4dc0a91a66d387d17677574520e7eebd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4dc0a91a66d387d17677574520e7eebd_JaffaCakes118
Size

72KB
MD5

4dc0a91a66d387d17677574520e7eebd
SHA1

9f176161a82db31e118958b16715c5e13bb95f50
SHA256

c993cf052fffe596f59de07010b3aa5df60eeb1cb3583087f5d5659d605248b1
SHA512

57d0419b5c91f821903fe0e1db0878d1f9859b7d3ceec4a8c912a3c408122b95bc152f0a4a4f6ed9b4940cb423b7b7fc64f638f4fad257d7bdd95d1d50c23286
SSDEEP

1536:3THuzpM9iDA17BD3gPLTmWcXl4av66sj:3YGFDkLyWW+A66s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4dc0a91a66d387d17677574520e7eebd_JaffaCakes118

Files

4dc0a91a66d387d17677574520e7eebd_JaffaCakes118
.exe .vbs windows:4 windows x86 arch:x86 polyglot

62c68915377316cf4627a23757beaa7b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
GetProcessHeap
GetModuleHandleA
ExitProcess
HeapAlloc
HeapReAlloc
HeapFree
IsBadReadPtr
GetModuleFileNameA
Sleep
GetFileAttributesA
CloseHandle
GetFileSize
CreateFileA
WaitForSingleObject
GlobalFree
GetStartupInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
ReadFile
DeleteFileA
CreateDirectoryA
WriteFile
WideCharToMultiByte
FindNextFileA
FindFirstFileA
FindClose
LCMapStringA
RtlMoveMemory
GlobalSize
lstrcpyn
GlobalUnlock
GlobalLock
GlobalAlloc
GetLogicalDriveStringsA
CreateProcessA
WinExec

gdiplus

GdipCreateBitmapFromStream
GdipSaveImageToStream
GdipDisposeImage
GdiplusStartup

ole32

CreateStreamOnHGlobal
CLSIDFromString
CoInitialize
CoUninitialize
OleRun
CoCreateInstance
CLSIDFromProgID
GetHGlobalFromStream

ws2_32

htonl
closesocket
inet_addr
WSASetLastError
htons
bind
gethostbyname
connect
select
WSACleanup
WSAStartup
WSAGetLastError
setsockopt
getpeername
getsockname
inet_ntoa
ntohs
__WSAFDIsSet
sendto
accept
listen
recv
send
socket
recvfrom

msvcrt

strncpy
memmove
_ftol
malloc
free
_CIpow
floor
??2@YAPAXI@Z
??3@YAXPAX@Z
modf
sprintf
strtod
strncmp
_strnicmp

user32

PeekMessageA
GetDC
DispatchMessageA
GetMessageA
MessageBoxA
wsprintfA
GetSystemMetrics
ReleaseDC
GetWindowRect
GetDesktopWindow
TranslateMessage

shlwapi

PathFileExistsA

gdi32

DeleteObject
GetDIBits
GetObjectA
StretchBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC

oleaut32

LoadTypeLi
RegisterTypeLi
SysAllocString
SafeArrayCreate
VariantClear
SafeArrayDestroy
SafeArrayGetElement
VariantInit
VariantChangeType

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

62c68915377316cf4627a23757beaa7b

Headers

File Characteristics

Imports

kernel32

gdiplus

ole32

ws2_32

msvcrt

user32

shlwapi

gdi32

oleaut32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 12KB - Virtual size: 58KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 12KB - Virtual size: 58KB

.rsrc
Size: 4KB - Virtual size: 3KB