ac1ecd8495a6f39dcdf4d3e34c3014bf_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ac1ecd8495a6f39dcdf4d3e34c3014bf_JaffaCakes118
Size

50KB
MD5

ac1ecd8495a6f39dcdf4d3e34c3014bf
SHA1

6c8a6f65e2334852a57b0a0c0a4ca5887abdd7d9
SHA256

b546ca31729119659a8f8ffe1875ee3bec67cb409557c049596d74898b5f9dd0
SHA512

5582dd90b2f759fb4253fcc58f60184f8fcaf121112b31325c61d95e6c36e94117325fac1405c9185bc556398fdfacbf7468b3f00c0a6b3b99a2e4337031e25b
SSDEEP

1536:nL+m8LeaPpRQzMvEF3HbzaVN87NUP/9Y:nL+6mkMsF2NaUP/9Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ac1ecd8495a6f39dcdf4d3e34c3014bf_JaffaCakes118

Files

ac1ecd8495a6f39dcdf4d3e34c3014bf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

72ef161afe162f04f3ea97bc458a84d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

auxSetVolume

msvcrt

_snprintf
_ftol
printf
_ultoa
malloc
strtok
strtoul
fprintf
_splitpath
strncpy
_adjust_fdiv
_except_handler3
_iob
vprintf
atol
free
swprintf
_strnicmp
fopen
_stricmp
_itoa
strpbrk
wcslen
time
fclose
fflush
memmove
_vsnprintf
__dllonexit
_makepath
_purecall
vsprintf
isprint
_initterm
_strupr
strchr
rand
_fullpath
sprintf
_onexit
_ltoa
toupper

lz32

LZClose

kernel32

GetCurrentThreadId
TlsAlloc
SetThreadPriority
GetDriveTypeA
SleepEx
GlobalMemoryStatus
WaitForSingleObject
WriteFileEx
FindNextFileA
TlsGetValue
CreateFileMappingA
VirtualAlloc
CreateSemaphoreA
FindClose
GetModuleFileNameA
SetEvent
MoveFileA
GetFileAttributesA
GetVersionExA
InitializeCriticalSection
GetTickCount
lstrlenA
GetCurrentThread
GetExitCodeThread
CreateDirectoryA
QueryPerformanceFrequency
ReleaseMutex
IsValidLocale
GetProcAddress
TlsSetValue
LCMapStringW
VirtualFree
GetOverlappedResult
LoadLibraryA
ReadProcessMemory
TerminateProcess
GetCurrentProcessId
IsProcessorFeaturePresent
VirtualQuery
ReadFileEx
lstrcpyA
CreateFileA
GetLastError
GetDiskFreeSpaceA
Sleep
MapViewOfFile
CopyFileA
HeapDestroy
InterlockedIncrement
WriteFile
GetFileSize
GetModuleHandleA
CreateMutexA
DeleteCriticalSection
SetEndOfFile
ResetEvent
HeapAlloc
GetLocalTime
CreateEventA
GlobalAlloc
UnhandledExceptionFilter
ReadFile
RemoveDirectoryA
FlushFileBuffers
OutputDebugStringA
DeleteFileA
GetProcessHeap
ReleaseSemaphore
GlobalFree
QueryPerformanceCounter
WaitForMultipleObjectsEx
CreateThread
ExpandEnvironmentStringsA
GetUserDefaultLangID
HeapFree
HeapCreate
WaitForSingleObjectEx
FreeLibrary
EnterCriticalSection
TlsFree
FindFirstFileA
CloseHandle
UnmapViewOfFile
GetSystemDefaultLangID
SetFilePointer
lstrcmpA
GetSystemInfo
DebugBreak
LeaveCriticalSection
GetCurrentProcess

advapi32

RegCreateKeyExA
ReportEventA
RegOpenKeyExA
RegCloseKey
DeregisterEventSource
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
InitializeSecurityDescriptor
RegisterEventSourceA
SetSecurityDescriptorDacl

Sections

.textbss
Size: 43KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72ef161afe162f04f3ea97bc458a84d9

Headers

File Characteristics

Imports

winmm

msvcrt

lz32

kernel32

advapi32

Sections

.textbss Size: 43KB - Virtual size: 1.3MB

.text Size: 512B - Virtual size: 420B

.idata Size: 4KB - Virtual size: 3KB

.rdata Size: 512B - Virtual size: 32B

.reloc Size: 512B - Virtual size: 4B

.textbss
Size: 43KB - Virtual size: 1.3MB

.text
Size: 512B - Virtual size: 420B

.idata
Size: 4KB - Virtual size: 3KB

.rdata
Size: 512B - Virtual size: 32B

.reloc
Size: 512B - Virtual size: 4B