49c7473379ffa6fd2bc85482bedeee56_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

49c7473379ffa6fd2bc85482bedeee56_JaffaCakes118
Size

5.8MB
MD5

49c7473379ffa6fd2bc85482bedeee56
SHA1

30b505db289807bb0b9e355500ff8d0711cc1747
SHA256

15f07950fa8e2f3f7a9415237a4d82357d70a5a39b36796d31fe439db4aec2e7
SHA512

2ab38e185c4e918dd33653ae9b2750de92ffb746d9d50041ef7c5408b4a19400def7dd1a90823ba3c4c3d772f41673bdbab19ecfd7a5f5c314d723425dcb30ff
SSDEEP

98304:MGNS87jRvjHuYh23KNoYhcFWbOTqr0brgLH4XvB83/UkfxmkHxtfOTAeH1P76z4Q:MGE8pvaYXf7gJrEI83xHxtjexcHBb69m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49c7473379ffa6fd2bc85482bedeee56_JaffaCakes118

Files

49c7473379ffa6fd2bc85482bedeee56_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b7b3220a51fd267a0c84c0bcd1b92178

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetTextCharacterExtra
GetEnhMetaFileDescriptionA

advapi32

IsValidAcl
CryptAcquireContextA
RegUnLoadKeyA
MapGenericMask
GetUserNameW
RegQueryValueW
RegSetValueA
OpenServiceA
CreateProcessAsUserA
OpenThreadToken
BuildTrusteeWithNameW
LookupPrivilegeDisplayNameA

shell32

DragFinish
FindExecutableA

kernel32

FlushFileBuffers
SuspendThread
GetSystemDefaultLangID
ExitProcess
IsProcessorFeaturePresent
EnumSystemCodePagesW
FindFirstFileExW
PulseEvent
WritePrivateProfileSectionW
GlobalFlags
SetHandleCount
FormatMessageA
VirtualLock
LocalFileTimeToFileTime
GenerateConsoleCtrlEvent
lstrcmpiA
WriteConsoleOutputW
SetVolumeLabelA

oleaut32

LoadTypeLibEx
SafeArrayCreate

user32

SetClipboardData
SetActiveWindow
GetWindowLongW
MapVirtualKeyA
SetScrollPos
OpenIcon
SetCursorPos
CharPrevA
RegisterClassExA
SystemParametersInfoA
GetCursorPos
GetClipboardFormatNameA
GetClipCursor
GetMessageW
EnumWindows
SetForegroundWindow
DefMDIChildProcW
BroadcastSystemMessageA
RegisterClassExW
DeleteMenu
CountClipboardFormats
SendMessageTimeoutW
SystemParametersInfoW
ValidateRect

ws2_32

WSAResetEvent
WSANtohs
accept
WSAIsBlocking
WSASetBlockingHook
recv
closesocket

comdlg32

ReplaceTextW
GetOpenFileNameA

msvcrt

signal
strncat
_strlwr
iswalpha
fputc
floor
getenv

Sections

.text
Size: 2KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b7b3220a51fd267a0c84c0bcd1b92178

Headers

File Characteristics

Imports

gdi32

advapi32

shell32

kernel32

oleaut32

user32

ws2_32

comdlg32

msvcrt

Sections

.text Size: 2KB - Virtual size: 223KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 5.4MB - Virtual size: 5.4MB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 2KB - Virtual size: 223KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 5.4MB - Virtual size: 5.4MB

.rsrc
Size: 17KB - Virtual size: 16KB