f9d453b677d66ad762d72ad73e1ed621_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f9d453b677d66ad762d72ad73e1ed621_JaffaCakes118
Size

38KB
MD5

f9d453b677d66ad762d72ad73e1ed621
SHA1

9023c51adb6637bcbdacfcb4ff226be081e616a9
SHA256

86268e34c8bd0602394abdafdefdc2a13feb9b71e08930c17b19ed8d4857e0d8
SHA512

de3f8cf4a99199ce1254a99cc42570ad4ffc7ac79ee0bf7d35705574a1dd5e3e02a05772df1b32c9308512f6997642263b5716a809647481b0deee125059214c
SSDEEP

768:35Vm/9p7++PCf+PqWnZfa20NuLefoEfZjKoES630tV:e7+H+Pqefa/oCZgPE3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9d453b677d66ad762d72ad73e1ed621_JaffaCakes118

Files

f9d453b677d66ad762d72ad73e1ed621_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6e1df797b474c0f905a473c9407802b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetFileTime
CreateFileA
GetWindowsDirectoryA
GetVersionExA
WriteFile
SetFilePointer
GetSystemDirectoryA
InterlockedIncrement
InterlockedDecrement
CreateThread
ExitProcess
GetProcAddress
LoadLibraryA
Process32Next
Process32First
CreateToolhelp32Snapshot
SetCurrentDirectoryA
DeleteFileA
SetFileTime
CreateProcessA
GetLocalTime
GlobalFree
ReadFile
GlobalAlloc
GetFileSize
CopyFileA
GetCommandLineA
GetModuleFileNameA
GetCurrentProcessId
SizeofResource
LoadResource
FindResourceA
FreeLibrary
GetLastError
SetErrorMode
GetStartupInfoA
GetModuleHandleA
lstrlenA
lstrcpyA
WideCharToMultiByte
Sleep
LocalAlloc
MultiByteToWideChar
LocalFree
CreateMutexA

user32

CharUpperBuffA
CreateWindowExA
PostQuitMessage
DefWindowProcA
GetMessageA
DispatchMessageA
TranslateMessage
LoadCursorA
RegisterClassExA

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCreateKeyExA
RegCloseKey

ole32

CoCreateInstance
OleInitialize
CoInitialize
CoCreateGuid
StringFromGUID2
OleUninitialize

urlmon

URLDownloadToFileA

oleaut32

SysAllocString
VariantInit
SafeArrayAccessData
SafeArrayCreateVector
SafeArrayDestroy
SafeArrayUnaccessData
SysFreeString
VariantClear
VariantCopy

msvcrt

free
_strlwr
_strcmpi
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
strncpy
fopen
fread
fclose
atol
fseek
wcslen
strstr
??3@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler
_stricmp
sprintf

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6e1df797b474c0f905a473c9407802b1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

urlmon

oleaut32

msvcrt

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 195KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 195KB

.rsrc
Size: 11KB - Virtual size: 11KB