CompareStringA
GetSystemDefaultLCID
lstrlenA
lstrcmpiA
GetModuleHandleW
GetModuleFileNameW
lstrcpyW
FormatMessageW
IsDebuggerPresent
OutputDebugStringA
DebugBreak
ExpandEnvironmentStringsW
DisableThreadLibraryCalls
GetCurrentProcessId
LocalAlloc
lstrcmpW
LocalFree
CloseHandle
GetSystemTimeAsFileTime
SetEndOfFile
OpenSemaphoreW
GetLocaleInfoW
VirtualAlloc
GetLastError

user32

wsprintfW
CharLowerBuffW

advapi32

FreeSid
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptAcquireContextW
OpenProcessToken
GetTokenInformation
RegSetValueExW
RegEnumKeyExW
QueryServiceConfigW
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RevertToSelf
SetThreadToken
OpenThreadToken
LookupAccountSidW
EqualSid

msvcrt

vfprintf
putc
mblen
fgetpos
wcscoll
getenv
exit
wctomb
fgetc

Exports

Exports

RQYeQ

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1017B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 498KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe9051fa81f10bae57a6995c0b869ea5

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 17KB

.rdata Size: 4KB - Virtual size: 1017B

.data Size: 116KB - Virtual size: 498KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 1017B

.data
Size: 116KB - Virtual size: 498KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 4KB - Virtual size: 1KB