37aa1d5ca9d475b9a418e58b714ce684_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

37aa1d5ca9d475b9a418e58b714ce684_JaffaCakes118
Size

77KB
MD5

37aa1d5ca9d475b9a418e58b714ce684
SHA1

cb389e97b212c9c377adafb346f72458c2bab0e4
SHA256

dd724a7502955996fcd8a3d492323ee1725539be74151a8de6573765c4289b10
SHA512

bcfa64388d95388ac30c94bcb2ce653cdda5256a0cdc535e1e720768495f39f2d43fe2af6b5bbdddedf5f0b826273444d960f8b3f1265b4cca34da0910c618e8
SSDEEP

1536:lMqqU+NV2/S2oGaoGVQf/CzgtHdensLQxx6tKgHzX7WCKdrg/na:lMqqDL2/oxoUQf/Czq9eikxbgHHZKg/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37aa1d5ca9d475b9a418e58b714ce684_JaffaCakes118

Files

37aa1d5ca9d475b9a418e58b714ce684_JaffaCakes118
.exe windows:6 windows x64 arch:x64

191c413c04ba868c818a109211c4d235

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

repair-bde.pdb

Imports

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid

kernel32

ReadFile
CloseHandle
HeapAlloc
HeapFree
ExpandEnvironmentStringsW
WriteFile
SetFilePointerEx
VirtualAlloc
VirtualFree
DeviceIoControl
GetLogicalDrives
GetSystemDirectoryW
LoadLibraryW
GetFileSizeEx
FreeLibrary
SetEndOfFile
DeleteFileW
GetStdHandle
GetConsoleScreenBufferInfo
FillConsoleOutputCharacterW
SetConsoleCursorPosition
WriteConsoleW
Sleep
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
CreateFileW
LocalFree
FormatMessageW
SetThreadUILanguage
GetConsoleOutputCP
GetProcessHeap
GetLastError
HeapSetInformation
GetProcAddress
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlCompareMemory
GetCurrentThreadId

msvcrt

__C_specific_handler
_XcptFilter
_exit
_cexit
exit
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__wgetmainargs
memcpy
memset
?terminate@@YAXXZ
_purecall
??2@YAPEAX_K@Z
towupper
iswalpha
??3@YAXPEAX@Z
_wcsnicmp
_wcsicmp
wprintf
_wsetlocale
_vsnwprintf
__set_app_type
memcmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlNtStatusToDosError

bderepair

FveCreateRestoreContext
FveSupplyKeyPackage
FveSupplyInformationBlock
FveAuthWithPasswordW
FveAuthWithKey
FveGetMetadataFromRestoreContext
FveDecryptData
FveDestroyRestoreContext

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ryxjcfb
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

191c413c04ba868c818a109211c4d235

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

msvcrt

ntdll

bderepair

Sections

.text Size: 43KB - Virtual size: 42KB

.data Size: 2KB - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 27KB - Virtual size: 28KB

ryxjcfb Size: - Virtual size: 4KB

.text
Size: 43KB - Virtual size: 42KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 27KB - Virtual size: 28KB

ryxjcfb
Size: - Virtual size: 4KB