64141d43e8550f751d85e46c073bf1ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

64141d43e8550f751d85e46c073bf1ad_JaffaCakes118
Size

308KB
MD5

64141d43e8550f751d85e46c073bf1ad
SHA1

a51f62056bce7caaa720af4ef246587fbf8e3459
SHA256

16b769c3cec931fa61c02ceceb494cc9fd0dd99a5bef48d899cfabd35bea5e41
SHA512

8513ff31d252a2a68c7c118b074336aab9eb3de86cc83c16bf53fa60deaef58d9da3c4aea3341b25547d652c42e93eb2963b09cab09bba494f5209b599b218cf
SSDEEP

6144:2wDNWt01HJeo8kTwtlWrHhbUkdlli3+Dfj3:290ngvt0rx9l5D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64141d43e8550f751d85e46c073bf1ad_JaffaCakes118

Files

64141d43e8550f751d85e46c073bf1ad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f05c952646f637079e273d519a0284b8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

librfc32

RfcClose
RfcAccept
RfcSendData
RfcSetCodePage
ItCreate
RfcGetData
ItAppLine
ItFill
ItGupLine
ItGetLine
RfcRaise
RfcLastError
RfcGetName

mapi32

ord21
ord13
ord17
ord23
ord140
ord129
ord15
ord60
ord75
ord11
ord36

mfc42u

ord4621
ord4419
ord3592
ord641
ord4075
ord324
ord4229
ord2371
ord6451
ord2455
ord4199
ord537
ord5215
ord3658
ord1560
ord711
ord617
ord5208
ord296
ord3948
ord413
ord268
ord5710
ord6371
ord4480
ord2546
ord2504
ord5727
ord1089
ord5193
ord2388
ord3341
ord1767
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord3396
ord4616
ord4418
ord3733
ord561
ord815
ord3753
ord3744
ord4847
ord3826
ord3074
ord2980
ord3875
ord833
ord802
ord542
ord6138
ord398
ord700
ord4184
ord913
ord1258
ord2047
ord2836
ord2440
ord3898
ord2036
ord2099
ord5446
ord5436
ord6379
ord5830
ord6390
ord5815
ord3642
ord5590
ord837
ord941
ord798
ord533
ord4073
ord6048
ord2506
ord4704
ord4992
ord3820
ord3076
ord3825
ord2971
ord2640
ord3131
ord3257
ord541
ord772
ord3142
ord4459
ord3254
ord2116
ord2977
ord5273
ord1720
ord2438
ord5257
ord6372
ord5059
ord3420
ord3793
ord4435
ord4831
ord6370
ord5276
ord4347
ord5237
ord5157
ord2377
ord3049
ord4401
ord3050
ord4370
ord5261
ord1928
ord2822
ord5597
ord1085
ord6874
ord2078
ord6211
ord940
ord942
ord535
ord412
ord4160
ord710
ord521
ord4162
ord6303
ord5857
ord2914
ord538
ord348
ord663
ord4163
ord2910
ord5568
ord5929
ord3805
ord6865
ord6867
ord4272
ord2606
ord4124
ord5706
ord5210
ord836
ord2806
ord6279
ord6139
ord927
ord861
ord922
ord925
ord803
ord823
ord543
ord858
ord540
ord2810
ord800
ord3579
ord825
ord801
ord500
ord3403
ord3222
ord5296
ord536
ord1165
ord1569

msvcrt

__set_app_type
_controlfp
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_except_handler3
ldiv
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
memmove
_splitpath
_wfopen
fclose
_wcsicmp
malloc
wcslen
__CxxFrameHandler
_CxxThrowException
wcscmp
_purecall
free
wcsncpy
wcsncmp
wcscpy
strncpy
_wtoi
wcstoul

kernel32

lstrlenA
WaitForMultipleObjects
SetThreadPriority
GetCurrentProcessId
GetTempPathW
IsValidCodePage
MultiByteToWideChar
WideCharToMultiByte
IsBadWritePtr
IsBadReadPtr
LocalFileTimeToFileTime
SystemTimeToFileTime
LocalFree
LoadLibraryW
FreeLibrary
GetModuleFileNameW
SetConsoleCtrlHandler
GetSystemDefaultLangID
ExitThread
SuspendThread
ResumeThread
TerminateThread
CreateThread
CloseHandle
ExpandEnvironmentStringsW
ResetEvent
SetEvent
GetComputerNameW
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
FormatMessageW
lstrlenW
LocalAlloc
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
OutputDebugStringW
lstrcpyW
GetModuleHandleW
GetStartupInfoW
GetACP
IsDBCSLeadByteEx

user32

EnableWindow
PostQuitMessage
wsprintfW
PostMessageW
wsprintfA

advapi32

ImpersonateLoggedOnUser
RegisterServiceCtrlHandlerW
CloseServiceHandle
GetServiceDisplayNameW
OpenSCManagerW
SetServiceStatus
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
LogonUserW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
StartServiceCtrlDispatcherW

ole32

CoUninitialize
CoInitializeEx
CoCreateInstance
OleRun

oleaut32

VariantInit
VariantClear
GetErrorInfo
VariantCopy
SysFreeString
SysAllocString

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f05c952646f637079e273d519a0284b8

Headers

File Characteristics

Imports

librfc32

mapi32

mfc42u

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 184KB - Virtual size: 183KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 88KB - Virtual size: 88KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 184KB - Virtual size: 183KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 88KB - Virtual size: 88KB

.rsrc
Size: 4KB - Virtual size: 4KB