5b87f7f8c8c25b2ca9e588a133b37837_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5b87f7f8c8c25b2ca9e588a133b37837_JaffaCakes118
Size

120KB
MD5

5b87f7f8c8c25b2ca9e588a133b37837
SHA1

e20e9dd1708d8e093328d2eee78fc72428a1d4bc
SHA256

1030a43ae6e84e7978420e827140e3092079b08793c4073b545c0703ecc15363
SHA512

e2f6804ddad29dc8502e26a9b75764d370afb7b8374f119d77235a83591be65d81ae3b22a866a84d77be05160cedad6a282b565762be9b023c24cb3179dc1e68
SSDEEP

1536:t9GYcaAyLyBdc54pCTp5pHQkLU8CJ5YEWl8JiuVMGwG46:t9G0+QrBLqJ5YEu8U/G46

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b87f7f8c8c25b2ca9e588a133b37837_JaffaCakes118

Files

5b87f7f8c8c25b2ca9e588a133b37837_JaffaCakes118
.exe windows:4 windows x86 arch:x86

baddd09c102bb155a3120e834f2cc16e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

mfc42

ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord3597
ord800
ord641
ord860
ord540
ord324
ord825
ord2370
ord4234
ord1200
ord2818
ord941
ord5572
ord2919
ord5651
ord3130
ord3676
ord2393
ord5575
ord2141
ord350
ord434
ord823
ord4033
ord857
ord1572
ord1656
ord3525
ord535
ord465
ord537
ord836
ord919
ord3810
ord5934
ord6569
ord1140
ord5601
ord3663
ord617
ord542
ord296
ord802
ord5220
ord1085
ord2765
ord4235
ord6919
ord5216
ord3522
ord5951
ord3521
ord1168
ord6241
ord2087
ord1175
ord4497
ord3874
ord6403
ord2813
ord6766
ord6402
ord2642
ord798
ord1105
ord6059
ord533
ord6663
ord4278
ord5710
ord922
ord6874
ord858
ord5683
ord4277
ord4129
ord2763
ord2764
ord939
ord6283
ord6282
ord924
ord926
ord5207
ord6467
ord1154
ord1842
ord4242
ord6154
ord2530
ord4364
ord4056
ord5471
ord4121
ord2389
ord5082
ord1709
ord1712
ord6053
ord5234
ord6369
ord5279
ord5248
ord2444
ord3598
ord3610
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2575
ord4396
ord3574
ord5290
ord3402
ord4424
ord6741
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord6055
ord4077
ord1776
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord807
ord796
ord609
ord6508
ord656
ord616
ord642
ord674
ord6491
ord554
ord529
ord567
ord327
ord366
ord620
ord5871
ord6000
ord2117
ord6565
ord6619
ord4163
ord6376
ord4457
ord5252
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord459
ord561
ord743
ord4838
ord4374
ord4111
ord2643
ord1662
ord3277
ord1576
ord3579
ord2558
ord6215
ord5301
ord6354
ord6352
ord5500
ord5214
ord2036
ord5503
ord2635
ord986
ord520
ord4159
ord6117
ord2621
ord1134
ord5497
ord445
ord1199
ord1205
ord742
ord3721
ord3619
ord3626
ord795
ord2414
ord2302
ord5130
ord5875
ord4476
ord5953
ord2243
ord2379
ord6041
ord1825
ord4238
ord2486
ord4003
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord652
ord1206
ord2623
ord338
ord1223
ord4823
ord6329
ord5461
ord6404
ord6199
ord4299
ord1601
ord1849
ord4244
ord4532
ord5076
ord4723
ord5253
ord3371
ord3641
ord2583
ord4589
ord4588
ord4899
ord4370
ord4892
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4403
ord5240
ord3748
ord1726
ord4432
ord700
ord303
ord398
ord813
ord3996
ord4284
ord5609
ord2652
ord6007
ord6905
ord6907
ord3998
ord1669
ord6027
ord3286
ord3301
ord1997
ord6407
ord532
ord3499
ord2515
ord355
ord4204
ord6876
ord4202
ord6672
ord6877
ord1988
ord3638
ord2638
ord389
ord690
ord5856
ord5465
ord5194
ord4189
ord6334
ord2301
ord2298
ord2294
ord2362
ord2358
ord2614
ord3439
ord6311
ord913
ord4171
ord5594
ord3092
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4710
ord4998
ord4853
ord4376
ord5265
ord6625
ord3353

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
_fullpath
free
atol
__CxxFrameHandler
strncmp
_setmbcp
_CxxThrowException
wcslen
_stricmp
_strdup
atoi
atof
_mbscmp
_ftol
time
strstr
strncpy
strchr

kernel32

GetVolumeInformationA
GetProcAddress
OutputDebugStringA
GetModuleHandleA
GetStartupInfoA
GetFileAttributesA
FreeLibrary
GetCurrentDirectoryA
GetLastError
WideCharToMultiByte
LocalFree
LoadLibraryA
InterlockedDecrement
MultiByteToWideChar
lstrlenA
Sleep

user32

KillTimer
GetSystemMetrics
SetWindowLongA
SetTimer
PostMessageA
SendMessageA
GetWindowTextA
GetClassNameA
EnumWindows
EnableWindow
GetWindowLongA
GetDlgItem
UpdateWindow

gdi32

GetStockObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

shell32

SHGetMalloc
SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA

ole32

OleInitialize
OleUninitialize

oleaut32

VariantClear
SysFreeString
SysAllocString

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

baddd09c102bb155a3120e834f2cc16e

Headers

File Characteristics

Imports

version

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 36KB - Virtual size: 35KB

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 36KB - Virtual size: 35KB