232b767bcd0eedb3670f2b54d36f5cc0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

232b767bcd0eedb3670f2b54d36f5cc0_JaffaCakes118
Size

644KB
MD5

232b767bcd0eedb3670f2b54d36f5cc0
SHA1

346f578692463f6ed53974551cced5e4ec8493ad
SHA256

b21ae8ae10bd9d4ef19f354db3a1b9c8cb5d5fa4432f0392d65e2894055f97d7
SHA512

905068eba5abbda3c31b9af13fba7868349d4d9933a0dc3c4db1684e3ae621e2a75b082bc2aadaf181f9cb1ed7250f6ee1951f9b2676e8d7898168cc08faffd1
SSDEEP

12288:M+ne2ac/vq8c6mQjFpPW2qkDTB/gr9q9nzS7zR:1nc4vq8BDj8r9Cit

Score

7^/10

Malware Config

Signatures

Molebox Virtualization software 1 IoCs

Detects file using Molebox Virtualization software.

resource	yara_rule
sample	molebox

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
232b767bcd0eedb3670f2b54d36f5cc0_JaffaCakes118

Files

232b767bcd0eedb3670f2b54d36f5cc0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

32956a12b10d86cf11217cc73cf48dbd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyA
RegOpenKeyExA

kernel32

ExitProcess
ReadFile
SetUnhandledExceptionFilter
WriteFile

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
memcpy
signal
strcpy
wcscpy

user32

CallNextHookEx
CallWindowProcW
ChangeDisplaySettingsW
CreateAcceleratorTableW
CreateMenu
DefWindowProcW
DestroyMenu
DispatchMessageW
DrawEdge
DrawStateW
EndDeferWindowPos
GetActiveWindow
GetClipboardFormatNameW
GetDlgItem
GetKeyState
GetMessageTime
GetMessageW
GetSubMenu
GetSystemMenu
GetSystemMetrics
KillTimer
LoadAcceleratorsW
LoadIconW
MessageBoxW
MoveWindow
OpenClipboard
PeekMessageW
PtInRect
SendMessageW
SetTimer
SetWindowPos
SetWindowsHookExW
SystemParametersInfoW
TrackPopupMenu
TranslateAcceleratorW
TranslateMDISysAccel
TranslateMessage
ValidateRect
VkKeyScanW

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 650KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32956a12b10d86cf11217cc73cf48dbd

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 512B - Virtual size: 100B

.idata Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 608B

.bss Size: - Virtual size: 650KB

.tls Size: 2KB - Virtual size: 12B

.rsrc Size: 135KB - Virtual size: 134KB

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 512B - Virtual size: 100B

.idata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 608B

.bss
Size: - Virtual size: 650KB

.tls
Size: 2KB - Virtual size: 12B

.rsrc
Size: 135KB - Virtual size: 134KB