2181b43ae501b2df85e198db28cf5295_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2181b43ae501b2df85e198db28cf5295_JaffaCakes118
Size

168KB
MD5

2181b43ae501b2df85e198db28cf5295
SHA1

8f89e4e0d715669180166debedc5d0116cdc1b85
SHA256

cc2395b88127e4e13f5c306508db645d2d88c717a1097330ee7497ffb4e681fd
SHA512

a3a6e0bd96d8351bfa046e6425e6d3594cf31e30b067cde75ec8faa10070c243a25736a988d7575907519f14e40cee392952ded45d384891e173babe515ecae2
SSDEEP

3072:OFSnme5IZNoUPsaGo5YZpenjYbkBIlryoqsTa+MQFDPfdz/KmAU:M0IwBafY/CYbyIZgA5dmmA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2181b43ae501b2df85e198db28cf5295_JaffaCakes118

Files

2181b43ae501b2df85e198db28cf5295_JaffaCakes118
.exe windows:4 windows x86 arch:x86

65da2dd8225ec58c2675b9bd1197c754

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

IsBadReadPtr
SetErrorMode
lstrlenA
LoadLibraryA
lstrcmpiA
GlobalDeleteAtom
GetStringTypeA
GetFileSize
FreeResource
LoadLibraryExA
GetProcessHeap
lstrcpyA
GetCurrentThread
GetFileAttributesA
CloseHandle
GetVersionExA
GlobalFindAtomA
HeapDestroy
GetACP
FindClose
GlobalAlloc
GetTickCount
GetSystemDefaultLangID
GetStartupInfoA
HeapAlloc
GetStdHandle
lstrcatA
GetFileType
IsBadHugeReadPtr
MoveFileExA
GetVersion
CompareStringA
ExitThread
InitializeCriticalSection
FreeLibrary
GetOEMCP
GlobalAddAtomA
DeleteFileA
GetDiskFreeSpaceA
GetUserDefaultLCID
WideCharToMultiByte
MoveFileA
LoadResource
VirtualFree
GetCommandLineA
SizeofResource
ExitProcess
WaitForSingleObject
GetCurrentThreadId
VirtualAlloc
GetModuleFileNameA
lstrcmpA
lstrlenW
SetLastError

user32

SetWindowPos
GetCapture
LoadIconA
GetFocus
DrawMenuBar
SetWindowTextA
GetCursor
IsWindowVisible

shlwapi

PathFileExistsA
PathIsDirectoryA

Exports

Exports

97@8
b
3v@24
_VHi@8
2fA@12
Ov1@12
GO
_yVS@8
PK1
_dw@20
7
Bq@24
_9U@8
_CX@8
_vE@4

Sections

.text
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 1024B - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rdata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

bbs
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

65da2dd8225ec58c2675b9bd1197c754

Headers

File Characteristics

Imports

kernel32

user32

shlwapi

Exports

Exports

Sections

.text Size: 15KB - Virtual size: 16KB

.data Size: 130KB - Virtual size: 132KB

BSS Size: 1024B - Virtual size: 44KB

.tls Size: 1024B - Virtual size: 4KB

rdata Size: 512B - Virtual size: 4KB

.edata Size: 512B - Virtual size: 4KB

.idata Size: 2KB - Virtual size: 4KB

bbs Size: 1024B - Virtual size: 4KB

.rsrc Size: 15KB - Virtual size: 16KB

.text
Size: 15KB - Virtual size: 16KB

.data
Size: 130KB - Virtual size: 132KB

BSS
Size: 1024B - Virtual size: 44KB

.tls
Size: 1024B - Virtual size: 4KB

rdata
Size: 512B - Virtual size: 4KB

.edata
Size: 512B - Virtual size: 4KB

.idata
Size: 2KB - Virtual size: 4KB

bbs
Size: 1024B - Virtual size: 4KB

.rsrc
Size: 15KB - Virtual size: 16KB