0e817d19b5e6e70b42a811a045097465_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0e817d19b5e6e70b42a811a045097465_JaffaCakes118
Size

64KB
MD5

0e817d19b5e6e70b42a811a045097465
SHA1

c42802410d92846b61bec2a68bc2e8321c7eaeac
SHA256

676711e4a14976367e52e1195310e4bb1bac917b684f9ca6fee7ebcd95f813b2
SHA512

5c2a09fdfde0ce7a1d66527ba54dd9dbcd7e16fb5017458a2e3e1b426ce7837db205e48f816869506658a269134f4d5d1471c9b136d7a49e104eddd2956c3921
SSDEEP

768:Z/UAwWuX8mQ5GK+0Dwkei0iEAtVks7hmPHoOyi6UxxXxtGck7NkMlaHc3u:aF8mWGX0DwAvSZPHoOyIdackvaHc3u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e817d19b5e6e70b42a811a045097465_JaffaCakes118

Files

0e817d19b5e6e70b42a811a045097465_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f19d3d7cc474fd0bc8fefa852c84600a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord858
ord2915
ord860
ord6648
ord5856
ord6663
ord941
ord540
ord2614
ord800
ord823
ord825

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_strlwr
srand
strstr
sprintf
rand
printf
_except_handler3
__CxxFrameHandler
puts
atoi
strncpy
_local_unwind2
_exit
_XcptFilter
exit
_stricmp

kernel32

CreateProcessA
WriteFile
DeleteFileA
ReadFile
SetFilePointer
GetPrivateProfileSectionA
CreateThread
Process32Next
Process32First
CreateToolhelp32Snapshot
TerminateThread
WaitForSingleObject
LockResource
GetStartupInfoA
GetModuleHandleA
FindResourceA
LoadResource
CreateDirectoryA
SizeofResource
GetLastError
GetCommandLineA
CopyFileA
GetModuleFileNameA
SetFileAttributesA
GetTickCount
GetPrivateProfileSectionNamesA
CloseHandle
GetFileSize
CreateFileA
Sleep
GetPrivateProfileIntA
GetPrivateProfileStringA
GetCurrentThreadId
TerminateProcess
OpenProcess
ExpandEnvironmentStringsA
GetFileAttributesA

user32

OpenDesktopA
CreateDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
GetClientRect
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
GetWindowLongA
MapVirtualKeyA
keybd_event
GetWindowTextA
GetClassNameA
GetWindow
EnumChildWindows
FindWindowExA
IsWindowVisible
PostMessageA
SetThreadDesktop
IsWindowEnabled
SendMessageA
SetWindowPos
SetForegroundWindow
ShowWindow

advapi32

RegEnumKeyExA
RegOpenKeyExA
CloseServiceHandle
OpenServiceA
OpenSCManagerA
UnlockServiceDatabase
ChangeServiceConfig2A
LockServiceDatabase
CreateServiceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
RegDeleteKeyA

shell32

ShellExecuteA

ws2_32

recv
htons
WSACleanup
WSAStartup
socket
connect
closesocket
inet_addr
send
gethostbyname

shlwapi

PathFindFileNameA

iphlpapi

GetAdaptersInfo

wininet

InternetOpenUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data
.rdata
.rsrc/0/INI/102
.rsrc/0/INI/103
.rsrc/2052/GROUP_ICON/101
.rsrc/2052/ICON/1.ico
.rsrc/2052/ICON/2.ico
.rsrc/2052/MANIFEST/1
.xml
.rsrc/2052/version.txt
.rsrc_1
.text

Sharing

General

Malware Config

Signatures

Files

f19d3d7cc474fd0bc8fefa852c84600a

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ws2_32

shlwapi

iphlpapi

wininet

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 28KB - Virtual size: 24KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 28KB - Virtual size: 24KB