0deee20c595fa349a755ee311370ad8f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0deee20c595fa349a755ee311370ad8f_JaffaCakes118
Size

113KB
MD5

0deee20c595fa349a755ee311370ad8f
SHA1

e9d63c829707284a6390cf7affe190ab1d3360b8
SHA256

7e7cd977c3abbb03a0b25e92a79707894ca58f860a6d3e3f039ea8fba51b8439
SHA512

663b53f06989122eb402dc59e87e6b0e0ac311a4f0a1f063bcbbc7aa468adacb2fd3ce243d180d9afd0608e1c5d54b56118cf4e907d0defb86111c84e760350f
SSDEEP

1536:JbLihNNyPGoJJq+svg9373X7+a4nAliVhZpJ5Bmc1Dsl9At5RuFckqJdBwAbTr:JbLOyJsnvgJz79SpbkT6t5wFBmdBtP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

0deee20c595fa349a755ee311370ad8f_JaffaCakes118

resource
0deee20c595fa349a755ee311370ad8f_JaffaCakes118

Files

0deee20c595fa349a755ee311370ad8f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a30a0500e42c1c2a47d73d6b33cde834

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetDefaultCommConfigA
SearchPathW
SetPriorityClass
SetFilePointer
LoadResource
SetUnhandledExceptionFilter
InterlockedIncrement
_lwrite
ReadConsoleA
CompareFileTime
OpenSemaphoreA
ConnectNamedPipe
CallNamedPipeW
GetProcessPriorityBoost
GetModuleHandleW
SetCommState
GlobalAlloc
Sleep
CopyFileW
GetPrivateProfileStructW
SetSystemTimeAdjustment
GetFileAttributesW
IsBadWritePtr
EnumResourceNamesW
ExitThread
lstrlenW
FreeLibraryAndExitThread
SetLastError
GetProcAddress
SetStdHandle
SetFileApisToOEM
GetLocalTime
LoadLibraryA
BuildCommDCBAndTimeoutsW
IsSystemResumeAutomatic
GetTapeParameters
WaitForMultipleObjects
SetEnvironmentVariableA
lstrcatW
FreeEnvironmentStringsW
GetCurrentDirectoryA
FindAtomW
GetProfileSectionW
lstrcpyA
GetACP
FileTimeToDosDateTime
GetLastError
MoveFileA
GetStartupInfoW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
GetModuleHandleA
RaiseException

Exports

Exports

_gekkon@4
_gifgeek@8

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 43.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a30a0500e42c1c2a47d73d6b33cde834

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 84KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 6KB - Virtual size: 43.5MB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 84KB - Virtual size: 84KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 6KB - Virtual size: 43.5MB

.rsrc
Size: 12KB - Virtual size: 12KB