071dc7d20d6398c8e500761e7ddd25c1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

071dc7d20d6398c8e500761e7ddd25c1_JaffaCakes118
Size

790KB
MD5

071dc7d20d6398c8e500761e7ddd25c1
SHA1

019932c91d9b6bce79b4134e8739cd2c155e308f
SHA256

367c9fcadfdcdec4ae63e3fb213b6affbb8c8fb6253c4abfbb558df147de4765
SHA512

7358ead2311945c365ca2515b60d9fcb9eed4b6ea69e2d983936b674c27aff82c643de471676cdb27de7612a3d2f6aaf34814cf496d5e384cf54ef7eaa8f3f4e
SSDEEP

12288:UAMY03X3XXD3I33333k363k3haXkX+W3g35Q3z3a3Gv33XHI3vZI3333B3hlGXHT:qDcQdJ4Xhf5NwrDO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
071dc7d20d6398c8e500761e7ddd25c1_JaffaCakes118

Files

071dc7d20d6398c8e500761e7ddd25c1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

fd4b47da6f0da150d1178f4e613d424b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationW
LocalFree
GetLastError
SetFilePointerEx
GetVersionExW
GetFullPathNameW
GetFileSizeEx
GetDiskFreeSpaceExW
GetTimeFormatW
GetSystemInfo
GetProcAddress
GetModuleHandleA
GetLogicalDriveStringsW
GetDateFormatW
GetCurrentThread
GetCurrentProcess
FormatMessageW
DeviceIoControl
DeleteFileW
CreateHardLinkW
CloseHandle
GetStartupInfoA
GetProcessHeap
GetDriveTypeW
GetVersion
GetModuleHandleW
VirtualAllocEx
CreateFileW
GetCurrentProcessId
SetEndOfFile

user32

LoadIconA
LoadIconW

gdi32

CloseFigure
GetDCBrushColor
GetGraphicsMode
DeleteDC
EndDoc

advapi32

OpenEventLogW
RegOpenKeyExW
RegCloseKey
ReadEventLogW
OpenThreadToken
OpenProcessToken
LookupPrivilegeValueW
LookupAccountSidW
LookupAccountNameW
ImpersonateSelf
CloseEventLog
CheckTokenMembership
AllocateAndInitializeSid
AdjustTokenPrivileges
RegQueryValueExA
RegOpenKeyA
RegSetValueExW
RevertToSelf
RegQueryValueExW

ole32

CoTaskMemFree
StringFromIID

msvcrt

wprintf
wcsncat
wcslen
_XcptFilter
__p__commode
__p__fmode
__set_app_type
__setusermatherr
__wgetmainargs
__winitenv
_adjust_fdiv
_c_exit
_cexit
_controlfp
_errno
_except_handler3
_exit
_initterm
_wcsdup
_wcsicmp
_wcsnicmp
_wctime
calloc
exit
free
isalpha
isdigit
iswctype
malloc
printf
setlocale
swprintf
toupper
towupper
wcscat
wcscpy

Sections

.text
Size: 688KB - Virtual size: 688KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fd4b47da6f0da150d1178f4e613d424b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

msvcrt

Sections

.text Size: 688KB - Virtual size: 688KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 14KB - Virtual size: 14KB

.rsrc Size: 33KB - Virtual size: 33KB

.text
Size: 688KB - Virtual size: 688KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 33KB - Virtual size: 33KB