3a07c301314148e4a0d7235a9f5bb5a0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a07c301314148e4a0d7235a9f5bb5a0_JaffaCakes118
Size

252KB
MD5

3a07c301314148e4a0d7235a9f5bb5a0
SHA1

08830973c56487fb1bc87c63ec0e3fa2e017b2fe
SHA256

61587db68225f55678e4b6ba8555598b7074c61475ef9460414fd967e44ac58c
SHA512

c636fe198ebacab3d9b084605f5000d080dfd67b49a251c90d3f46ff1ec8d3afa2539dd6fa7dafad784a7a55d5d49639a705f4d0cfc1f997b2fafafc07724ec0
SSDEEP

6144:SdExA59BAN/EpJM9eXrZG9j9kQx/5r4jjjj:SdEynBG/E09eX1G9xkw/5r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a07c301314148e4a0d7235a9f5bb5a0_JaffaCakes118

Files

3a07c301314148e4a0d7235a9f5bb5a0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6b9047599e3192e93448fdbe06554e5c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Hadyca\abyxeh\ivoqolep\Odozohu\Masetovope.pdb

Imports

ole32

CoInitialize
CoRevokeClassObject
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc

kernel32

HeapReAlloc
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
HeapSize
GetLogicalDriveStringsA
GetProfileStringW
VirtualProtect
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapAlloc
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapFree
GetLastError
CloseHandle
TlsAlloc
SetLastError
GetCurrentThreadId
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
WideCharToMultiByte
GetTimeZoneInformation
VirtualAlloc
GetSystemInfo
VirtualQuery
FatalAppExitA
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
ExitProcess
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetFilePointer
ReadFile
RtlUnwind
InterlockedExchange
InitializeCriticalSection
MultiByteToWideChar
SetStdHandle
FlushFileBuffers
CreateFileA
GetACP
GetOEMCP
GetCPInfo
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
LoadLibraryA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetEndOfFile
LCMapStringA
LCMapStringW

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b9047599e3192e93448fdbe06554e5c

Headers

File Characteristics

PDB Paths

Imports

ole32

kernel32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 72KB - Virtual size: 68KB

.data Size: 104KB - Virtual size: 194KB

.rsrc Size: 4KB - Virtual size: 824B

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 104KB - Virtual size: 194KB

.rsrc
Size: 4KB - Virtual size: 824B