0d1619e112bcadc071d048466c1c494c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0d1619e112bcadc071d048466c1c494c_JaffaCakes118
Size

392KB
MD5

0d1619e112bcadc071d048466c1c494c
SHA1

a7cb0ccb4dca4038f771620d8f00a6cf434e2094
SHA256

8fe1b4e6998947794ea118ca6685a29207cbdf0eb6b78b134701b0c86c6390b9
SHA512

2667e596210b059a417ff28381f3da893b21f6ac24febfda7f3596bd7d137cda87f95dd11b99d53909dadd9ad5a44de832911e5a08d44b4cafa22c3b6cd966f4
SSDEEP

6144:jAc53/VyhJ96a99DV1IDaguiVnt3nyYjJzg5:jAUPEhPnV1IGg9VnJnRC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d1619e112bcadc071d048466c1c494c_JaffaCakes118

Files

0d1619e112bcadc071d048466c1c494c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f778a659a63539272c7bc567ca75eb1c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecA
PathFileExistsA

comctl32

InitCommonControlsEx

ws2_32

inet_ntoa
htonl
inet_addr
ntohl

kernel32

GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetPrivateProfileIntA
GetPrivateProfileStringA
ReadProcessMemory
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
GetProcessAffinityMask
GetCurrentProcess
CreateToolhelp32Snapshot
Process32First
OpenProcess
Process32Next
CloseHandle
GetModuleFileNameA
GetLastError
WritePrivateProfileStringA
lstrlenA
FreeResource
CreateProcessA
SetProcessAffinityMask
VirtualAllocEx
InitializeCriticalSection
DeleteCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceA
TerminateThread
TerminateProcess
ResumeThread
lstrcmpiA
CreateFileA
FlushFileBuffers
GetStringTypeW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetOEMCP
IsValidCodePage
Sleep
HeapSize
EnterCriticalSection
LeaveCriticalSection
SetHandleCount
GetStdHandle
GetFileType
SetStdHandle
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
MultiByteToWideChar
ReadFile
LCMapStringA
WideCharToMultiByte
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA

user32

SendDlgItemMessageA
EnableWindow
LoadIconA
MessageBoxA
EndDialog
GetDlgItem
DialogBoxParamA
SendMessageA

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 536B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f778a659a63539272c7bc567ca75eb1c

Headers

File Characteristics

Imports

shlwapi

comctl32

ws2_32

kernel32

user32

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 32KB - Virtual size: 29KB

.vmp0 Size: 260KB - Virtual size: 259KB

.reloc Size: 4KB - Virtual size: 536B

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 32KB - Virtual size: 29KB

.vmp0
Size: 260KB - Virtual size: 259KB

.reloc
Size: 4KB - Virtual size: 536B