44bfad7827cd85f823e2ba5f6ee54c9e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44bfad7827cd85f823e2ba5f6ee54c9e_JaffaCakes118
Size

979KB
MD5

44bfad7827cd85f823e2ba5f6ee54c9e
SHA1

d941e689b065b1f701d51a774393333156d57163
SHA256

b36275a001b26633a85c7a03651dc53faefb6036692b901f88ce9abf4260f0f1
SHA512

c287c2a7ab65bef46444780597ccbaccb9f24c00559b17656ecbd9d005546cc13b4719dcf99c48da41f78d198def34bd30f1a6cd9b4e515a191e60c39acce575
SSDEEP

24576:oFsNomP4iJdaeadxIMjlwCpHd2ZYXyQmS0qHWLKhSTf5J:kW6eaDlww9530znTBJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44bfad7827cd85f823e2ba5f6ee54c9e_JaffaCakes118

Files

44bfad7827cd85f823e2ba5f6ee54c9e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d84e04e8283a9e2bd385daa199544435

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharNextW
CharNextA
wsprintfW

shell32

CommandLineToArgvW

kernel32

FreeLibrary
GetOEMCP
IsDebuggerPresent
LocalFree
ReadFile
ExitProcess
lstrcmpiA
BeginUpdateResourceW
EndUpdateResourceW
GetLocaleInfoA
RemoveDirectoryA
InterlockedIncrement
GetEnvironmentVariableA
GlobalAlloc
RemoveDirectoryW
FindClose
GetVersionExW
CopyFileW
GetFileAttributesW
GetVersion
FreeResource
GetACP
LoadLibraryExW
CloseHandle
GetFileInformationByHandle
InterlockedExchange
CopyFileA
SetFilePointer
lstrcpyA
InterlockedCompareExchange
GetFullPathNameW
OutputDebugStringA
lstrlenA
RaiseException
FindNextFileW
lstrlenW
GetSystemDirectoryA
GetThreadLocale
GetFullPathNameA
WideCharToMultiByte
UpdateResourceW
GlobalFree
DebugBreak
LoadLibraryExA
InterlockedDecrement
GetFileAttributesA
GetModuleHandleW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromString
StringFromCLSID
CoTaskMemFree
StringFromIID

imagehlp

ImageNtHeader
ImageRvaToVa
ImageDirectoryEntryToData
ImageGetDigestStream

msvcrt

__setusermatherr
wcslen
_controlfp
_cexit
_wcsicmp
_wcsnicmp
_vsnwprintf
__set_app_type
__winitenv
fputs
wcsstr
_adjust_fdiv
??3@YAXPAX@Z
_CxxThrowException
free
_snwprintf
_except_handler3
strchr
_itow
_c_exit
__CxxFrameHandler
_XcptFilter
exit
??2@YAPAXI@Z
_exit
strncmp
atoi
wcsrchr
_vsnprintf
iswspace
_itoa
_iob
_onexit
__dllonexit
__p__commode
__wgetmainargs
__p__fmode
qsort
realloc
?terminate@@YAXXZ
_snprintf
vwprintf
??1type_info@@UAE@XZ
memset
_purecall
_initterm
_wcslwr

msvfw32

ICGetInfo
ICRemove

Sections

.text
Size: 706KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d84e04e8283a9e2bd385daa199544435

Headers

File Characteristics

Imports

user32

shell32

kernel32

ole32

imagehlp

msvcrt

msvfw32

Sections

.text Size: 706KB - Virtual size: 705KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 251KB - Virtual size: 250KB

.rsrc Size: 18KB - Virtual size: 3.2MB

.text
Size: 706KB - Virtual size: 705KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 251KB - Virtual size: 250KB

.rsrc
Size: 18KB - Virtual size: 3.2MB