83f5afeef5378064180ee4a9bb42e803_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

83f5afeef5378064180ee4a9bb42e803_JaffaCakes118
Size

57KB
MD5

83f5afeef5378064180ee4a9bb42e803
SHA1

8185a5f16dfc0b158e09bcacda4857e566b88979
SHA256

255d1db05e55be323f8ceae867d64c749dc30fbd89bed660ef2230dc771e99c5
SHA512

ee4c02cba6b195611bc32083f6e9cdf5feface23faf54908a2d9fb675f55bc7fdc7995e30830aec39272f13e4407d0493ea4d784e030c96801be5d7b4602c2c8
SSDEEP

1536:O4Sl+uGnIBOvhtvZWWaJa2aQ9l1Tw1Y9bvY:O4AGIBOvhtvZpaknc1kG9r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83f5afeef5378064180ee4a9bb42e803_JaffaCakes118

Files

83f5afeef5378064180ee4a9bb42e803_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3b6cb6ce950bbc4f3167eaf64faa675a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dp4clibt

ord175
ord78
ord303
ord254
ord298
ord77
ord297
ord193
ord292
ord315
ord80
ord288
ord199
ord306
ord251
ord67
ord287
ord308
ord295
ord253
ord262
ord261
ord73
ord274
ord273
ord182
ord270
ord151
ord76
ord153
ord145
ord205
ord181
ord75
ord269
ord125
ord186
ord132
ord285
ord142
ord72
ord123
ord201
ord141
ord5
ord134
ord276
ord226
ord281
ord279
ord278
ord231
ord81
ord240
ord235
ord91
ord18
ord19
ord171
ord232
ord147
ord214
ord195
ord197
ord126
ord184
ord84
ord241
ord302
ord313
ord312
ord57
ord215
ord146
ord28
ord348
ord54
ord245
ord61
ord264
ord122
ord124
ord131
ord127
ord154
ord130
ord133
ord152
ord138
ord26
ord136
ord200
ord66
ord242
ord291
ord227
ord230
ord110

trmw32

ord97
ord27
ord69
ord33
ord105
ord32
ord113
ord124
ord114
ord106
ord109
ord110
ord31
ord122
ord48
ord15
ord79
ord98
ord86
ord85
ord80
ord1
ord57
ord96
ord34
ord49
ord46
ord119
ord50

syslibt

ord162
ord200
ord192
ord166
ord201
ord215
ord210

dp4crypt

ord2

nodebugt

ord2
ord1

kernel32

GetCommandLineA
lstrlenA
GetProcessHeap
TerminateProcess
lstrcpyA
ExitProcess
GetProcAddress
VirtualProtect
GetModuleHandleA
HeapAlloc
GetCurrentProcess

usrlibt

ord126

Sections

.xbase
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b6cb6ce950bbc4f3167eaf64faa675a

Headers

File Characteristics

Imports

dp4clibt

trmw32

syslibt

dp4crypt

nodebugt

kernel32

usrlibt

Sections

.xbase Size: 2KB - Virtual size: 2KB

.text Size: 38KB - Virtual size: 37KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 9KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 4KB

.xbase
Size: 2KB - Virtual size: 2KB

.text
Size: 38KB - Virtual size: 37KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 9KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 4KB