0bd74db00a97175a6dc5356416ebd859_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0bd74db00a97175a6dc5356416ebd859_JaffaCakes118
Size

116KB
MD5

0bd74db00a97175a6dc5356416ebd859
SHA1

319a5abb6315a7d6442046edf10d97363b8cb9b1
SHA256

14580bbd7e2a0729886ff7830f1e29cae1d524f69360429c36555c31e0c99a93
SHA512

2b0512e6153462f68594c3c981c13fb9c1eb1fac47a479351423124e33bed47fc665ddcfe1e26e8cb087c897b22076983d5a11fd131c3dbd23f40d30af7fc3ee
SSDEEP

1536:RVwIgO4C/UOzn9mv/YzW2V3HBG9lKLeNV7JX+B9Q9vuhaJMCG41Cp3B:RVwIgO4kBzov/YJ+KLe314iMCG41CpR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0bd74db00a97175a6dc5356416ebd859_JaffaCakes118

Files

0bd74db00a97175a6dc5356416ebd859_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2eb495c73033aa3420f35dbbaaac31f0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord5257
ord2438
ord2116
ord5273
ord2977
ord3142
ord1720
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3397
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4418
ord3569
ord692
ord609
ord641
ord567
ord324
ord2294
ord4229
ord3744
ord5059
ord2637
ord668
ord3173
ord3176
ord4053
ord2773
ord2762
ord925
ord356
ord1197
ord4704
ord1196
ord6451
ord5830
ord3087
ord665
ord5568
ord2910
ord1971
ord5438
ord3784
ord5180
ord354
ord940
ord942
ord801
ord541
ord6139
ord2795
ord6381
ord6307
ord3785
ord1972
ord3693
ord2574
ord4396
ord2640
ord6372
ord3716
ord686
ord602
ord693
ord765
ord795
ord1143
ord384
ord1105
ord2857
ord2089
ord2854
ord2858
ord2371
ord755
ord470
ord3991
ord5977
ord6195
ord3871
ord3993
ord6898
ord800
ord2385
ord1989
ord3296
ord6403
ord5774
ord798
ord5188
ord533
ord4667
ord4269
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord815
ord561
ord4197
ord2613
ord2717
ord326
ord2078
ord4124
ord2810
ord535
ord536
ord5706
ord2756
ord4273
ord861
ord540
ord4155
ord858
ord538
ord2047
ord3793
ord4435
ord4831
ord6370
ord5286
ord4347
ord5237
ord5157
ord2377
ord4073
ord4390
ord1768
ord3634
ord6051
ord2567
ord4214
ord4395
ord2573
ord6362
ord2016
ord2405
ord4419
ord1764
ord3592
ord1767
ord5276
ord4401
ord4992
ord6048
ord2506
ord5261
ord4847
ord4370
ord6379
ord6390
ord5446
ord3658
ord5436
ord4272
ord2813
ord2634
ord922
ord1165
ord2809
ord3806
ord2440
ord1172
ord860
ord2036
ord825
ord823
ord3365
ord5679
ord3635
ord4166
ord3562
ord3517
ord1569

msvcrt

_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
_controlfp
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_itow
wcscmp
__CxxFrameHandler
_wtoi
_wcsicmp
_ftol
free
wcscat
_wcsdup
atol
_exit
wcscpy

kernel32

FreeLibrary
WideCharToMultiByte
lstrlenA
SetFilePointer
ResumeThread
SuspendThread
WriteFile
CreateProcessW
GetLastError
GetExitCodeProcess
FlushFileBuffers
GetFileSize
WaitForSingleObject
TerminateProcess
MultiByteToWideChar
Sleep
WaitForMultipleObjects
PulseEvent
TerminateThread
GetDiskFreeSpaceExW
CreateFileW
CreateEventW
CloseHandle
GetWindowsDirectoryW
ReadFile
lstrlenW
lstrcatW
lstrcpyW
GetFileAttributesW
CopyFileW
MoveFileW
GetPrivateProfileSectionNamesW
GetProcessHeap
DeleteFileW
GetPrivateProfileSectionW
HeapFree
HeapAlloc
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetExitCodeThread
OpenProcess
LoadLibraryW
OutputDebugStringW
GetShortPathNameW
CreateMutexW
GetModuleFileNameW
CreateThread
GetCurrentDirectoryW
PrepareTape
GetSystemDefaultLCID
ReleaseMutex
GetModuleHandleW
GetStartupInfoW
LoadLibraryA
GetProcAddress
ExitProcess

user32

EnumThreadWindows
GetDC
AppendMenuW
GetSystemMenu
DrawIcon
LockWindowUpdate
LoadIconW
IsIconic
IsWindow
GetWindowThreadProcessId
FindWindowW
UpdateWindow
DispatchMessageW
MsgWaitForMultipleObjects
PeekMessageW
SendMessageTimeoutW
IsWindowVisible
SetForegroundWindow
SendMessageW
MessageBoxW
EnableWindow
GetClientRect
wsprintfW
GetSystemMetrics
WaitForInputIdle

gdi32

GetTextExtentPoint32W

advapi32

RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA

comctl32

ord17

Sections

.text
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2eb495c73033aa3420f35dbbaaac31f0

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

comctl32

Sections

.text Size: 72KB - Virtual size: 72KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 16KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 24KB

.text
Size: 72KB - Virtual size: 72KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 24KB