21ed24df3d75c79e02ac0bac6d417e12_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

21ed24df3d75c79e02ac0bac6d417e12_JaffaCakes118
Size

998KB
MD5

21ed24df3d75c79e02ac0bac6d417e12
SHA1

7001462efc1d8a4b2e24de6a857738e1c6782a7a
SHA256

06a0bf53f8b924771e94825d071994af5b726b6a75daee092b0fe7fb1c9f5906
SHA512

b09ac507bd7279b0735314dacb51a5d80463fc1141569498a03c370cdb722f2752b7a99255c1baf1844cf8dc86670c4180cf7d0ab21642e4c68f2a2895307017
SSDEEP

24576:BBXYfSfnaUKc/GFBRYyZa04vtL5U/JsIA2ztS:BBXWSfnaUK0GZZa0KcGO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21ed24df3d75c79e02ac0bac6d417e12_JaffaCakes118

Files

21ed24df3d75c79e02ac0bac6d417e12_JaffaCakes118
.exe windows:5 windows x86 arch:x86

895b3fea1982fe5cb2181bd57a72a8f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharNextW
wsprintfW
CharNextA

imagehlp

ImageRvaToVa
ImageDirectoryEntryToData
ImageGetDigestStream
ImageNtHeader

msvcrt

_iob
__dllonexit
_onexit
vwprintf
__set_app_type
atoi
qsort
wcsrchr
_vsnwprintf
_snprintf
_wcslwr
__p__commode
_wcsnicmp
__p__fmode
fputs
iswspace
realloc
_vsnprintf
__wgetmainargs
??3@YAXPAX@Z
_snwprintf
_adjust_fdiv
??2@YAPAXI@Z
_exit
memset
__setusermatherr
_CxxThrowException
_initterm
_XcptFilter
_itoa
__winitenv
?terminate@@YAXXZ
exit
__CxxFrameHandler
strncmp
_wcsicmp
_controlfp
wcslen
??1type_info@@UAE@XZ
_c_exit
free
_itow
strchr
_except_handler3
_purecall
_cexit
wcsstr

shell32

CommandLineToArgvW

msvfw32

ICGetInfo
ICRemove

ole32

StringFromIID
StringFromCLSID
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree

kernel32

FreeLibrary
CopyFileW
GlobalAlloc
InterlockedIncrement
GetACP
GetFullPathNameA
RaiseException
GetModuleHandleW
IsDebuggerPresent
GetOEMCP
GetVersionExW
lstrlenA
RemoveDirectoryA
InterlockedCompareExchange
ReadFile
FreeResource
UpdateResourceW
InterlockedDecrement
GetSystemDirectoryA
RemoveDirectoryW
GetThreadLocale
WideCharToMultiByte
CopyFileA
InterlockedExchange
GetEnvironmentVariableA
OutputDebugStringA
lstrcmpiA
lstrcpyA
BeginUpdateResourceW
SetFilePointer
ExitProcess
FindClose
GlobalFree
FindNextFileW
DebugBreak
LoadLibraryExA
LoadLibraryExW
GetVersion
LocalFree
GetFullPathNameW
GetFileAttributesW
GetFileAttributesA
EndUpdateResourceW
lstrlenW
GetLocaleInfoA
CloseHandle
GetFileInformationByHandle

Sections

.text
Size: 706KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

895b3fea1982fe5cb2181bd57a72a8f2

Headers

File Characteristics

Imports

user32

imagehlp

msvcrt

shell32

msvfw32

ole32

kernel32

Sections

.text Size: 706KB - Virtual size: 705KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 251KB - Virtual size: 251KB

.rsrc Size: 37KB - Virtual size: 3.2MB

.text
Size: 706KB - Virtual size: 705KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 251KB - Virtual size: 251KB

.rsrc
Size: 37KB - Virtual size: 3.2MB