4045870ef6376381f532a09867e2d721_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4045870ef6376381f532a09867e2d721_JaffaCakes118
Size

448KB
MD5

4045870ef6376381f532a09867e2d721
SHA1

88bc2faff33d2fecf56144735f4f869e27a92887
SHA256

2445269acbbb8df99677c8ff0325cdfddd83106fd3f390bf41c9c3638eca45c9
SHA512

dd825ba539e58362ea925870f4face19d8114d361220ec1953f16053a82906a7b78423e64106a38d64599a57ce2336d1f6614e29ad4ba780aa00b922ba04b4a5
SSDEEP

6144:luV8MrTZMaGSuEsDGujt/pvnVCAf+odzowSDhTb474aZN/okLA0hMXeMj:4zySuEsDGujtV4podzkDC74an/okL2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4045870ef6376381f532a09867e2d721_JaffaCakes118

Files

4045870ef6376381f532a09867e2d721_JaffaCakes118
.exe windows:4 windows x86 arch:x86

53c3a1bc31ed33fe792dc2a59d29656f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mspdb40

PDBExportValidateInterface
PDBOpen

msvcrt40

_stricmp
_tempnam
free
_spawnv
_makepath
__p__pgmptr
remove
qsort
_spawnvp
__unDName
longjmp
_fcloseall
putc
vprintf
fread
fseek
ftell
getc
rewind
malloc
fwrite
fclose
fopen
_setjmp3
_seh_longjmp_unwind
_isctype
__p__pctype
__p___mb_cur_max
getenv
_fullpath
strtok
fgets
_ultoa
strrchr
toupper
_itoa
_tzset
fprintf
fputc
exit
puts
time
_except_handler3
sprintf
strcspn
bsearch
atoi
strspn
rename
_mktemp
strstr
strncat
_filelength
calloc
_strdup
_searchenv
strpbrk
??2@YAPAXI@Z
_purecall
??3@YAXPAX@Z
??1ios@@UAE@XZ
??1ostrstream@@UAE@XZ
?ends@@YAAAVostream@@AAV1@@Z
??0ostrstream@@QAE@PADHH@Z
??6ostream@@QAEAAV0@K@Z
?hex@@YAAAVios@@AAV1@@Z
_mtunlock
_mtlock
??6ostream@@QAEAAV0@E@Z
??6ostream@@QAEAAV0@PBD@Z
??6ostream@@QAEAAV0@I@Z
??6ostream@@QAEAAV0@G@Z
??6ostream@@QAEAAV0@H@Z
_exit
_XcptFilter
__p___initenv
_initterm
__getmainargs
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strncmp
memmove
_splitpath
_strupr
_strnicmp
setvbuf
__p__iob
printf
fflush
strncpy
sscanf
strchr
_write
_lseek
_read
_tell
_close
_sopen
__doserrno
_stat
_access
_unlink
_chsize
fputs
ctime
realloc

kernel32

FindNextFileA
FindClose
GetDiskFreeSpaceA
VirtualFree
VirtualAlloc
SetEnvironmentVariableA
GetCommandLineA
GetCurrentProcess
GetVersion
CopyFileA
LoadLibraryA
FreeLibrary
SetConsoleCtrlHandler
DeleteFileA
ExitProcess
CreateFileMappingA
MapViewOfFileEx
UnmapViewOfFile
SetFilePointer
SetEndOfFile
CloseHandle
CreateFileA
GetLastError
GetFileSize
GetModuleHandleA
FindFirstFileA
GetProcAddress

Sections

.text
Size: 348KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53c3a1bc31ed33fe792dc2a59d29656f

Headers

File Characteristics

Imports

mspdb40

msvcrt40

kernel32

Sections

.text Size: 348KB - Virtual size: 348KB

.rdata Size: 73KB - Virtual size: 73KB

.data Size: 1KB - Virtual size: 106KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 29KB - Virtual size: 28KB

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 348KB - Virtual size: 348KB

.rdata
Size: 73KB - Virtual size: 73KB

.data
Size: 1KB - Virtual size: 106KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 29KB - Virtual size: 28KB

.reloc
Size: 32KB - Virtual size: 32KB