2ec7b7af56fc4136a40bb43d82a90fe8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ec7b7af56fc4136a40bb43d82a90fe8_JaffaCakes118
Size

248KB
MD5

2ec7b7af56fc4136a40bb43d82a90fe8
SHA1

2c7b1401d8c6d3fa6b48740bf2335d8d46c432cd
SHA256

46dff50c267f22a47fd6ca5357e20b401fcc3aacb4dfe77e936b74f46ac753b9
SHA512

28bbff99bf1bdcb4cdb859a0c4381049de77ad393e98218e559c1e886f4e306c91c29912b1685751ed1e8e393d234530b686d25c04c3da050568da44b7ee60ea
SSDEEP

6144:uVu7nct5EaP1ra5xLUeu0fWbl5yTTUi/7:4yneEaPgeet1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ec7b7af56fc4136a40bb43d82a90fe8_JaffaCakes118

Files

2ec7b7af56fc4136a40bb43d82a90fe8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

82f839f8274b5febc99f8c2dd464a57a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1727
ord2446
ord2124
ord5277
ord2982
ord5065
ord5261
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3147
ord3259
ord3830
ord3079
ord4080
ord4627
ord4425
ord3597
ord641
ord324
ord2370
ord4234
ord3092
ord6199
ord4710
ord5356
ord3831
ord5807
ord690
ord3825
ord1271
ord389
ord2818
ord6283
ord1228
ord2614
ord5683
ord4277
ord2764
ord4129
ord4673
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord5204
ord4424
ord3738
ord2528
ord2621
ord1134
ord1205
ord3229
ord2055
ord2915
ord5572
ord941
ord939
ord940
ord4274
ord3953
ord561
ord815
ord1151
ord342
ord1182
ord1193
ord922
ord1690
ord6055
ord1776
ord5288
ord2054
ord4431
ord3700
ord771
ord1008
ord497
ord6215
ord2863
ord1146
ord4715
ord5056
ord2379
ord4439
ord4224
ord4259
ord1907
ord5161
ord4905
ord4742
ord4948
ord4358
ord4854
ord5287
ord4835
ord768
ord489
ord356
ord4377
ord1105
ord4976
ord6197
ord755
ord470
ord2770
ord2781
ord668
ord1168
ord1669
ord2652
ord535
ord860
ord825
ord540
ord800
ord3749
ord6376
ord4837
ord2648
ord4441
ord4353
ord3798
ord5280
ord2385
ord6374
ord5163
ord1775
ord5241
ord4407
ord2514
ord4078
ord6052
ord4376
ord4998
ord4853
ord353
ord5265
ord4278
ord823
ord3789
ord665
ord4160
ord3181
ord858
ord2864
ord537
ord2725
ord4622
ord4258
ord1576

msvcrt

__set_app_type
__p__fmode
_mbsspn
_mbsicmp
_mbscmp
isalnum
strcpy
_mbsnbicmp
_mbsnbcpy
memcpy
strtoul
atoi
memset
_CxxThrowException
_mbstok
strlen
_controlfp
_except_handler3
_mbsrchr
_strdup
free
time
strcat
??1type_info@@UAE@XZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__CxxFrameHandler
_setmbcp

kernel32

LocalFree
CopyFileA
FindFirstFileA
GetLastError
CreateDirectoryA
FindClose
GetFileAttributesA
FindNextFileA
DeleteFileA
SetFileAttributesA
CloseHandle
WaitForSingleObject
lstrcmpA
CreateMutexA
InterlockedDecrement
GetCurrentThreadId
lstrcatA
GetModuleFileNameA
FreeLibrary
IsDBCSLeadByte
TerminateThread
LoadLibraryA
SetThreadExecutionState
Sleep
GlobalFree
GlobalAlloc
GetVersionExA
GetModuleHandleA
GetCurrentProcess
GetDriveTypeA
GetStartupInfoA

user32

SetTimer
LoadIconA
GetWindowRect
GetParent
AppendMenuA
SendMessageA
RegisterClipboardFormatA
MessageBoxA
FindWindowA
SetForegroundWindow
wsprintfA
PostMessageA
KillTimer
EnableWindow
GetSystemMenu
LoadStringA

advapi32

OpenProcessToken
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

msvcp60

??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82f839f8274b5febc99f8c2dd464a57a

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp60

Sections

.text Size: 36KB - Virtual size: 34KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 56KB - Virtual size: 55KB

.rsrc Size: 136KB - Virtual size: 132KB

.text
Size: 36KB - Virtual size: 34KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 56KB - Virtual size: 55KB

.rsrc
Size: 136KB - Virtual size: 132KB