45c44ca91e1174e41f3a2905424ef248_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

45c44ca91e1174e41f3a2905424ef248_JaffaCakes118
Size

51KB
MD5

45c44ca91e1174e41f3a2905424ef248
SHA1

0b63143c32efebaee7f4aa1b2dadbdc173ff27ab
SHA256

b579d282599ca6ae4b7daee80f13552c92639b467c6a962590ddd44f2f2d8ceb
SHA512

f872cb7784717f533628dd2ce2e192bef6f507178a6731a1e78a91bdec6a712400489a6823a5d1c3f2a7ee349c636a121978ce8a029d9b8eb6b3df0f4ec2b78b
SSDEEP

1536:s4dH3OKwrXeCS8OY0exF7YFkORCLssD84s052ByWGI:j4VxHF79OcZDP2ByWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45c44ca91e1174e41f3a2905424ef248_JaffaCakes118

Files

45c44ca91e1174e41f3a2905424ef248_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d8f12118c31426cda1e8ed6720c7f045

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pdh

PdhValidatePathW
PdhTranslateLocaleCounterA
PdhVbGetDoubleCounterValue
PdhGetRawCounterValue
PdhAdd009CounterW
PdhVbAddCounter
PdhGetDefaultPerfObjectA
PdhTranslate009CounterW
PdhTranslateLocaleCounterW
PdhEnumMachinesHW
PdhOpenQueryH
PdhSetDefaultRealTimeDataSource
PdhGetLogFileSize
PdhGetCounterInfoA
PdhExpandWildCardPathHW
PdhAdd009CounterA
PdhEnumMachinesA
PdhRelogW
PdhEnumObjectsHA
PdhSetQueryTimeRange
PdhCollectQueryDataEx
PdhReadRawLogRecord
PdhExpandWildCardPathA
PdhVbGetOneCounterPath
PdhGetDefaultPerfObjectHA
PdhVerifySQLDBA
PdhGetDefaultPerfCounterHA
PdhVbIsGoodStatus
PdhOpenQueryA
PdhComputeCounterStatistics
PdhGetDefaultPerfObjectHW
PdhGetFormattedCounterArrayA
PdhOpenQuery
PdhConnectMachineW

msvcrt

_unlock
strcmp
wcscpy
_commode
_abnormal_termination
strncat
_CIlog10
exit
_wpgmptr
__set_app_type
_aligned_offset_realloc
_eof
_creat
_searchenv
tan
??9type_info@@QBEHABV0@@Z
__DestructExceptionObject
_wspawnv
__p__commode
_open
_tolower
_execlpe
ctime
_filelengthi64
_Getmonths
_gmtime64
_set_sbh_threshold
_scwprintf

kernel32

SetFilePointerEx
GetAtomNameW
GetNumberOfConsoleFonts
GetModuleHandleA
VerifyVersionInfoW
GetCurrentProcessId
SetConsoleOutputCP
GetThreadLocale
WritePrivateProfileStringW
GetCurrentProcess
SetHandleCount
GlobalAlloc
FindNextFileA
WriteConsoleOutputA
GetSystemTimeAsFileTime
GetSystemDefaultLCID
BeginUpdateResourceW
LockFileEx
GetConsoleAliasesLengthW
WritePrivateProfileStringA
SetConsolePalette
ExitProcess
BaseDumpAppcompatCache
AddAtomA
GetTimeFormatA
LZInit
RegisterConsoleVDM
SetLocaleInfoA
GetUserDefaultLCID
FindCloseChangeNotification
QueryActCtxW
ReadConsoleOutputW
GetNumberFormatA
CreateMailslotW
InvalidateConsoleDIBits
GetComputerNameW
CreateMutexA
CancelWaitableTimer
VirtualAlloc
InitializeCriticalSectionAndSpinCount
CreateNamedPipeA
LoadLibraryA
_lclose
SetErrorMode
CreateMutexW
GlobalGetAtomNameA
QueryDepthSList
EnumCalendarInfoW
HeapAlloc
LocalAlloc
GetLocalTime
QueueUserAPC
WriteConsoleOutputCharacterW
CreateTimerQueue
AllocateUserPhysicalPages
EnumLanguageGroupLocalesW
GetThreadContext
RemoveDirectoryW
IsBadWritePtr
HeapUnlock
IsValidLocale
ReadConsoleOutputA
SetEvent
LZStart
lstrcmpi
ExpandEnvironmentStringsW
GetVDMCurrentDirectories
TzSpecificLocalTimeToSystemTime
GlobalFindAtomW

Sections

.text
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8f12118c31426cda1e8ed6720c7f045

Headers

DLL Characteristics

File Characteristics

Imports

pdh

msvcrt

kernel32

Sections

.text Size: 42KB - Virtual size: 42KB

.rdata Size: 6KB - Virtual size: 6KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 42KB - Virtual size: 42KB

.rdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 1KB - Virtual size: 1KB