ba9f55ce820b48d6f1c78c10e7434db7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ba9f55ce820b48d6f1c78c10e7434db7_JaffaCakes118
Size

767KB
MD5

ba9f55ce820b48d6f1c78c10e7434db7
SHA1

b4e5b48f0a19ff733caa0a25d4cd3930b8cee023
SHA256

9748e28cd2e2a1a06ed9a5125b085e3e72654aa7cfc9d2f8400b7355ecd0c471
SHA512

c004261ae37b57a494a427506b19135d9b62b142fdc6cbab947d304fa31d4182b0336b37f1ffac30674aa8ed43684ebf748a27820dc8164374ad03ceff1ed5c1
SSDEEP

12288:+OSzSJpSkJFVxPlySItIuTrVbOTUs/yDGzQHYX/eeS9NE6bmInNqrXWSk13c31In:Q6pSGPT2FOTU3DjHeeeANEe9ArXk3cFQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

ba9f55ce820b48d6f1c78c10e7434db7_JaffaCakes118

resource
ba9f55ce820b48d6f1c78c10e7434db7_JaffaCakes118

Files

ba9f55ce820b48d6f1c78c10e7434db7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

99620e57ed01ce72a65e18fd03f25b2b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

_llseek
GetDefaultCommConfigW
BuildCommDCBAndTimeoutsA
HeapAlloc
SetConsoleTextAttribute
SetConsoleScreenBufferSize
SetCommBreak
GetTickCount
GetWindowsDirectoryA
OpenProcess
WideCharToMultiByte
Sleep
SetSystemPowerState
GetAtomNameW
GetModuleFileNameW
GetVolumePathNameA
lstrlenW
DisconnectNamedPipe
EnumSystemLocalesA
FindFirstFileExA
GetLastError
GetConsoleAliasesLengthW
EnumDateFormatsExA
EnumSystemCodePagesW
SetFileApisToOEM
ProcessIdToSessionId
GetProcessWorkingSetSize
LocalAlloc
IsSystemResumeAutomatic
SetConsoleOutputCP
GetCommMask
FindAtomA
GetModuleHandleA
VirtualProtect
FatalAppExitA
PeekConsoleInputA
SetCalendarInfoA
GetWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
EnumResourceLanguagesW
lstrcpyW
GetLongPathNameW
SetVolumeLabelA
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
RtlUnwind
IsProcessorFeaturePresent
SetFilePointer
HeapFree
CloseHandle
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
CreateFileA
RaiseException
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
SetEndOfFile
GetProcessHeap
MultiByteToWideChar
ReadFile
WriteConsoleW
HeapSize
LCMapStringW
GetStringTypeW
CreateFileW

user32

GetCaretPos

advapi32

EnumServicesStatusA

Exports

Exports

@calcPrecision@4

Sections

.text
Size: 634KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 699KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99620e57ed01ce72a65e18fd03f25b2b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 634KB - Virtual size: 634KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 6KB - Virtual size: 699KB

.rsrc Size: 109KB - Virtual size: 108KB

.text
Size: 634KB - Virtual size: 634KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 6KB - Virtual size: 699KB

.rsrc
Size: 109KB - Virtual size: 108KB