fa2d0b370d244dc84c07f0568f99443e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa2d0b370d244dc84c07f0568f99443e_JaffaCakes118
Size

144KB
MD5

fa2d0b370d244dc84c07f0568f99443e
SHA1

0a5aa4d073ee958e3fa7045d57cdb85b427a1d96
SHA256

f3ef32844e93cb558d1dfc0e231acd596ea99e5671d778959300bd286a8630ea
SHA512

a922ad01321e7a235f3d5d9ab0251eabd802ed127b295b37af8c4dda88bb5eba4f8dfd5f0e13d502969dcbf76f6c1afac13490639fcd2e47283a2727c1bdd2a0
SSDEEP

3072:LCcxecL9g+qiozPuz8SvjDwc3lGYxZQzBVcB6YRJkzcSJ0x2zkE:uo+zWbwSGYx2tOB6mXLA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa2d0b370d244dc84c07f0568f99443e_JaffaCakes118

Files

fa2d0b370d244dc84c07f0568f99443e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c05207a28d4ba5aac1c46011624ad8c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6394
ord6383
ord5440
ord5450
ord2818
ord537
ord2107
ord2841
ord3663
ord941
ord860
ord540
ord800
ord825
ord823

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_beginthread
sscanf
wcslen
isspace
iswspace
_ultoa
_mbscmp
strtoul
time
srand
rand
__CxxFrameHandler
atoi
wcscmp
_mbsnbicmp
_mbsnbcpy
_mbsrchr
_mbsicmp
_except_handler3
_local_unwind2
_itoa
atol
_itow

kernel32

HeapCreate
GetVersionExA
GetCommandLineA
HeapDestroy
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
WideCharToMultiByte
OpenProcess
TerminateProcess
CopyFileA
MoveFileA
MoveFileExA
FindNextFileA
GetProcessHeap
GetFileAttributesA
GetStartupInfoA
TerminateThread
GetCurrentProcess
DuplicateHandle
GetCurrentProcessId
VirtualFree
VirtualAlloc
GetModuleHandleA
QueryDosDeviceA
MultiByteToWideChar
CreateRemoteThread
CreateWaitableTimerA
SetWaitableTimer
GlobalAlloc
GlobalFree
GetTempFileNameA
WriteFile
CreateProcessA
WaitForSingleObject
FindFirstFileA
CreateDirectoryA
GetLastError
RemoveDirectoryA
FindClose
CreateFileA
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
HeapFree
ReadFile
HeapAlloc
GetFileSize
DeleteFileA

user32

FindWindowA
SendMessageA
PostQuitMessage
wsprintfA
CharLowerA
CharLowerW

advapi32

RegEnumValueA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegQueryValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey

shlwapi

StrRChrW
StrStrIW
StrStrIA
SHDeleteKeyA
StrStrW
StrStrA
StrRChrA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetConnectA
InternetSetOptionA
HttpOpenRequestA
InternetReadFile
InternetOpenUrlA
HttpSendRequestA
HttpQueryInfoA
InternetOpenA
InternetCloseHandle

setupapi

SetupIterateCabinetA

ws2_32

WSCEnumProtocols
WSCInstallProvider
WSCDeinstallProvider
WSCGetProviderPath

rpcrt4

UuidFromStringA

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c05207a28d4ba5aac1c46011624ad8c7

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shlwapi

version

wininet

setupapi

ws2_32

rpcrt4

Sections

.text Size: 116KB - Virtual size: 115KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 7KB

.text
Size: 116KB - Virtual size: 115KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 7KB