JaffaCakes118_c95de79d76a72a2b6ce211f6a626f575a5f6df83726a25acb84ebf3d095650a2

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_c95de79d76a72a2b6ce211f6a626f575a5f6df83726a25acb84ebf3d095650a2
Size

290KB
MD5

e758d3f8e1a43e4b8fd0c982394216a0
SHA1

b8713215a45d83019881f18215f044bac9073a4f
SHA256

c95de79d76a72a2b6ce211f6a626f575a5f6df83726a25acb84ebf3d095650a2
SHA512

fd099504787bf3644253ea503cc742ad07fb1abfc96524649137050c9f597950a0686749df76a6afcf54698d7cfe91d24e6062d1f99132b784b9ffac0357493f
SSDEEP

6144:cKda0k5CPY6+hdbbIPyISpx+dGYIS2oWPfG/5J:cK2cPP+hdbbIapKt2O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_c95de79d76a72a2b6ce211f6a626f575a5f6df83726a25acb84ebf3d095650a2

Files

JaffaCakes118_c95de79d76a72a2b6ce211f6a626f575a5f6df83726a25acb84ebf3d095650a2
.exe windows:5 windows x86 arch:x86

35abdb03f9037b5fdc551f3f0dbee4fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\kam yogoraf.pdb

Imports

kernel32

FindNextVolumeW
LeaveCriticalSection
GetNamedPipeHandleStateW
FileTimeToLocalFileTime
ExitProcess
GetCurrentProcessId
GetVersionExA
EnumDateFormatsExW
FillConsoleOutputCharacterA
EnumResourceNamesA
FindNextFileW
CopyFileExW
BuildCommDCBAndTimeoutsA
SetDefaultCommConfigA
WritePrivateProfileStructA
HeapSetInformation
CreateTimerQueue
ReadConsoleInputA
GetSystemDirectoryW
GetDriveTypeA
GetProcAddress
LoadLibraryA
GlobalAlloc
VerifyVersionInfoA
GetBinaryTypeA
InterlockedExchange
FindFirstChangeNotificationW
FormatMessageW
SetDllDirectoryW
GetQueuedCompletionStatus
WritePrivateProfileStringW
GetConsoleAliasesLengthW
GetProcessHeap
OpenWaitableTimerA
UnlockFile
InterlockedIncrement
GetStartupInfoA
GetSystemWow64DirectoryW
SetLastError
GetConsoleAliasExesA
ContinueDebugEvent
EndUpdateResourceW
GetLastError
FatalAppExitA
SetSystemTime
OpenFileMappingA
lstrcmpW
TerminateThread
SetConsoleActiveScreenBuffer
SetDefaultCommConfigW
VirtualFree
InterlockedCompareExchange
GlobalUnfix
GetSystemWindowsDirectoryA
CopyFileW
TerminateProcess
GetACP
FindAtomA
HeapUnlock
SetMailslotInfo
CreateActCtxA
_lread
GetOverlappedResult
CreateNamedPipeW
GetAtomNameW
SetConsoleScreenBufferSize
EnumResourceTypesW
lstrlenA
EndUpdateResourceA
WriteConsoleA
VirtualProtect
lstrcpyA
GetModuleHandleA
ReadConsoleOutputA
SetThreadContext
BuildCommDCBA
AddRefActCtx
GetStringTypeW
GetPrivateProfileStringW
GetFileAttributesW
MoveFileW
GetVolumePathNameA
SetCommMask
SetFileShortNameA
LockFile
EnumDateFormatsExA
QueryActCtxW
PostQueuedCompletionStatus
FreeConsole
GlobalGetAtomNameW
SetComputerNameW
WriteConsoleInputW
CreateMailslotA
TzSpecificLocalTimeToSystemTime
SetLocalTime
GetStringTypeExA
EnumSystemLocalesW
CallNamedPipeA
GetConsoleAliasExesLengthA
FindActCtxSectionStringW
CopyFileA
ResetWriteWatch
GetPrivateProfileIntW
GetModuleHandleExA
GetConsoleAliasExesLengthW
GetTickCount
OpenWaitableTimerW
GetConsoleAliasesLengthA
GlobalWire
FillConsoleOutputCharacterW
GetCompressedFileSizeA
SetThreadPriority
MapUserPhysicalPages
WriteConsoleOutputCharacterA
EnumDateFormatsW
TerminateJobObject
CreateFileW
GetDateFormatW
BuildCommDCBAndTimeoutsW
InterlockedDecrement
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
RaiseException
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
RtlUnwind
GetStartupInfoW
HeapValidate
IsBadReadPtr
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
DebugBreak
GetStdHandle
WriteFile
OutputDebugStringA
WriteConsoleW
GetFileType
OutputDebugStringW
LoadLibraryW
QueryPerformanceCounter
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
HeapDestroy
HeapCreate
HeapFree
GetModuleFileNameA
FlushFileBuffers
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapAlloc
HeapSize
HeapReAlloc
VirtualAlloc
GetOEMCP
GetCPInfo
IsValidCodePage
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
SetStdHandle
GetConsoleOutputCP
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetLocaleInfoA
CloseHandle
CreateFileA

Sections

.text
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 67KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35abdb03f9037b5fdc551f3f0dbee4fa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

Sections

.text Size: 158KB - Virtual size: 157KB

.data Size: 67KB - Virtual size: 319KB

.rsrc Size: 63KB - Virtual size: 63KB

.text
Size: 158KB - Virtual size: 157KB

.data
Size: 67KB - Virtual size: 319KB

.rsrc
Size: 63KB - Virtual size: 63KB