09d8a0321649040d23742c35b716aad4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

09d8a0321649040d23742c35b716aad4_JaffaCakes118
Size

77KB
MD5

09d8a0321649040d23742c35b716aad4
SHA1

e6a130e609503c0543544ac2a964bdb98d408d13
SHA256

388c20dc3491247038cf53e85834bd13212629e2998100ad908d97f497d7fd64
SHA512

8c8bc2a30fdf553390766e7104eae500e8a3ebf1e048795e4ad4cbb3346cf36dee6c68aef6d4e628aaaece7060ea38741b8660c6915354b5d501b430f8ef8d97
SSDEEP

1536:xMfpF4SFUo8/jgrnY9NLNtodkWo22RRwQQCG6M3d9lFbBx:x5SFMbg89tNtGBrNt6yrXbBx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09d8a0321649040d23742c35b716aad4_JaffaCakes118

Files

09d8a0321649040d23742c35b716aad4_JaffaCakes118
.exe windows:1 windows x86 arch:x86

7df276f5103e97cc72f79da47b2c4f70

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitThread
InterlockedExchange
GetModuleFileNameA
IsBadStringPtrA
GlobalMemoryStatus
Module32First
GetEnvironmentVariableA
GetExitCodeThread
GetOEMCP
GetSystemDirectoryA
FreeLibrary
VirtualFree
GetSystemInfo
LoadLibraryW
HeapAlloc
GetConsoleMode
GetFileTime
GetProcessAffinityMask
ExpandEnvironmentStringsA
GetStartupInfoA
ReadFile
Module32Next
lstrcpyA
GlobalLock
GlobalAddAtomA
ExitProcess
CompareStringA
GetStringTypeA
SearchPathA
InterlockedDecrement
QueryPerformanceCounter
TerminateProcess
GetModuleHandleA
UnmapViewOfFile
TerminateThread

gdi32

EndPage
LineTo
ExtTextOutA
SetBkColor
CreateDIBSection
BitBlt
SetTextColor
EndDoc
SetTextAlign
SetMapMode
SelectClipRgn
CreateRectRgnIndirect
SaveDC
GetStockObject
GetBkMode
StartPage
DeleteDC
GetBkColor
CreateCompatibleBitmap
GetObjectA
SetBkMode
CreateFontIndirectA
CreateRectRgn

user32

ReleaseCapture
SetFocus
ExitWindowsEx
GetDlgCtrlID
BeginPaint
GetMenuItemID
EndDeferWindowPos
GetWindowRect
InsertMenuA
SetForegroundWindow
CreateIconIndirect
MessageBoxA
SetPropA
GetWindowPlacement

msvcrt

_tell
_ismbbpunct
_fpclass
_mbsrev
_adj_fdiv_m64
__getmainargs
fopen
__p__commode
_wtempnam
_exit
wcsxfrm
_getcwd
_controlfp
_fgetchar
_except_handler3
_ismbcdigit
_get_heap_handle
memcpy
_iob
_acmdln
_initterm
_adjust_fdiv
_ungetwch
_strcmpi
exit
__p__fmode
_wcreat
_fullpath
__setusermatherr
_XcptFilter
_fcvt
_chdrive
__set_app_type
_mbsspnp
_ismbcgraph

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7df276f5103e97cc72f79da47b2c4f70

Headers

File Characteristics

Imports

kernel32

gdi32

user32

msvcrt

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 48KB

.rsrc Size: 44KB - Virtual size: 44KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 48KB

.rsrc
Size: 44KB - Virtual size: 44KB