29865cd33ecb648dd0bfe097cd83eaf7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29865cd33ecb648dd0bfe097cd83eaf7_JaffaCakes118
Size

432KB
MD5

29865cd33ecb648dd0bfe097cd83eaf7
SHA1

a70bd9a269adf8902a683bb8c66e345b08b3f6c3
SHA256

0a5ad76ddebfaa32d0030f299cbd8937ed85b1598661965fc48b31a26dffcb65
SHA512

aad64f04729474e9613469d08edd61d765f6bfe684788a1c0d3cd9b71bca823f6790334d7956b4e61c78a037b3afa50c0dd3040aaefdbd7f90139ddd97788c56
SSDEEP

12288:JTygjuwIHVKohUIz1qEaRN/F9TuH6Mlk+tNIi0WWgLqWOd:huwOKd2qEaRN/F9Tunl7t0WWf

Score

7^/10

Malware Config

Signatures

Molebox Virtualization software 1 IoCs

Detects file using Molebox Virtualization software.

resource	yara_rule
sample	molebox

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29865cd33ecb648dd0bfe097cd83eaf7_JaffaCakes118

Files

29865cd33ecb648dd0bfe097cd83eaf7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4023b76a08359f8f89ffef358c247778

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyA
RegCreateKeyExW
RegOpenKeyW
RegQueryValueExA
RegSetValueA
RegSetValueExW
RegSetValueW

kernel32

AddAtomA
CloseHandle
ConvertThreadToFiber
ExitProcess
FindAtomA
GetAtomNameA
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsSetValue

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_iob
_onexit
_setmode
abort
atexit
free
malloc
memcpy
memset
signal
strcpy
strlen
wcscpy

user32

AdjustWindowRectEx
AppendMenuW
BeginPaint
CallWindowProcW
CheckMenuItem
ClientToScreen
CloseClipboard
CreateMenu
CreatePopupMenu
DefFrameProcW
DefWindowProcW
DestroyMenu
DestroyWindow
DrawFocusRect
DrawFrameControl
EnableWindow
EnumClipboardFormats
GetCapture
GetClassNameW
GetClipboardData
GetClipboardFormatNameW
GetCursorPos
GetDesktopWindow
GetDlgItem
GetForegroundWindow
GetMenuItemCount
GetMenuItemInfoW
GetMessageW
GetSystemMetrics
GetWindow
GetWindowTextLengthW
GetWindowThreadProcessId
InsertMenuItemW
InvalidateRect
IsIconic
IsZoomed
KillTimer
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadImageW
MapWindowPoints
MessageBeep
MessageBoxW
PeekMessageW
PostQuitMessage
RegisterClassW
RegisterHotKey
ReleaseCapture
ReleaseDC
SendMessageW
SetCapture
SetCursor
SetCursorPos
SetForegroundWindow
SetParent
SetTimer
SetWindowLongW
SetWindowRgn
SetWindowTextW
ShowCursor
ShowWindow
SystemParametersInfoW
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
UnregisterHotKey
UpdateWindow
WindowFromPoint

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 348KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4023b76a08359f8f89ffef358c247778

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

Sections

.text Size: 24KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 76B

.idata Size: 3KB - Virtual size: 3KB

.rdata Size: 1024B - Virtual size: 976B

.bss Size: - Virtual size: 348KB

.tls Size: 2KB - Virtual size: 12B

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 24KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 76B

.idata
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 976B

.bss
Size: - Virtual size: 348KB

.tls
Size: 2KB - Virtual size: 12B

.rsrc
Size: 4KB - Virtual size: 3KB