JaffaCakes118_0571161f1bc19fc2b1622b858acc9e30

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_0571161f1bc19fc2b1622b858acc9e30
Size

186KB
MD5

0571161f1bc19fc2b1622b858acc9e30
SHA1

940f4e0c25df2011abf18790fd677e8857f7d357
SHA256

7235b443fadde3a0fb0dfb9dad0d7efa86ad9c4b7738e5c5b93df9c7c2c8830b
SHA512

2edfd999e0ea55ced1f4837bc1a9dd8fbcd728dbc6e439fd63fa65a53fa3f55a62117a42b83ee676fbb44f50f8ecb869522a906e9482b81145de2ebc833cd0fa
SSDEEP

3072:wjg1HFZoauWRFCSMAwzzl1MIKQ+xhE5dNM5GKPqReR3Vdw7n/DhQzy/E0:CaH7fWzzlh5H/R0hVgG0X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_0571161f1bc19fc2b1622b858acc9e30

Files

JaffaCakes118_0571161f1bc19fc2b1622b858acc9e30
.exe windows:4 windows x86 arch:x86

bce7d88b372bda94d6a5c3cbd25381d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dssm.pdb

Imports

kernel32

GetFileAttributesW
CopyFileW
CreateFileW
GetFileAttributesExW
CreateEventW
SystemTimeToFileTime
FindFirstFileW
GetSystemTimeAsFileTime
CreateDirectoryW
InterlockedCompareExchange
MoveFileExW
GetFullPathNameW
RemoveDirectoryW
ReadFile
SetFilePointer
WriteFile
GetTempFileNameW
GetTempPathW
SetFileAttributesW
GetDriveTypeW
MapViewOfFile
CreateFileMappingA
SetLastError
ResetEvent
GetModuleHandleW
WaitForSingleObject
GetCurrentThreadId
InterlockedExchange
GetExitCodeThread
CreateThread
SetUnhandledExceptionFilter
GlobalFree
GlobalAlloc
GetQueuedCompletionStatus
CreateIoCompletionPort
LoadLibraryW
DeleteFileW
CloseHandle
GetLastError
FindClose
SetEvent
UnmapViewOfFile
FileTimeToSystemTime
FindNextFileW
RaiseException
FreeLibrary
LocalAlloc
GetStartupInfoA
GetProcessHeap
HeapAlloc
HeapFree
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
VirtualProtect
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LocalFree
GetModuleFileNameW
LoadLibraryA
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
LoadLibraryExW

user32

PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
TranslateMessage
DispatchMessageW

advapi32

RegQueryValueExW
EncryptFileW
DecryptFileW
RegOpenKeyExW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegCloseKey

ole32

CoDisconnectObject
CoTaskMemAlloc
CoRevokeClassObject
CoReleaseServerProcess
CoAddRefServerProcess
CoRegisterClassObject
StringFromGUID2
CoTaskMemFree
CLSIDFromString
CoUninitialize
CoInitialize
CoRegisterMessageFilter
CoResumeClassObjects
CreateStreamOnHGlobal
CoCreateInstance
CreateClassMoniker
GetRunningObjectTable

rpcrt4

UuidCreate

iphlpapi

NotifyRouteChange

shlwapi

wnsprintfW

msvcrt

__CxxFrameHandler
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
__dllonexit
_onexit
_controlfp
memmove
_except_handler3
??1type_info@@UAE@XZ
_CxxThrowException
swprintf

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bce7d88b372bda94d6a5c3cbd25381d9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

ole32

rpcrt4

iphlpapi

shlwapi

msvcrt

Sections

.text Size: 105KB - Virtual size: 105KB

.data Size: 512B - Virtual size: 1KB

.cdata Size: 512B - Virtual size: 4B

.rsrc Size: 70KB - Virtual size: 72KB

.text
Size: 105KB - Virtual size: 105KB

.data
Size: 512B - Virtual size: 1KB

.cdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 70KB - Virtual size: 72KB