46693adc6fe53de3fea79550ce6f1325_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46693adc6fe53de3fea79550ce6f1325_JaffaCakes118
Size

256KB
MD5

46693adc6fe53de3fea79550ce6f1325
SHA1

34e0640e4a9c7500c002955cce8f452a62c68829
SHA256

3503953ebc526984a1d42c358c1392a5229184b97226f8b5a0f7ec9179b484e7
SHA512

ac549a03c81ff68986a4a62a2716063c826cca17914c3495b3690ea6d0e313e1d01c51989d76dd3c7e3a8a6d773600db7cb186850d6ceb1376a67b4a58812bfe
SSDEEP

6144:HmromQ65aWBamxHFJn0sa1bFKpJo369kNW6TO8:HmromT5aCP1wO3y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46693adc6fe53de3fea79550ce6f1325_JaffaCakes118

Files

46693adc6fe53de3fea79550ce6f1325_JaffaCakes118
.exe windows:4 windows x86 arch:x86

15c5aaa5af9b3e43028c1d2dcf2caeda

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5861
ord542
ord1085
ord2765
ord802
ord354
ord800
ord5186
ord5773
ord5442
ord1979
ord665
ord2763
ord6648
ord6883
ord4277
ord2820
ord1247
ord1105
ord541
ord801
ord2827
ord5603
ord5858
ord6383
ord5440
ord6394
ord5450
ord543
ord3663
ord823
ord939
ord941
ord6927
ord6929
ord6874
ord4129
ord858
ord825
ord803
ord3584
ord5683
ord5710
ord537
ord2614
ord940
ord6283
ord6282
ord2915
ord5572
ord535
ord4202
ord2764
ord860
ord2818
ord540

msvcrt

fprintf
exit
_iob
_mbscmp
??1type_info@@UAE@XZ
memmove
localtime
calloc
asctime
sprintf
strncpy
memset
strcmp
time
srand
rand
_stricmp
_purecall
memcpy
malloc
strlen
free
realloc
__CxxFrameHandler

kernel32

IsBadCodePtr
GetVersionExA
GetLocaleInfoA
GlobalMemoryStatus
GetSystemInfo
GetCurrentThreadId
GetTickCount
SetUnhandledExceptionFilter
SetLastError
lstrlenA
WideCharToMultiByte
InitializeCriticalSection
FreeLibrary
ExitProcess
GetCurrentProcess
DeleteFileA
GetEnvironmentVariableA
CreateDirectoryA
lstrlenW
IsBadReadPtr
EnterCriticalSection
DeleteCriticalSection
VirtualQuery
FindResourceA
SizeofResource
LoadResource
GetLastError
SetFilePointer
WriteFile
CreateFileA
GetFileSize
GetModuleFileNameA
CreateThread
Sleep
CloseHandle
GetModuleHandleA
LoadLibraryA
GetCurrentProcessId
OpenProcess
Module32Next
lstrcpynA
Module32First
CreateToolhelp32Snapshot
GetTempPathA
CreateMutexA
OutputDebugStringA
GetTempFileNameA
GetCommandLineA
FindNextFileA
FindClose
FindFirstFileA
TerminateProcess
UnmapViewOfFile
VirtualProtect
MapViewOfFile
CreateFileMappingA
LeaveCriticalSection
ReadFile
Process32First
Process32Next
GetExitCodeProcess
VirtualAlloc
VirtualFree
lstrcmpA
VirtualAllocEx
CreateRemoteThread
VirtualFreeEx
OpenMutexA
Thread32First
OpenThread
SuspendThread
ResumeThread
WriteProcessMemory
ReadProcessMemory
GetProcAddress
Thread32Next

user32

SetTimer
wsprintfA
ExitWindowsEx
GetMessageA

advapi32

RegNotifyChangeKeyValue
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegEnumValueA
RegQueryInfoKeyA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegEnumKeyExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

CoCreateGuid
StringFromGUID2

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

shlwapi

PathFileExistsA

Exports

Exports

GetModuleId
GetModuleInterface
GetModuleVersion

Sections

.text
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

15c5aaa5af9b3e43028c1d2dcf2caeda

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

msvcp60

shlwapi

Exports

Exports

Sections

.text Size: 132KB - Virtual size: 130KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 20KB - Virtual size: 17KB

.rsrc Size: 76KB - Virtual size: 72KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 132KB - Virtual size: 130KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 20KB - Virtual size: 17KB

.rsrc
Size: 76KB - Virtual size: 72KB

.reloc
Size: 8KB - Virtual size: 6KB