4094132f01e0dcc6b6fc900d87efa815_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4094132f01e0dcc6b6fc900d87efa815_JaffaCakes118
Size

116KB
MD5

4094132f01e0dcc6b6fc900d87efa815
SHA1

376de26f71354b298aba4d1b108c14bde1da56bb
SHA256

f097b68d6bd4c28d4d4d073375a2924e93a39580859421a2420b062f02d97e2e
SHA512

7c384e4d2e1239636b322c22a42f46b1d7cce363a4464eab89bde061697ea1d991cea41b3e2e13a9e1b0ee4461f0e9e51aa00b86d6878752e8562ba919efeda3
SSDEEP

3072:KZ57rwoYyD6i2uo08L3Ec2C+ImUD4yK3E8:ArdYdOA0c2C+ImUD4yK3E8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4094132f01e0dcc6b6fc900d87efa815_JaffaCakes118

Files

4094132f01e0dcc6b6fc900d87efa815_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1db389c7a1f19ee8e3297c615222cbf9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

drs732

drs_new_shapes
do_ocr
drs7_free_coords
drs7_read_coordinates
drs7_read_one
drs7_read_nbr_alternatives
drs7_read_alternative
drs7_prep_coords
ord14
ord63
drs7_init
ord2
drs7_upset

fmtcp8

?IpeShareFunct@@YAHPAX000@Z
?IpeFontAppend@@YAPAXHPAD@Z
Format_API_SetParam
Format_InitAPI
?IpeProcess@@YAHPAX@Z
?IpeStartup@@YAPAXPAXHHHPAD0HPAUHINSTANCE__@@0@Z
Format_CloseAPI
?IpeCloseFont@@YAHPAX@Z

kernel32

LoadResource
SetEnvironmentVariableA
CompareStringW
CompareStringA
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
CreateFileA
FlushFileBuffers
SetStdHandle
SetFilePointer
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
MapViewOfFile
CloseHandle
UnmapViewOfFile
WaitForSingleObject
ReleaseMutex
ReleaseSemaphore
Sleep
GlobalUnlock
GlobalHandle
GlobalFree
GetModuleFileNameA
GetLastError
GetShortPathNameA
GetProcAddress
LoadLibraryA
FreeResource
LockResource
FreeEnvironmentStringsW
FindResourceA
GlobalAlloc
GlobalLock
FindClose
FindFirstFileA
FreeLibrary
GetModuleHandleA
GetStartupInfoA
UnhandledExceptionFilter
WriteFile
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCommandLineA
HeapReAlloc
VirtualAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapAlloc
HeapFree
MoveFileA
DeleteFileA
TerminateProcess
GetCurrentProcess
GetVersion
ExitProcess
HeapCreate
WideCharToMultiByte
HeapDestroy
VirtualFree

user32

GetMessageA
RegisterClassA
DefWindowProcA
LoadIconA
IsWindow
TranslateMessage
DispatchMessageA
CreateWindowExA

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1db389c7a1f19ee8e3297c615222cbf9

Headers

File Characteristics

Imports

drs732

fmtcp8

kernel32

user32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 15KB

.rsrc Size: 48KB - Virtual size: 81KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 15KB

.rsrc
Size: 48KB - Virtual size: 81KB