48668021a63013bd626e03bc7efd7991_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48668021a63013bd626e03bc7efd7991_JaffaCakes118
Size

86KB
MD5

48668021a63013bd626e03bc7efd7991
SHA1

658a5231b59472f4fedd390e7416954fcc3073cd
SHA256

fd98de67b0b66256bc1c70f799045bfd0295a78c314bd829a2fc11810c3e4785
SHA512

f0f0810e957f8892d65d3b3824683c467e232ad3c3e52cebe7fa27d50672a21a74a6b5a01d5f38b31b5d6d5ef545b3f4faba94d015f0c4464926788f3b6f22a0
SSDEEP

1536:yQ6GSgMsVhlZ/1P0N9V0rA4LrGArjN5q9Zd9Ow7VbcdalBhK7WKxok3cZH:L66nb//18rWv/GArLEROgpcQlBWxok3E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48668021a63013bd626e03bc7efd7991_JaffaCakes118

Files

48668021a63013bd626e03bc7efd7991_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a30a61942b55049ca1a85ff2e4c5f443

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

Imports

mfc80

ord764

msvcr80

_decode_pointer
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_onexit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
memset
_splitpath
printf
strstr
_lock
__dllonexit
_unlock
_ismbblead
_crt_debugger_hook

kernel32

GetThreadLocale
GetLocaleInfoA
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
Sleep
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetCommandLineA
CreateProcessA
GetVersionExA
InterlockedExchange

user32

EndDialog
PostQuitMessage
EndPaint
DrawTextA
GetClientRect
BeginPaint
DialogBoxParamA
DefWindowProcA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
GetMessageA
LoadAcceleratorsA
DestroyWindow
LoadStringA

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 73KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a30a61942b55049ca1a85ff2e4c5f443

Headers

File Characteristics

Imports

mfc80

msvcr80

kernel32

user32

Sections

.text Size: 4KB - Virtual size: 3KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 73KB - Virtual size: 76KB

.text
Size: 4KB - Virtual size: 3KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 73KB - Virtual size: 76KB