3aaf54d108d6a0df760906d10ef97bd1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3aaf54d108d6a0df760906d10ef97bd1_JaffaCakes118
Size

68KB
MD5

3aaf54d108d6a0df760906d10ef97bd1
SHA1

21ea63cfddf727a29f67b61e51a6b04029d8a4ac
SHA256

4920e0d4bff74d0c0fcd4c3526cd548e1bb1e08fb79c6d39d6c9440e3d3e85ac
SHA512

f66fdaa947e40c4a7201640b1506b80da677dc46481dc03dae4d42d35b43ca286acfb6910487cd829a0e70e8b716d30d13c24564fe0abdcad1715ce3a1d57bee
SSDEEP

1536:3BvItnT7w921oUCpTWuUPZoInToIfMIOUjBFUk23oaL4pjZsj61B:J2jozKosTBfCUjBFUk23oo4pjZsj61B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3aaf54d108d6a0df760906d10ef97bd1_JaffaCakes118

Files

3aaf54d108d6a0df760906d10ef97bd1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

379c5f4b5c9cd8e5b75e74e747a0f20b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenProcess
RemoveDirectoryA
MoveFileA
GetCurrentThreadId
CopyFileA
GetDriveTypeA
CreateThread
OutputDebugStringA
FreeLibrary
CreateToolhelp32Snapshot
CloseHandle
SizeofResource
FindResourceA
LoadLibraryA
GetProcAddress
GetCurrentProcessId
TerminateProcess
WaitForSingleObject
GetEnvironmentVariableA
GetLastError
Sleep
GetStartupInfoA
DeleteFileA
MoveFileExA
GetFileSize
GetComputerNameA
GetVolumeInformationA
GetSystemTime
LoadResource
GetExitCodeThread
GetCurrentProcess
SleepEx
GetVersionExA
GetModuleHandleA
ReleaseMutex
OpenMutexA
CreateMutexA
LocalFree
SetLastError
FindClose

user32

DefWindowProcA
PostQuitMessage
RegisterClassExA
CreateWindowExA
ShowWindow
UpdateWindow
GetMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
UnregisterClassA
PostMessageA
FindWindowA
SendMessageA

advapi32

LookupAccountSidA
GetTokenInformation
OpenProcessToken
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyExA
GetUserNameA

msvcrt

strcmp
exit
tolower
_pctype
_isctype
__mb_cur_max
strchr
free
strtok
malloc
_except_handler3
_local_unwind2
strftime
localtime
atoi
_ftol
_vsnprintf
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
time
srand
rand
memcpy
strstr
strlen
strcpy
memset
strncpy
strcat
_snprintf
calloc
_stricmp

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

379c5f4b5c9cd8e5b75e74e747a0f20b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcrt

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 16KB - Virtual size: 86KB

.rsrc Size: 164KB - Virtual size: 160KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 16KB - Virtual size: 86KB

.rsrc
Size: 164KB - Virtual size: 160KB

.reloc
Size: 4KB - Virtual size: 3KB