164d9ad8334e2448967ad4aaf622e723_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

164d9ad8334e2448967ad4aaf622e723_JaffaCakes118
Size

237KB
MD5

164d9ad8334e2448967ad4aaf622e723
SHA1

e9517e702001921e740ddb634e3fdcd2145838d0
SHA256

a4803fe022810ee7ccce8c3cfa36a3ad3cd860025836656105733432ff0c4b2a
SHA512

1aa536a1210315bb62315c39bdd6bcbb6d6d7c7c4250c153bc0d6d68bd55072635df83210d5a6c47c14772c1df22db8228e28295d4708fe3ada5123d4c3fd58f
SSDEEP

1536:/6NmMBMBKw1ocbCzcT7ZAEPUBe1YWklnJh+HkirKtCugAx5C547zCrG8GpwkF2k:/01B7XcbCk+e10JTsKtP5w47zhwkF2k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
164d9ad8334e2448967ad4aaf622e723_JaffaCakes118

Files

164d9ad8334e2448967ad4aaf622e723_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e09089a2b25be43668e10d5174064933

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

kernel32

CloseHandle
CreateFileA
CreateThread
CreateToolhelp32Snapshot
DeleteCriticalSection
DeleteFileA
EnterCriticalSection
ExitProcess
FindFirstFileA
FindNextFileA
FreeEnvironmentStringsA
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileSize
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetTimeZoneInformation
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
InitializeCriticalSection
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
OpenProcess
Process32First
Process32Next
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetFilePointer
SetHandleCount
SetLastError
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile
lstrlenA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA

wsock32

closesocket
gethostbyname
htons
setsockopt

user32

CharLowerA
EnumThreadWindows
MessageBoxA
wsprintfA

Exports

Exports

___CPPdebugHook
kwfolur

Sections

.text
Size: 78KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 149KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e09089a2b25be43668e10d5174064933

Headers

File Characteristics

Imports

advapi32

kernel32

version

wsock32

user32

Exports

Exports

Sections

.text Size: 78KB - Virtual size: 80KB

.data Size: 149KB - Virtual size: 168KB

.tls Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 8KB

.text
Size: 78KB - Virtual size: 80KB

.data
Size: 149KB - Virtual size: 168KB

.tls
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 8KB