1637e8c6d0d632e8531acf169fd44780_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1637e8c6d0d632e8531acf169fd44780_JaffaCakes118
Size

984KB
MD5

1637e8c6d0d632e8531acf169fd44780
SHA1

fe65daa60c64fac5bb2217a974ff41f43870dfbb
SHA256

c4a1382af7f46c3e00f5845a0ef98cedb4970b47dd5513a3ba2ece3f140c0498
SHA512

b0c13b9f29567acf351ebc10bd89b464b6d9ece12a3f1628f1e689d21e58480b46f8baa3b89571b4936da27fe25eab5113f9f5f66faa53f81f3c53eddab31a34
SSDEEP

12288:IbBEn1ZU+/o18Cjy7eKKfHA2VYwXTikakP32L8OkfDuDdykEnPF6/jih9y2hTBk0:k6b/mtK6rikru9CyZQlfhjFCnM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1637e8c6d0d632e8531acf169fd44780_JaffaCakes118

Files

1637e8c6d0d632e8531acf169fd44780_JaffaCakes118
.exe windows:5 windows x86 arch:x86

542e26b955ed4ab33110e0647c4765fa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

CommandLineToArgvW

user32

CharNextA
CharNextW
wsprintfW

kernel32

InterlockedExchange
RaiseException
FindClose
LocalFree
LoadLibraryExA
CopyFileW
ExitProcess
GetFileAttributesW
lstrcpyA
GlobalFree
BeginUpdateResourceW
GetFileAttributesA
GetFileInformationByHandle
UpdateResourceW
InterlockedCompareExchange
GetLocaleInfoA
GetVersionExW
RemoveDirectoryA
SetFilePointer
GetModuleHandleW
InterlockedDecrement
GetSystemDirectoryA
GetEnvironmentVariableA
CloseHandle
LoadLibraryExW
GetVersion
lstrcmpiA
OutputDebugStringA
GetFullPathNameA
InterlockedIncrement
WideCharToMultiByte
DebugBreak
EndUpdateResourceW
GetFullPathNameW
RemoveDirectoryW
lstrlenA
CopyFileA
IsDebuggerPresent
lstrlenW
FindNextFileW
GetThreadLocale
FreeResource
GetOEMCP
FreeLibrary
GetACP
GlobalAlloc
ReadFile

msvcrt

strncmp
_CxxThrowException
_itow
_vsnwprintf
??1type_info@@UAE@XZ
_cexit
__wgetmainargs
_iob
realloc
_initterm
_snwprintf
_XcptFilter
iswspace
fputs
_c_exit
_wcsicmp
?terminate@@YAXXZ
_purecall
_snprintf
wcslen
wcsstr
free
_exit
qsort
??3@YAXPAX@Z
__setusermatherr
wcsrchr
__p__fmode
__set_app_type
__dllonexit
vwprintf
__winitenv
strchr
_adjust_fdiv
__CxxFrameHandler
memset
_vsnprintf
??2@YAPAXI@Z
_controlfp
__p__commode
_onexit
_wcslwr
_except_handler3
_wcsnicmp
_itoa
exit
atoi

ole32

CoCreateInstance
CoTaskMemFree
CLSIDFromString
StringFromCLSID
CoInitialize
StringFromIID
CoUninitialize

imagehlp

ImageRvaToVa
ImageDirectoryEntryToData
ImageGetDigestStream
ImageNtHeader

msvfw32

DrawDibRealize
ICRemove

Sections

.text
Size: 705KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

542e26b955ed4ab33110e0647c4765fa

Headers

File Characteristics

Imports

shell32

user32

kernel32

msvcrt

ole32

imagehlp

msvfw32

Sections

.text Size: 705KB - Virtual size: 705KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 251KB - Virtual size: 250KB

.rsrc Size: 23KB - Virtual size: 3.2MB

.text
Size: 705KB - Virtual size: 705KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 251KB - Virtual size: 250KB

.rsrc
Size: 23KB - Virtual size: 3.2MB