JaffaCakes118_8d92811fc9063ef8c850577853a972d7a90de422bac891afb36916587f37878a

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_8d92811fc9063ef8c850577853a972d7a90de422bac891afb36916587f37878a
Size

287KB
MD5

25172811500a72cb3f5b11c4c6ac33e7
SHA1

7759eb7c31b0c0cb8a382de6b6b2f9d9bea3efac
SHA256

8d92811fc9063ef8c850577853a972d7a90de422bac891afb36916587f37878a
SHA512

87c24014fc5cb3dd8fa3ee39a73ec82d9dd0e07ab056a4ef26924cde131a2bd3b1e33bc1f59bd776841d91a59d7388a16932e07764a947389a089f7ff6d348a9
SSDEEP

1536:6wOzHMkC5wjP6kUm8sGaCvspGdWnbZNOcVjsqPrGchkchyhs8mNI5Qphsw:ck2/Z/CvsphnbZNpjserlRghs8D5ehs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_8d92811fc9063ef8c850577853a972d7a90de422bac891afb36916587f37878a

Files

JaffaCakes118_8d92811fc9063ef8c850577853a972d7a90de422bac891afb36916587f37878a
.exe windows:5 windows x86 arch:x86

1d0a101d1d3bf7946ad14b8ea6724ff4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\teretela\tawuhowozixi-fikexuxu\casunay.pdb

Imports

kernel32

GetConsoleAliasesLengthW
GetLocaleInfoA
SetComputerNameExA
GetConsoleAliasA
InterlockedDecrement
CompareFileTime
WriteConsoleInputA
EnumCalendarInfoExW
ReadConsoleW
CreateActCtxW
FindResourceExA
ReadConsoleInputA
CopyFileW
ReadFileScatter
DnsHostnameToComputerNameW
GetWriteWatch
WriteConsoleW
TerminateProcess
DeactivateActCtx
GetLongPathNameW
SetLastError
GetProcAddress
VirtualAlloc
LocalAlloc
HeapLock
OpenJobObjectW
WaitForMultipleObjects
GetModuleFileNameA
SetConsoleTitleW
GetModuleHandleA
DebugBreakProcess
GetStringTypeW
GetConsoleTitleW
GetVersionExA
SetFileValidData
SwitchToThread
GetLastError
HeapReAlloc
HeapAlloc
GetCommandLineA
GetStartupInfoA
HeapFree
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapCreate
VirtualFree
Sleep
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
InitializeCriticalSectionAndSpinCount
LoadLibraryA
RaiseException
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
HeapSize

user32

ClientToScreen

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 39.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fafoha
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d0a101d1d3bf7946ad14b8ea6724ff4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 162KB - Virtual size: 162KB

.data Size: 32KB - Virtual size: 39.2MB

.fafoha Size: 3KB - Virtual size: 2KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 162KB - Virtual size: 162KB

.data
Size: 32KB - Virtual size: 39.2MB

.fafoha
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 40KB - Virtual size: 40KB