20927c9602bbcc1dc321fd8507d500ab_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

20927c9602bbcc1dc321fd8507d500ab_JaffaCakes118
Size

656KB
MD5

20927c9602bbcc1dc321fd8507d500ab
SHA1

5411ffa73810de2dad5e2e8e7a6252636bdd2cd0
SHA256

c17685aa3d5bab698220efce4d61ea4dccca908a4521fdce4df469f6f19fdb32
SHA512

fa15303161143d2763a717ec79d8c6ca670b906d0af619d035a31e9e6001e5502390f56280088bb49ac0860c70ec0202abdc5b539559c1928cde6660503363ca
SSDEEP

12288:mOOUWekZ3kuY1bJzTCVggvfQ8tgZ8m9bG0bY5UN481wwtE/XTz2jW+23dm:CUWekZ0nqagHO9Q5f5T+C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

20927c9602bbcc1dc321fd8507d500ab_JaffaCakes118

resource
20927c9602bbcc1dc321fd8507d500ab_JaffaCakes118

Files

20927c9602bbcc1dc321fd8507d500ab_JaffaCakes118
.exe windows:5 windows x86 arch:x86

866c4cde962f3edc6c973eb9bc2abd45

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\pizubamitivekuwes-nipedusomomozaheha-kasik12-po.pdb

Imports

kernel32

lstrcpyW
GetModuleHandleA
ExpandEnvironmentStringsA
lstrcpyA
MoveFileW
VerifyVersionInfoW
GetTickCount
GetLocalTime
ExitThread
GetLongPathNameW
LocalAlloc
WritePrivateProfileStructA
GetProcAddress
EncodePointer
DecodePointer
RaiseException
RtlUnwind
GetCommandLineW
IsProcessorFeaturePresent
GetLastError
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
SetLastError
GetCurrentThread
GetCurrentThreadId
GetProcessHeap
GetModuleFileNameW
WriteFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
CreateSemaphoreW
SetConsoleCtrlHandler
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FatalAppExitA
FreeLibrary
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
HeapReAlloc
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
GetStringTypeW
FlushFileBuffers
ReadFile
ReadConsoleW
SetStdHandle
WriteConsoleW
CloseHandle
CreateFileW

advapi32

RegDeleteKeyA
LookupPrivilegeDisplayNameW
GetSidSubAuthorityCount
EqualSid
IsValidSid
InitiateSystemShutdownW

Sections

.text
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 396KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

866c4cde962f3edc6c973eb9bc2abd45

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

Sections

.text Size: 173KB - Virtual size: 172KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 8KB - Virtual size: 124KB

.text Size: 396KB - Virtual size: 399KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 173KB - Virtual size: 172KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 8KB - Virtual size: 124KB

.text
Size: 396KB - Virtual size: 399KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 9KB - Virtual size: 8KB