27bd87689d275c6fcc5c5a9106af56ff_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27bd87689d275c6fcc5c5a9106af56ff_JaffaCakes118
Size

208KB
MD5

27bd87689d275c6fcc5c5a9106af56ff
SHA1

268ad85bcfdec7eed5385501c52f0171a0d25892
SHA256

9ceb20b0d5b4b9a6d1c963dc18130636e3f309db45b7d856770cc76476d441a8
SHA512

ec47ea34f0c8268d15835449b731397e32ca63eb5c3b1d1e3073eb21ffc4c06f48799610116924ec98a60878a3e9bd9ef93524b6d014ea325fd24d8a04b21fed
SSDEEP

6144:QbMKWTDTBqDVrcWZYAZKh8bdO34Qi4sIwujjzU:zK6DTshrcWZFcheE34Qi4UOjA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27bd87689d275c6fcc5c5a9106af56ff_JaffaCakes118

Files

27bd87689d275c6fcc5c5a9106af56ff_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b93c035652138f3436c50873c3d4788d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RemoveDirectoryA
MoveFileA
GetCurrentThreadId
CopyFileA
CreateThread
FreeLibrary
CreateToolhelp32Snapshot
LoadResource
SizeofResource
OpenProcess
GetExitCodeThread
CloseHandle
LoadLibraryA
GetProcAddress
GetCurrentProcessId
TerminateProcess
WaitForSingleObject
GetEnvironmentVariableA
GetLastError
GetStartupInfoA
DeleteFileA
MoveFileExA
GetFileSize
GetComputerNameA
GetVolumeInformationA
GetSystemTime
FindResourceA
Sleep
SleepEx
GetVersionExA
SetLastError
GetCurrentThread
GetModuleHandleA
ReleaseMutex
OpenMutexA
CreateMutexA
GetCurrentProcess
LocalFree
FindClose

user32

DefWindowProcA
PostQuitMessage
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
UnregisterClassA
FindWindowA
SendMessageA
PostMessageA

advapi32

LookupAccountSidA
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
GetUserNameA

msvcrt

time
strcmp
exit
tolower
_pctype
_isctype
__mb_cur_max
strchr
free
strtok
malloc
_except_handler3
_local_unwind2
strftime
localtime
atoi
_ftol
_vsnprintf
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
srand
rand
calloc
memcpy
strstr
strlen
strcpy
memset
strncpy
strcat
_snprintf
_stricmp

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b93c035652138f3436c50873c3d4788d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 32KB - Virtual size: 32KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 16KB - Virtual size: 88KB

.rsrc Size: 136KB - Virtual size: 136KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 32KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 16KB - Virtual size: 88KB

.rsrc
Size: 136KB - Virtual size: 136KB

.reloc
Size: 4KB - Virtual size: 3KB