10c4e833d9398eb428e61f99c243dda6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10c4e833d9398eb428e61f99c243dda6_JaffaCakes118
Size

314KB
MD5

10c4e833d9398eb428e61f99c243dda6
SHA1

7535de087b9f72b1d2486dbf885cd22602c48332
SHA256

52681e43af8017e76e28eaab43b73012bdadfe41de4eb0956da0fcfaf3e2b6ad
SHA512

140438b5837d8d9ee8004b65c9a0d3a9c5fb485e955d9825533ca51ef15f8dff69660a991e2b5cbec2d5a57c079c0c7db34977196b3341134de6636d53d2b759
SSDEEP

6144:S1q1YBVNeURZDZT5oT2AXot8QbEwjoNCBSxSahrxu0Xm:4yYBLeURZDZ9o/Y172mmJB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10c4e833d9398eb428e61f99c243dda6_JaffaCakes118

Files

10c4e833d9398eb428e61f99c243dda6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bbb3798043b002e6c8a56e5635f66455

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Duwyrykogi\Jynyjiqowo\Hagihi\Oqucej\iqaquhy\olafoxo\Fykuvyji\Taxutumebu\ipoqotoxon\ufixakazyb\Qadaza\Epihad\Kivotuj\osapel\yputut\Opugequt\Uqisyqozic\Iluris\uwefyryfa.pdb

Imports

kernel32

Sleep
CreateProcessA
CloseHandle
GetStartupInfoA
DeleteFileA
GetTickCount
GetLocalTime
GetFileTime
GetDiskFreeSpaceA
GetTimeFormatA
LoadLibraryA
ExitProcess
GetCurrentProcessId
GetModuleFileNameA
FindClose
FindNextFileA
FindFirstFileA
TlsSetValue
TlsAlloc
IsProcessorFeaturePresent
VirtualProtect
GetSystemInfo
GetSystemTimeAsFileTime
SetFileAttributesA
GetLastError
GetFileAttributesA
DuplicateHandle
GetCurrentProcess
GetTimeFormatW
GetDateFormatW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
WideCharToMultiByte
GetTimeZoneInformation
SetStdHandle
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetFileType
SetHandleCount
GetStdHandle
DeleteCriticalSection
CreateFileA
CreateFileW
TlsGetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCurrentThread
GetProcAddress
HeapFree
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
MultiByteToWideChar
WriteFile
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
FatalAppExitA
RtlUnwind
GetConsoleCP
GetConsoleMode
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
InterlockedExchange
HeapReAlloc
LCMapStringW
GetStringTypeW
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryW
GetLocaleInfoW
WriteConsoleW
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CompareStringW
SetEnvironmentVariableA
LocalAlloc
LocalFree
RaiseException

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbb3798043b002e6c8a56e5635f66455

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 87KB - Virtual size: 86KB

.data Size: 100KB - Virtual size: 152KB

.rsrc Size: 1024B - Virtual size: 768B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 87KB - Virtual size: 86KB

.data
Size: 100KB - Virtual size: 152KB

.rsrc
Size: 1024B - Virtual size: 768B

.reloc
Size: 5KB - Virtual size: 4KB