56d06e2d0fa69bd53839dd627556b670_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

56d06e2d0fa69bd53839dd627556b670_JaffaCakes118
Size

306KB
MD5

56d06e2d0fa69bd53839dd627556b670
SHA1

ac704c3df03275591a832553548acf85f41eec6a
SHA256

502936587c81e307c21ff37ce58469605349cf46ef07e9346197aba0b130b5f3
SHA512

21d8120f2b2fd8bde2a2cb272eb72bab9f2576db98db9e53e948ee0f9b7b23a171a654d00ddbfb218d95c372c1a5bda291da662b211d5e5fd61c5b3f77e1c037
SSDEEP

6144:leHGrF6yRi20kiRhGnM1ZxjjDojf0CXflER8Ar5ZP6:EgnbiLkE6Vl4plY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56d06e2d0fa69bd53839dd627556b670_JaffaCakes118

Files

56d06e2d0fa69bd53839dd627556b670_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9d9442e8de173ff8077979c61cbef26f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Acquired\In\Which\You\Africa.pdb

Imports

kernel32

GetTempFileNameW
FlushConsoleInputBuffer
ReadConsoleW
GetFileType
GetConsoleOutputCP
GetExitCodeProcess
LocalAlloc
GetTempPathW
GetTempPathA
GetTempFileNameA
GetFileInformationByHandle
GetFileAttributesA
DeleteFileA
SetFilePointer
SetEnvironmentVariableW
GetFileSize
LocalFree
MultiByteToWideChar
GetComputerNameW
WideCharToMultiByte
ExpandEnvironmentStringsW
CreateEventW
ResetEvent
DeviceIoControl
GetVolumePathNamesForVolumeNameW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetThreadLocale
GetDateFormatW
GetTimeFormatW
GetFileAttributesW
FindFirstFileW
FindClose
GetVolumePathNameW
GetVolumeNameForVolumeMountPointW
GetFileAttributesExW
GetLastError
WriteFile
ExitThread
OpenSemaphoreW

user32

GetWindowTextA
SetParent

shlwapi

PathFindExtensionA
PathFindFileNameW

Exports

Exports

IsAlsoCountryMiddle
MiddleOperationsExclusion
SpecificGuaranteesMicrosoftCentreServing

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xdata
Size: 512B - Virtual size: 343B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.3
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9d9442e8de173ff8077979c61cbef26f

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

shlwapi

Exports

Exports

Sections

.text Size: 33KB - Virtual size: 32KB

.xdata Size: 512B - Virtual size: 343B

.1 Size: 1024B - Virtual size: 656B

.3 Size: 1024B - Virtual size: 552B

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 1KB - Virtual size: 225KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1024B - Virtual size: 952B

.text
Size: 33KB - Virtual size: 32KB

.xdata
Size: 512B - Virtual size: 343B

.1
Size: 1024B - Virtual size: 656B

.3
Size: 1024B - Virtual size: 552B

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 1KB - Virtual size: 225KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1024B - Virtual size: 952B