JaffaCakes118_42de7faacee0b560792dbc0876bc9c00

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_42de7faacee0b560792dbc0876bc9c00
Size

180KB
MD5

42de7faacee0b560792dbc0876bc9c00
SHA1

c30c033840aeb2bfd49edcfe5fd653d2d21dd015
SHA256

741d0060909bc57c736f0e568cd53af960d11086e8072c80678dab9d72523e72
SHA512

9783aa7e44ea39bd21d20c4e9686cb8b99d93708984e0106143edf88c2852e39fae00c4e8913890933f07c65750e4edf69d47987eba9a78b105d5664bdadea85
SSDEEP

3072:HRCQ47Gvlbd4uaHfJFozSfKfXIkifKV1vWZgNQk0:sH2quWfiifKjWCNi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_42de7faacee0b560792dbc0876bc9c00

Files

JaffaCakes118_42de7faacee0b560792dbc0876bc9c00
.dll windows:4 windows x86 arch:x86

ca1b754b0c0c682187e9937663024a55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
OutputDebugStringA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
SuspendThread
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
CreateFileA
SetUnhandledExceptionFilter
CompareStringW
CompareStringA
SetEndOfFile
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
HeapFree
HeapAlloc
RtlUnwind
InterlockedDecrement
InterlockedIncrement
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetLastError
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
GetCommandLineA
GetVersion
RaiseException
ExitProcess
TerminateProcess
HeapReAlloc
HeapSize
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
FlushFileBuffers
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetFullPathNameA
GetCurrentDirectoryA
ReadFile
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetStringTypeA
GetStringTypeW
SetEnvironmentVariableA

shell32

ShellExecuteA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

PathFileExistsA

Exports

Exports

AddFile
Init_CrashCatch

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ca1b754b0c0c682187e9937663024a55

Headers

File Characteristics

Imports

kernel32

shell32

version

shlwapi

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 76KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 16KB - Virtual size: 20KB

.reloc Size: 8KB - Virtual size: 6KB

.rmnet Size: 60KB - Virtual size: 60KB

.text
Size: 80KB - Virtual size: 76KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 16KB - Virtual size: 20KB

.reloc
Size: 8KB - Virtual size: 6KB

.rmnet
Size: 60KB - Virtual size: 60KB