0915699129d3e2df337954acb07fb67a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0915699129d3e2df337954acb07fb67a_JaffaCakes118
Size

969KB
MD5

0915699129d3e2df337954acb07fb67a
SHA1

a3e90236af7b79ef64524865b247608c910b4c8f
SHA256

0577eec5075fb63cf9302f51a2ce2cf96458d84d85b8999e2da6596d172a37a3
SHA512

f22eb420706e83660c2d97a39b2d025613438d61a5e58fb6994913cd0dd8723a4e6235edc453811c48622fc422b1d1937e9d8604561952d098d7916f41f7fb21
SSDEEP

24576:aE/HutfwiR+W0Ui9TWluSupAm55ELeMAYNEtX:5OtoH6iAluXpOStoA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0915699129d3e2df337954acb07fb67a_JaffaCakes118

Files

0915699129d3e2df337954acb07fb67a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2e54f11caae3dce62ad71c1f47304d30

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

ImageNtHeader
ImageGetDigestStream
ImageRvaToVa
ImageDirectoryEntryToData

msvcrt

_CxxThrowException
__p__commode
_except_handler3
_wcslwr
_vsnwprintf
realloc
_initterm
qsort
exit
fputs
free
_wcsnicmp
wcsstr
iswspace
__CxxFrameHandler
??1type_info@@UAE@XZ
_adjust_fdiv
memset
wcslen
atoi
strchr
_snwprintf
_itow
__dllonexit
_snprintf
_purecall
vwprintf
_XcptFilter
__winitenv
__set_app_type
_exit
strncmp
_onexit
_wcsicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
_controlfp
wcsrchr
__p__fmode
?terminate@@YAXXZ
_c_exit
__wgetmainargs
_cexit
_itoa
_vsnprintf
_iob
__setusermatherr

msvfw32

ICGetInfo
ICRemove

kernel32

RemoveDirectoryA
GetLocaleInfoA
EndUpdateResourceW
FindClose
GetEnvironmentVariableA
InterlockedDecrement
GetModuleHandleW
OutputDebugStringA
CopyFileW
GlobalFree
CloseHandle
lstrcmpiA
GetOEMCP
GetThreadLocale
ReadFile
InterlockedExchange
LoadLibraryExW
GlobalAlloc
lstrlenW
FreeResource
InterlockedCompareExchange
RaiseException
GetFullPathNameA
LocalFree
GetVersion
GetFullPathNameW
GetACP
CopyFileA
SetFilePointer
GetFileAttributesW
ExitProcess
FreeLibrary
BeginUpdateResourceW
DebugBreak
GetFileAttributesA
WideCharToMultiByte
InterlockedIncrement
LoadLibraryExA
GetVersionExW
IsDebuggerPresent
GetFileInformationByHandle
FindNextFileW
UpdateResourceW
RemoveDirectoryW
GetSystemDirectoryA
lstrcpyA
lstrlenA

shell32

CommandLineToArgvW

user32

CharNextW
wsprintfW
CharNextA

ole32

CoUninitialize
StringFromIID
CLSIDFromString
CoTaskMemFree
CoInitialize
StringFromCLSID
CoCreateInstance

Sections

.text
Size: 706KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e54f11caae3dce62ad71c1f47304d30

Headers

File Characteristics

Imports

imagehlp

msvcrt

msvfw32

kernel32

shell32

user32

ole32

Sections

.text Size: 706KB - Virtual size: 706KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 251KB - Virtual size: 251KB

.rsrc Size: 7KB - Virtual size: 3.2MB

.text
Size: 706KB - Virtual size: 706KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 251KB - Virtual size: 251KB

.rsrc
Size: 7KB - Virtual size: 3.2MB