2af6b23ef9ba2bbff345b8abb20e34e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2af6b23ef9ba2bbff345b8abb20e34e3_JaffaCakes118
Size

186KB
MD5

2af6b23ef9ba2bbff345b8abb20e34e3
SHA1

26b12ec07aa07250009444bf67611ce652ba5565
SHA256

aad1148d728e7838fac8cd0a6195d0d46ae9ecefe0426f29f57922af02d95c80
SHA512

9a5026c60c0c70bc481facac9fccf1e647eec9b39d5f53935fd5d16df41b50ef35f0655054e5fc9308f9534a2c7b5d13142c8cbd5f289fce7b992d908704713d
SSDEEP

3072:8pC4Po8aJ5nyi6xn/g9zqdJiOjd8uvhPEIifmkBFMV3Hf9Go9qnwTE:p4VaJ+xY9OdsOjaulifm0FMpxqnwTE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2af6b23ef9ba2bbff345b8abb20e34e3_JaffaCakes118

Files

2af6b23ef9ba2bbff345b8abb20e34e3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

92e2e19003b06b41bf3426fb3db9e871

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumSystemCodePagesA
GetBinaryTypeA
GetStringTypeExA
_lcreat
FindResourceA
IsBadWritePtr
GetCurrentDirectoryW
CreateProcessW
RequestWakeupLatency
GetComputerNameW
SetProcessAffinityMask
LocalFileTimeToFileTime
LockResource
Beep
Module32First
GetPrivateProfileSectionW
VirtualFreeEx
LoadModule
SetupComm
GlobalHandle
CreateFileMappingW
SetEndOfFile
LocalSize
IsDebuggerPresent
GetModuleHandleA
FlushFileBuffers
SetStdHandle
LoadLibraryA
HeapReAlloc
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
ReadFile
GetStringTypeW
GetStringTypeA
HeapAlloc
SetFilePointer
GetProcAddress
WriteFile
RtlUnwind
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
CloseHandle
GetModuleFileNameA
LCMapStringW
LCMapStringA
WideCharToMultiByte
GetFileType
GetStdHandle
SetHandleCount
GetLastError
MoveFileA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
MultiByteToWideChar

user32

GetTabbedTextExtentA
CharNextW
IsCharUpperA
OpenInputDesktop
ShowWindow
DialogBoxParamW
CloseDesktop
DdePostAdvise
mouse_event
RegisterClassExA
GetWindowTextLengthW
CreateAcceleratorTableA
SetMessageExtraInfo
LookupIconIdFromDirectoryEx
ExitWindowsEx
SetRectEmpty
DefFrameProcA
SetRect
IMPGetIMEA
GetCapture
InvalidateRect
GetThreadDesktop
CreateWindowExW
ValidateRect
MapWindowPoints
SetThreadDesktop
LockWorkStation
GrayStringW
TabbedTextOutA
LoadCursorFromFileA
DispatchMessageA

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

92e2e19003b06b41bf3426fb3db9e871

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 159KB - Virtual size: 158KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 18KB - Virtual size: 55KB

.text
Size: 159KB - Virtual size: 158KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 18KB - Virtual size: 55KB