1b012399d42bdd69e8c666e5c53ead45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b012399d42bdd69e8c666e5c53ead45_JaffaCakes118
Size

76KB
MD5

1b012399d42bdd69e8c666e5c53ead45
SHA1

8ba70ffaf80001be1ac8e92c49d5b5a338a5e773
SHA256

2b857bfee726d5439c3a76108951285491d53c869c9195a0aa32778f07d07f73
SHA512

a495271844478658223211ab8b6ecc360864058046b0734383adbc30215efbd4f25055b9e5e0004895bbb343a2b2f3271514d4aa6a358ae3c44e4acea90b8b43
SSDEEP

1536:HwNkVVeCkcJ46HAIWa8P9qpcVH34pGDAaO:HukVbkc+IAy8AapIkDAaO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b012399d42bdd69e8c666e5c53ead45_JaffaCakes118

Files

1b012399d42bdd69e8c666e5c53ead45_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8295c7117ecd8011cc6493687e645ce6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc71

ord3850
ord675
ord382
ord442
ord1254
ord6286
ord5320
ord6297
ord262
ord5331
ord1580
ord259
ord2346
ord3255
ord4109
ord745
ord5419
ord5346
ord557
ord762
ord5715
ord4108
ord1440
ord2288
ord3931
ord2751
ord556
ord5097
ord1452
ord744
ord2272
ord1482
ord386
ord2280
ord631
ord911
ord3997
ord265
ord2322
ord266
ord1185
ord2468
ord1486
ord764
ord427
ord558
ord2292
ord5403
ord1006
ord310
ord3023
ord5460
ord746
ord664
ord1115
ord2933
ord299
ord1489
ord297
ord304
ord5529
ord5563
ord781
ord578
ord5491
ord870
ord784

msvcr71

_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
qsort
isdigit
_atoi64
_purecall
strncpy
_vsnprintf
_strdup
sprintf
?terminate@@YAXXZ
_c_exit
_controlfp
free
_except_handler3
__p__pgmptr
__CxxFrameHandler
memset
strlen
_mbschr
_mbsnbcpy
strncat
_mbsninc
_mbsinc
_mbsdec
__security_error_handler

kernel32

Sleep
GetProcAddress
GetVersionExA
CreateFileA
GetCurrentThreadId
WaitForSingleObject
GetCurrentProcessId
CreateEventA
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
CreateThread
GetLocalTime
OutputDebugStringA
InitializeCriticalSection
DeleteCriticalSection
GetStartupInfoA
ExitProcess
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetModuleFileNameA
LoadLibraryA
GetModuleHandleA
CreateDirectoryA
DeleteFileA

user32

MessageBoxA

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8295c7117ecd8011cc6493687e645ce6

Headers

File Characteristics

Imports

mfc71

msvcr71

kernel32

user32

advapi32

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.crdata Size: 20KB - Virtual size: 20KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.crdata
Size: 20KB - Virtual size: 20KB