b072bd53f96eb7f9564c7a4414f50f0b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b072bd53f96eb7f9564c7a4414f50f0b_JaffaCakes118
Size

568KB
MD5

b072bd53f96eb7f9564c7a4414f50f0b
SHA1

c641ee060897c28bf460ee43627f0f7e38131650
SHA256

28147931a38bf0944c206d5e3fc52f75cff81f588b0f8d95dab1b8f37bdd6a1a
SHA512

7b78d79de0a5732e426c2fb482d88aedaa7bcf4c1955166f1df8cbb336cb668afffb3f10302f619a3f7ae035e9841dffbd0a8f73cdfd04399a51e3e5e1bd3850
SSDEEP

12288:GfIK0Xnn2SAXZUgKPLWg4+cLeWNTOg2d1yrvF:i4XnnzAX+zPqzLL3l2jyr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b072bd53f96eb7f9564c7a4414f50f0b_JaffaCakes118

Files

b072bd53f96eb7f9564c7a4414f50f0b_JaffaCakes118
.dll windows:4 windows x86 arch:x86

495dbada16b5f25b6891e0b1f202ae2e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\These_Follow\Pound\Fight\Love.pdb

Imports

kernel32

WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
ReadFile
GetLocaleInfoW
SetStdHandle
LoadLibraryA
ResetEvent
HeapSize
CloseHandle
CreateFileA
VirtualProtect
DeleteFileW
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GlobalFree
VirtualProtectEx
VirtualAlloc
GetCurrentDirectoryW
GetModuleFileNameW
GlobalAlloc
VirtualFree
GlobalLock
CreateDirectoryW
SetErrorMode
GetEnvironmentVariableW
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
GetProcessHeap
GetCPInfo
GetLastError
RaiseException
RtlUnwind
LCMapStringA
LCMapStringW
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
CompareStringA
CompareStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime

user32

SetClipboardData
SendMessageA
CheckRadioButton
DestroyWindow
SetCursor
GetDlgItemInt
SetForegroundWindow
IsClipboardFormatAvailable
InsertMenuItemW
GetScrollRange
SetDlgItemInt
SendDlgItemMessageW

gdi32

LineTo
MoveToEx
SetBkMode
IntersectClipRect

uxtheme

GetThemeTextExtent
CloseThemeData
GetThemeFont

crypt32

CertEnumCertificatesInStore
CryptHashCertificate
CertGetCertificateChain
CertFreeCertificateContext
CertFreeCertificateChain
CertOpenStore
CryptDecodeObject
CertDeleteCertificateFromStore
CertCreateCertificateContext
CertVerifyCertificateChainPolicy
CryptEncodeObject

Exports

Exports

Fall
Parentinstrument
Spacethan

Sections

.text
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 348KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

495dbada16b5f25b6891e0b1f202ae2e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

uxtheme

crypt32

Exports

Exports

Sections

.text Size: 196KB - Virtual size: 193KB

.rdata Size: 348KB - Virtual size: 344KB

.data Size: 8KB - Virtual size: 74KB

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 196KB - Virtual size: 193KB

.rdata
Size: 348KB - Virtual size: 344KB

.data
Size: 8KB - Virtual size: 74KB

.reloc
Size: 12KB - Virtual size: 10KB