7115527dbc866bce79903e3d6e329224_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

7115527dbc866bce79903e3d6e329224_JaffaCakes118
Size

998KB
MD5

7115527dbc866bce79903e3d6e329224
SHA1

e66bec1d09c79be464536eea27b86eb6edd85049
SHA256

d60d61ea412ac4ca49da3704cb996b15f4a6a21ffa2a0eb7976cc76958caf0dd
SHA512

683f829b896cc699d3f2311cd6de2535a68ab75566f46e4082e4136d242ba7c316715d07095f28e6fa8c56b61535a2d0eb472fbf1e2a657dc8fa3d2ef92f1b38
SSDEEP

24576:fAWWQFvyyNeinL9UXktUzIuv7PSqh0lcW8G0zRdISG+:BWQEyNei+ktx6hmcW8GvSf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7115527dbc866bce79903e3d6e329224_JaffaCakes118

Files

7115527dbc866bce79903e3d6e329224_JaffaCakes118
.exe windows:5 windows x86 arch:x86

575cad5bd13f06de1df074dba0ec96f2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

imagehlp

ImageNtHeader
ImageDirectoryEntryToData
ImageRvaToVa
ImageGetDigestStream

msvcrt

_vsnprintf
__p__fmode
_snwprintf
realloc
_itoa
__set_app_type
_adjust_fdiv
free
_exit
_CxxThrowException
_wcslwr
_XcptFilter
_initterm
__dllonexit
_cexit
_onexit
__p__commode
wcslen
_snprintf
strncmp
wcsrchr
memset
_vsnwprintf
exit
??1type_info@@UAE@XZ
??2@YAPAXI@Z
_wcsicmp
_except_handler3
__wgetmainargs
__winitenv
qsort
vwprintf
__setusermatherr
_itow
atoi
wcsstr
_wcsnicmp
_purecall
??3@YAXPAX@Z
_c_exit
strchr
?terminate@@YAXXZ
_controlfp
iswspace
__CxxFrameHandler
_iob
fputs

user32

wsprintfW
CharNextW
CharNextA

ole32

StringFromCLSID
CoUninitialize
CoCreateInstance
CoTaskMemFree
StringFromIID
CoInitialize
CLSIDFromString

msvfw32

ICGetInfo
ICRemove

shell32

CommandLineToArgvW

kernel32

ReadFile
RemoveDirectoryA
GetEnvironmentVariableA
lstrlenA
FindNextFileW
GetModuleHandleW
LoadLibraryExW
GlobalFree
DebugBreak
FindClose
lstrcmpiA
InterlockedDecrement
FreeResource
EndUpdateResourceW
GetFileInformationByHandle
CopyFileA
GetThreadLocale
InterlockedIncrement
RemoveDirectoryW
BeginUpdateResourceW
ExitProcess
lstrlenW
InterlockedExchange
LocalFree
GetLocaleInfoA
GetFileAttributesA
GetFullPathNameA
LoadLibraryExA
GetVersion
CloseHandle
GetVersionExW
IsDebuggerPresent
GetSystemDirectoryA
GlobalAlloc
GetFullPathNameW
FreeLibrary
GetFileAttributesW
OutputDebugStringA
GetACP
GetOEMCP
InterlockedCompareExchange
UpdateResourceW
RaiseException
CopyFileW
lstrcpyA
SetFilePointer
WideCharToMultiByte

Sections

.text
Size: 706KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

575cad5bd13f06de1df074dba0ec96f2

Headers

File Characteristics

Imports

imagehlp

msvcrt

user32

ole32

msvfw32

shell32

kernel32

Sections

.text Size: 706KB - Virtual size: 705KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 251KB - Virtual size: 251KB

.rsrc Size: 37KB - Virtual size: 3.2MB

.text
Size: 706KB - Virtual size: 705KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 251KB - Virtual size: 251KB

.rsrc
Size: 37KB - Virtual size: 3.2MB