2a0bb9c4ff05cddb0dc6914af566e5f2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2a0bb9c4ff05cddb0dc6914af566e5f2_JaffaCakes118
Size

989KB
MD5

2a0bb9c4ff05cddb0dc6914af566e5f2
SHA1

700c807a6488604d7ab54fa6246604b4374b2ddc
SHA256

37641431051ef38bed8c00f3993198a6cba178e6a91c0d0dec6af7f99b56471a
SHA512

8481e580466279825a05a16631ba3c9b90119cca88e13a1fcf4fc7ef97f866e2f2481d4da3be2ce1b31a6d0653fe5d2750c5fa92beccce27b6a1496d0dfb0cb4
SSDEEP

24576:kx3crydz+SeXWELDXNRfDJZKj6o4ZpeD+68:GMEVkDXNRrJwmoipz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2a0bb9c4ff05cddb0dc6914af566e5f2_JaffaCakes118

Files

2a0bb9c4ff05cddb0dc6914af566e5f2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

de78025f6b57f4f4dd168238cc75875e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
InterlockedIncrement
CopyFileW
GetSystemDirectoryA
RaiseException
LoadLibraryExW
ReadFile
OutputDebugStringA
GetOEMCP
GetACP
GetModuleHandleW
GetFileAttributesW
DebugBreak
GlobalFree
GetLocaleInfoA
GetFullPathNameW
InterlockedCompareExchange
IsDebuggerPresent
InterlockedExchange
FreeResource
lstrcmpiA
FindNextFileW
EndUpdateResourceW
LocalFree
UpdateResourceW
WideCharToMultiByte
GetThreadLocale
RemoveDirectoryA
CopyFileA
GetFullPathNameA
GetVersionExW
GetFileAttributesA
GetFileInformationByHandle
BeginUpdateResourceW
InterlockedDecrement
RemoveDirectoryW
ExitProcess
LoadLibraryExA
lstrlenW
CloseHandle
SetFilePointer
FindClose
lstrcpyA
GetVersion
lstrlenA
GlobalAlloc
GetEnvironmentVariableA

imagehlp

ImageDirectoryEntryToData
ImageNtHeader
ImageGetDigestStream
ImageRvaToVa

msvcrt

__setusermatherr
__winitenv
__dllonexit
_snwprintf
memset
atoi
_adjust_fdiv
iswspace
realloc
_XcptFilter
??1type_info@@UAE@XZ
_itow
_wcsicmp
_itoa
vwprintf
_cexit
strchr
_except_handler3
wcsrchr
_onexit
wcslen
_vsnwprintf
__wgetmainargs
_snprintf
_vsnprintf
__set_app_type
strncmp
fputs
_purecall
_controlfp
__p__commode
_CxxThrowException
_wcsnicmp
??2@YAPAXI@Z
__p__fmode
__CxxFrameHandler
free
_initterm
wcsstr
_exit
??3@YAXPAX@Z
?terminate@@YAXXZ
qsort
_c_exit
_wcslwr
exit
_iob

shell32

CommandLineToArgvW

user32

wsprintfW
CharNextA
CharNextW

ole32

CoInitialize
StringFromCLSID
CoUninitialize
CoCreateInstance
StringFromIID
CoTaskMemFree
CLSIDFromString

msvfw32

ICGetInfo
ICRemove

Sections

.text
Size: 706KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de78025f6b57f4f4dd168238cc75875e

Headers

File Characteristics

Imports

kernel32

imagehlp

msvcrt

shell32

user32

ole32

msvfw32

Sections

.text Size: 706KB - Virtual size: 705KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 251KB - Virtual size: 251KB

.rsrc Size: 27KB - Virtual size: 3.2MB

.text
Size: 706KB - Virtual size: 705KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 251KB - Virtual size: 251KB

.rsrc
Size: 27KB - Virtual size: 3.2MB