763ff10ae65181743c7f8114cf076570_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

763ff10ae65181743c7f8114cf076570_JaffaCakes118
Size

188KB
MD5

763ff10ae65181743c7f8114cf076570
SHA1

f424ff81d45808c3d85433c2cf02e90c3ab0903b
SHA256

d10553af701d2bdf75a756761c761c656d49f7c9fcb44d3f593eef7814a84245
SHA512

b07b07141aacf2ffa7b7c05dc528e4f447ed4e06e18688a5c3310b8969690d8fb3cbc6d32df4a7c9468b4a31f63c5de444cdd7594e36e846c367ace3bff133ce
SSDEEP

3072:K0TpQOUrg94dNCdKxdGm4+muDy7hWWFjkk9l/+X57AUhucdp4XyiSQap:xTpQOUE9ANCdKxdGVKshWWFjkk9lKVAk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
763ff10ae65181743c7f8114cf076570_JaffaCakes118

Files

763ff10ae65181743c7f8114cf076570_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dcfb58a6b39caada33bc83c5ea532b5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6385
ord561
ord1979
ord1575
ord940
ord5194
ord5465
ord1997
ord6407
ord4202
ord541
ord5861
ord801
ord2818
ord926
ord2764
ord4204
ord5710
ord2781
ord4058
ord3181
ord3178
ord535
ord537
ord939
ord941
ord533
ord798
ord3811
ord2820
ord4278
ord551
ord922
ord354
ord5186
ord547
ord665
ord860
ord540
ord2915
ord5572
ord924
ord800
ord5683
ord4129
ord858
ord4277
ord356
ord2770
ord1980
ord815
ord668

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
__dllonexit
exit
time
srand
rand
_mbscmp
getenv
atoi
__CxxFrameHandler
_except_handler3
_onexit

kernel32

HeapDestroy
GetFileAttributesA
SetFileAttributesA
MultiByteToWideChar
HeapAlloc
GetModuleFileNameA
GetFileTime
GetWindowsDirectoryA
HeapCreate
WinExec
MoveFileA
DeleteFileA
WaitForSingleObject
GetShortPathNameA
CopyFileA
GetSystemDirectoryA
CreateToolhelp32Snapshot
CloseHandle
Process32Next
lstrlenA
WritePrivateProfileStringA
GetCurrentDirectoryA
GetVersionExA
GetModuleHandleA
GetCommandLineA
Process32First

user32

GetSystemMetrics

advapi32

InitializeAcl
LookupAccountNameA
AddAccessAllowedAce
SetNamedSecurityInfoA
OpenSCManagerA
CloseServiceHandle
OpenServiceA
DeleteService
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
AllocateAndInitializeSid

shell32

ShellExecuteExA
SHFileOperationA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0_Winit@std@@QAE@XZ
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??1_Winit@std@@QAE@XZ

wininet

FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindCloseUrlCache

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dcfb58a6b39caada33bc83c5ea532b5a

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

msvcp60

wininet

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 4KB

.rsrc Size: 136KB - Virtual size: 133KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 136KB - Virtual size: 133KB