147c54ec2db1324985639b06b2859034_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

147c54ec2db1324985639b06b2859034_JaffaCakes118
Size

646KB
MD5

147c54ec2db1324985639b06b2859034
SHA1

3c88d953742d78d7fb7dd3336810e12d8b89612b
SHA256

c989756fdfc2f6e456f6de2277e1933344287debf81cae636e28df1b1cadd249
SHA512

5bc3a79ece1a9f47e888a1922a0fc72e28ed99873d6adb495cde60e85bfa18a7fe0f601d5f76e189093ca7f71fc9be7d1694c8cd051967b08cf8d29e3b1adb15
SSDEEP

6144:YcjHqFzo5MmMgfPAnEfEvr7O+CXjtFAk1lcI/0azck6y2jFG1o/W1i1H:LsFmMgHstv3oR4UZ2Wi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
147c54ec2db1324985639b06b2859034_JaffaCakes118

Files

147c54ec2db1324985639b06b2859034_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3f75cbbf724e35a505ebc05a6cdf9604

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

ProgIDFromCLSID
OleCreateLink

kernel32

LoadResource
GetFileAttributesExA
VirtualQueryEx
PulseEvent
DosDateTimeToFileTime
GetLongPathNameA
GetStringTypeExW
GetNumberFormatW
EnumResourceNamesW
LocalSize
GlobalReAlloc
ScrollConsoleScreenBufferA
IsValidLocale
SetConsoleTitleA
GetOverlappedResult
GetThreadContext
GetProcessTimes
IsBadReadPtr
SystemTimeToFileTime
SetupComm
SetEnvironmentVariableA
ReleaseMutex
GetComputerNameW
GetFileAttributesA
ExitProcess
SetThreadLocale

oleaut32

SysStringLen
LoadTypeLi
SafeArrayUnaccessData
SafeArrayGetLBound
SysFreeString
SysAllocStringLen

user32

AdjustWindowRectEx
CharLowerBuffW
SetCaretBlinkTime
ModifyMenuA
DrawTextW
RegisterWindowMessageA
DefWindowProcA
SetScrollRange
EnumDesktopWindows
GetNextDlgGroupItem
DialogBoxIndirectParamA
GetDesktopWindow
RemovePropW
LoadCursorA
GetKeyboardLayoutList
SetWindowLongW
SetWindowsHookExW
RegisterWindowMessageW
GetProcessDefaultLayout
CharLowerBuffA

shell32

SHFileOperationA
DragAcceptFiles
DragFinish
SHFileOperationW

advapi32

LookupPrivilegeValueA
RegisterServiceCtrlHandlerW
RegQueryValueExW
CopySid
GetSecurityDescriptorOwner
CryptCreateHash
QueryServiceStatus
RegEnumKeyW

ws2_32

WSAAsyncGetHostByName
WSAAddressToStringW
inet_addr
gethostbyaddr
WSAGetQOSByName
WSAGetLastError
WSAIsBlocking
WSAConnect
WSAInstallServiceClassW
WSAGetServiceClassNameByClassIdW

msvcrt

_mbsnbcnt
atof
_putenv
_dup2
_wputenv
_mbctoupper
_execlp
fgetc
_locking
_wstrtime
strncmp

Sections

.text
Size: 307KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 324KB - Virtual size: 324KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f75cbbf724e35a505ebc05a6cdf9604

Headers

File Characteristics

Imports

ole32

kernel32

oleaut32

user32

shell32

advapi32

ws2_32

msvcrt

Sections

.text Size: 307KB - Virtual size: 306KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 324KB - Virtual size: 324KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 307KB - Virtual size: 306KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 324KB - Virtual size: 324KB

.rsrc
Size: 10KB - Virtual size: 9KB