23eff4541e11d2beaf8f4575b79efa6e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

23eff4541e11d2beaf8f4575b79efa6e_JaffaCakes118
Size

160KB
MD5

23eff4541e11d2beaf8f4575b79efa6e
SHA1

db12a0503ef5f6b3e486fe09709640af65026c7e
SHA256

486a959e6616a71c2f7e40f75da6e5060c5b0ad707ff656bed06b3493f4d95f0
SHA512

eec62fa0be7142312a8b7c2c5d120f09324d73047a915b8dca106c1a2b79e252f1bb1c62464e2acc5f0e3c344db20d11317401b88c504081b06d7563698ef343
SSDEEP

3072:phwU8Q473eImAfqZzDK65RzE6e9jvZc2lnoeN8qCsjN:UU8MAoe65Rz7eB22N1Csj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23eff4541e11d2beaf8f4575b79efa6e_JaffaCakes118

Files

23eff4541e11d2beaf8f4575b79efa6e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8af7bde2424a46389c2c76209646aaf5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2764
ord4204
ord5856
ord536
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord4424
ord3738
ord561
ord815
ord2818
ord1247
ord2725
ord4275
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord3259
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord5252
ord4427
ord3623
ord654
ord610
ord674
ord535
ord287
ord366
ord6442
ord1232
ord6270
ord6378
ord4160
ord1105
ord4774
ord922
ord924
ord941
ord859
ord926
ord6282
ord1200
ord3499
ord2515
ord355
ord1151
ord1193
ord6139
ord6140
ord940
ord925
ord1158
ord5857
ord5858
ord3147
ord2982
ord5277
ord2124
ord2446
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord4407
ord1576
ord2408
ord2863
ord5608
ord5610
ord2614
ord2915
ord5572
ord5862
ord823
ord2096
ord1175
ord2859
ord860
ord6172
ord5875
ord2567
ord6654
ord2754
ord537
ord2763
ord5710
ord858
ord4129
ord6283
ord2450
ord1644
ord2438
ord384
ord541
ord559
ord6143
ord6144
ord686
ord801
ord812
ord3654
ord2584
ord4220
ord540
ord800
ord5861
ord1146
ord1168
ord6215
ord323
ord1640
ord5785
ord2405
ord640
ord2860
ord1641
ord470
ord755
ord2379
ord6453
ord6380
ord6197
ord4299
ord4234
ord2414
ord641
ord3663
ord3626
ord3571
ord825
ord3619
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord341
ord4465
ord6055

msvcrt

_acmdln
fclose
fread
fopen
__p___argv
__p___argc
_mbsicmp
strrchr
_strdup
tolower
_chdir
_mbscmp
__dllonexit
__CxxFrameHandler
strncpy
_ftol
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
memcpy
strcat
strlen
strcpy
memset
strcmp
strchr
free
malloc
sprintf
time
strstr
abort
_splitpath
_memccpy
_strupr
vsprintf
isdigit
_stricmp
_ltoa
_access
_setmbcp
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

kernel32

SetErrorMode
InitializeCriticalSection
DeleteCriticalSection
ReadFile
DeleteFileA
CloseHandle
WriteFile
GetSystemTime
CreateFileA
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
GetFileSize
CreateDirectoryA
CopyFileA
GetFileAttributesA
OutputDebugStringA
GetSystemDirectoryA
SetLastError
CreateEventA
MapViewOfFile
CreateFileMappingA
GetTickCount
SetEvent
DeviceIoControl
GetDriveTypeA
ResetEvent
GetVolumeInformationA
GetCurrentProcessId
GetVersion
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
GetWindowsDirectoryA
lstrcpyA
WideCharToMultiByte
Sleep
ResumeThread
LoadLibraryA
GetCurrentProcess
GetModuleFileNameA
WinExec
FreeLibrary
GetStartupInfoA
CreateProcessA
WaitForSingleObject
CreateMutexA
GetLastError
GetModuleHandleA
GetProcAddress
GetVersionExA

user32

DrawTextA
OffsetRect
LoadMenuA
PostMessageA
InvalidateRect
GetCursorPos
ScreenToClient
PtInRect
SetCursor
LoadBitmapA
LoadCursorA
SendMessageA
GetWindowLongA
SetWindowLongA
SetTimer
GetWindowRect
KillTimer
SystemParametersInfoA
GetSystemMetrics
GetMenuItemInfoA
InflateRect
AppendMenuA
DeleteMenu
LoadStringA
ModifyMenuA
GetSubMenu
CreatePopupMenu
UpdateWindow
ExitWindowsEx
RegisterWindowMessageA
LoadIconA
DefWindowProcA
GetSysColor
SetForegroundWindow
IsMenu
RegisterHotKey
UnregisterHotKey
GetKeyNameTextA
CopyRect
ReleaseDC
GetDC
GetMenuState
GetMenuItemCount
GetMenuStringA
MessageBoxA
SetMenuItemInfoA

gdi32

CreateFontIndirectA
CreateCompatibleDC
StretchBlt
GetTextExtentPoint32A
GetObjectA
BitBlt
SetPixel

advapi32

LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
RevertToSelf
RegEnumKeyExA
AdjustTokenPrivileges

shell32

ShellExecuteA
ExtractIconA
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
Shell_NotifyIconA

comctl32

ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetIconSize
_TrackMouseEvent

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoCreateGuid

lightverregclew

ord2
ord1

fslodlib

ord1

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8af7bde2424a46389c2c76209646aaf5

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

lightverregclew

fslodlib

Sections

.text Size: 96KB - Virtual size: 96KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 12KB - Virtual size: 36KB

.text
Size: 96KB - Virtual size: 96KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 12KB - Virtual size: 36KB