07c4844a2265fa98e51d49632810db29_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

07c4844a2265fa98e51d49632810db29_JaffaCakes118
Size

24KB
MD5

07c4844a2265fa98e51d49632810db29
SHA1

c2f15b240f35bf1d0e54c093bd9f2b68bf15a5a2
SHA256

98a0a5d51264cc64a644a37bbfb3d316df826f70f6c234a3de0d3f7af7731ef5
SHA512

f36da21c00b231dc21a691ca2b988b799dd226ed109184c8edb835b08a057458e030f059f348c9ef728a34a9251fea4d56245ea35d1bda5bd0bf1da191557bdf
SSDEEP

192:rO29ZA36H5kdRgaky9A9hH3JTy2DNIh4QQAQ91oynCPoGTTls4:rOOK36H5Yaaky9Av3JDQZK1YPdTTy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
07c4844a2265fa98e51d49632810db29_JaffaCakes118

Files

07c4844a2265fa98e51d49632810db29_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eb70773470c0617825700405a8a61e12

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

mfc42

ord2976
ord3830
ord2985
ord3825
ord3079
ord4080
ord4622
ord3081
ord3831
ord3136
ord4465
ord3262
ord5714
ord2092
ord5484
ord366
ord2725
ord825
ord354
ord5186
ord6385
ord1576
ord1979
ord3811
ord2982
ord3259
ord3147
ord561
ord5289
ord5307
ord665
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord823
ord815
ord6215
ord4424
ord3738
ord1168

msvcrt

_onexit
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_controlfp
__dllonexit
strrchr
strcmp
malloc
_EH_prolog
__CxxFrameHandler
strstr
strcpy
strlen
time
strcat
sprintf
memset
memcpy
srand
_beginthreadex
rand
free
_setmbcp
_strupr

kernel32

LockResource
CopyFileA
GetTempPathA
GetModuleFileNameA
DeleteFileA
GetWindowsDirectoryA
WaitForSingleObject
GetVolumeInformationA
GetComputerNameA
GlobalMemoryStatus
GetSystemInfo
CreateEventA
CloseHandle
SetEvent
WritePrivateProfileStringA
GetPrivateProfileStringA
GetCurrentThread
GetVersionExA
GetVersion
GetExitCodeThread
Sleep
TerminateThread
GetStartupInfoA
GetModuleHandleA
LoadResource
FindResourceA

user32

EnumWindows
GetWindowTextA
SendMessageA
PostMessageA
ExitWindowsEx

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
GetUserNameA
RegQueryValueExA
LookupPrivilegeValueA
ImpersonateSelf
OpenThreadToken
AdjustTokenPrivileges

shell32

ShellExecuteA

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb70773470c0617825700405a8a61e12

Headers

File Characteristics

Imports

wininet

mfc42

msvcrt

kernel32

user32

advapi32

shell32

Sections

.text Size: 8KB - Virtual size: 5KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 820B

.rsrc Size: 4KB - Virtual size: 272B

.text
Size: 8KB - Virtual size: 5KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 820B

.rsrc
Size: 4KB - Virtual size: 272B