10ac041c9dd151e21e6bc71d4a3560d2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10ac041c9dd151e21e6bc71d4a3560d2_JaffaCakes118
Size

804KB
MD5

10ac041c9dd151e21e6bc71d4a3560d2
SHA1

1b947d0a88f9827c4a874541119896ec01f4ee82
SHA256

f4b7eea484fce840691221e215715a51ab557c623cc23f1d6321abc710e930b8
SHA512

69be80ab8e9573c7f29bdbcfd68784fa57e8b6c0ce441778a7ef00f7c49d5ed0f965a988c60cc06bb916b989090615d10011db21067f2cb16bf3c7ff941fd7dd
SSDEEP

12288:7nxROCymnZEe+5kxF5mQyGEuZamuxqkm7n+mSDuI:7bOC1ONnQpXZeqk+nfA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10ac041c9dd151e21e6bc71d4a3560d2_JaffaCakes118

Files

10ac041c9dd151e21e6bc71d4a3560d2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

aecb20bcac0b6f4aab458142df8502c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32 kernel32

GetSystemDirectoryA �q

kernel32

GetSystemDirectoryA
VirtualFree
VirtualQuery
VirtualAlloc
GetLastError
VirtualProtectEx
GetModuleFileNameA
InitializeCriticalSection
SetLastError
lstrlenA
LoadLibraryA
VirtualProtect
OpenProcess
TerminateProcess
GetModuleHandleA
GetProcAddress
CreateFileA
CreateFileMappingA
CloseHandle
MapViewOfFile
UnmapViewOfFile
Sleep
lstrcpyA
DeleteFileA
GetFileSize
GetComputerNameA
InterlockedExchange
SetEnvironmentVariableA
CompareStringW
CompareStringA
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
ExitProcess
GetCurrentProcess
HeapReAlloc
HeapSize
TlsAlloc
TlsFree
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetUnhandledExceptionFilter
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
IsBadWritePtr
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
WriteFile
UnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
SetEndOfFile

user32

ShowWindow
EndDialog
FindWindowA
KillTimer
PostMessageA
RegisterHotKey
UnregisterHotKey
DialogBoxParamA
GetDesktopWindow
UpdateWindow
SetTimer
MoveWindow

shell32

ShellExecuteA

msvcrt

fputwc
rename
isspace
isalnum
isalpha
fputs
isdigit
fgetwc
ungetwc
_access
_strlwr

iphlpapi

GetAdaptersInfo

Exports

Exports

A1
A2
A3
AX

Sections

.text
Size: 408KB - Virtual size: 408KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 368KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aecb20bcac0b6f4aab458142df8502c4

Headers

File Characteristics

Imports

kernel32 kernel32

kernel32

user32

shell32

msvcrt

iphlpapi

Exports

Exports

Sections

.text Size: 408KB - Virtual size: 408KB

Size: 16KB - Virtual size: 20KB

Size: 368KB - Virtual size: 368KB

Size: 4KB - Virtual size: 4KB

Size: 4KB - Virtual size: 4KB

.text
Size: 408KB - Virtual size: 408KB