70d3fa0314b6131b7077893681475200_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

70d3fa0314b6131b7077893681475200_JaffaCakes118
Size

998KB
MD5

70d3fa0314b6131b7077893681475200
SHA1

3e41f005868e3688e3cc797cf02f2f0539d5fb57
SHA256

d60f3932b626ee9b7dab9065c103f800ce67d08e569ed44fb2b1b0fab04c5261
SHA512

5e409df7944f6eed66a586758d59b3293156f10abc6bec62453bca92a173b1aa81e5877c6a4b24c29b36101bfc9274141ec72bc6c4242b6a2d91bd271d3fc27c
SSDEEP

24576:qyjB5/405QmUTp1+wy8JpEPfVZj03PJoo0:LXg+UVM8JpEPN103PJo3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70d3fa0314b6131b7077893681475200_JaffaCakes118

Files

70d3fa0314b6131b7077893681475200_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1e33d2fc4030805917482b4b8d5642c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CLSIDFromString
CoUninitialize
CoTaskMemFree
StringFromIID
StringFromCLSID
CoInitialize
CoCreateInstance

msvcrt

exit
__set_app_type
realloc
wcsstr
__wgetmainargs
__CxxFrameHandler
_itow
_cexit
_vsnprintf
vwprintf
free
atoi
strncmp
_onexit
qsort
memset
_itoa
_c_exit
_controlfp
_CxxThrowException
__dllonexit
__p__commode
_iob
_exit
wcslen
_vsnwprintf
_XcptFilter
??1type_info@@UAE@XZ
__setusermatherr
_wcsnicmp
wcsrchr
_except_handler3
_snprintf
strchr
??3@YAXPAX@Z
??2@YAPAXI@Z
?terminate@@YAXXZ
__p__fmode
_adjust_fdiv
_purecall
_initterm
iswspace
_snwprintf
_wcsicmp
fputs
__winitenv
_wcslwr

imagehlp

ImageRvaToVa
ImageGetDigestStream
ImageNtHeader
ImageDirectoryEntryToData

shell32

CommandLineToArgvW

msvfw32

ICGetInfo
ICRemove

user32

wsprintfW
CharNextA
CharNextW

kernel32

LocalFree
GetFileInformationByHandle
CopyFileA
GetACP
CopyFileW
InterlockedIncrement
IsDebuggerPresent
lstrcpyA
GlobalFree
FreeResource
LoadLibraryExA
GetVersion
GetLocaleInfoA
LoadLibraryExW
FindNextFileW
RemoveDirectoryW
GetSystemDirectoryA
InterlockedExchange
OutputDebugStringA
UpdateResourceW
ReadFile
InterlockedCompareExchange
GetOEMCP
InterlockedDecrement
GetFullPathNameA
GetFullPathNameW
BeginUpdateResourceW
GetFileAttributesA
GetFileAttributesW
WideCharToMultiByte
FindClose
FreeLibrary
EndUpdateResourceW
lstrlenW
GetThreadLocale
GetEnvironmentVariableA
GetModuleHandleW
CloseHandle
lstrcmpiA
RemoveDirectoryA
GetVersionExW
lstrlenA
ExitProcess
DebugBreak
GlobalAlloc
RaiseException
SetFilePointer

Sections

.text
Size: 706KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e33d2fc4030805917482b4b8d5642c7

Headers

File Characteristics

Imports

ole32

msvcrt

imagehlp

shell32

msvfw32

user32

kernel32

Sections

.text Size: 706KB - Virtual size: 705KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 251KB - Virtual size: 250KB

.rsrc Size: 37KB - Virtual size: 3.2MB

.text
Size: 706KB - Virtual size: 705KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 251KB - Virtual size: 250KB

.rsrc
Size: 37KB - Virtual size: 3.2MB