5c8c4455b5328ef32489c84c4fb91068_JaffaCakes118

General

Target

5c8c4455b5328ef32489c84c4fb91068_JaffaCakes118
Size

244KB
MD5

5c8c4455b5328ef32489c84c4fb91068
SHA1

c821b6530b9a016cfd069d3f53e87b55b84966a5
SHA256

d47e5639806758dadbca9a0b6d0a429fdc5b383e2e86174ae4f2fb5e72dd818f
SHA512

737cbd932c37c7788d3bb258a65418ad497c95ccd3a272f8e618188cfad33a4933385906110c7344ffbce19c497b6bc018394264412abe01d594b09a2380fb1b
SSDEEP

6144:RHCLXqM4JAmVAIaBHwsz1OOzucG3pemUJrnVlwn0y:RiLTmVycYNJXwn0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5c8c4455b5328ef32489c84c4fb91068_JaffaCakes118

Files

5c8c4455b5328ef32489c84c4fb91068_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b1e4443bc0bc2df4473fbe4d87f096c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetEntryDialParamsA
RasDialA
RasHangUpA
RasGetEntryPropertiesA

mfc42

ord3227
ord3408
ord3758
ord2107
ord924
ord926
ord3880
ord3425
ord6383
ord2044
ord4204
ord641
ord1640
ord3074
ord3067
ord482
ord323
ord859
ord6394
ord5450
ord5440
ord5834
ord536
ord6877
ord6648
ord540
ord940
ord2915
ord537
ord860
ord535
ord3054
ord858
ord3663
ord800
ord823
ord2448
ord2841
ord640
ord5216
ord825

msvcrt

_exit
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_adjust_fdiv
_onexit
__dllonexit
_read
strstr
_ftol
_open
_lseek
_write
atof
atoi
_creat
_close
_mbscmp
__CxxFrameHandler
sprintf
??1type_info@@UAE@XZ
_CxxThrowException
wcslen

kernel32

WideCharToMultiByte
LocalFree
GetLocalTime
InterlockedDecrement
FindClose
GetShortPathNameA
FindNextFileA
FindFirstFileA
WaitForSingleObject
CreateThread
CloseHandle
SetEvent
CreateEventA
ResetEvent
GetLastError
MultiByteToWideChar
InterlockedIncrement
CreateProcessA
GetStartupInfoA
lstrlenA
Sleep
GetModuleHandleA

gdi32

GetDeviceCaps
GetTextExtentPoint32A
CreateDCA

ole32

CoCreateInstance
OleRun
CLSIDFromString
CLSIDFromProgID
CoInitialize

oleaut32

VariantInit
VariantCopy
SysStringByteLen
GetErrorInfo
SysFreeString
VariantClear
SysAllocString
VariantChangeType
SysStringLen

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b1e4443bc0bc2df4473fbe4d87f096c4

Headers

File Characteristics

Imports

rasapi32

mfc42

msvcrt

kernel32

gdi32

ole32

oleaut32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 16KB - Virtual size: 17KB

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 16KB - Virtual size: 17KB