85baaf8ab379979c94d587b28e80c551_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

85baaf8ab379979c94d587b28e80c551_JaffaCakes118
Size

995KB
MD5

85baaf8ab379979c94d587b28e80c551
SHA1

ab06b61aedb853918d15ea37ce390d497ff14984
SHA256

2a120e294551cac925e030f39f976130ab8f1843991896e54c879630c9c8a337
SHA512

9d1c26884f0c3efda8dc4cf4e8833cc4a30537c01aafe29bb09622a662a8427bcde6ea620caecef24b7985bd467e3d687d6db5286b0f2db978fa19266b88a0ff
SSDEEP

12288:ykwheHjNf7vRELPeSZLYJs7NNdXm56w4sMaKWPl4cpIz20YCw/ioLWiEazda7EiU:hwKLR4LYJGNJJvaKW4ad/ioay

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85baaf8ab379979c94d587b28e80c551_JaffaCakes118

Files

85baaf8ab379979c94d587b28e80c551_JaffaCakes118
.exe windows:5 windows x86 arch:x86

da7ee59f40736e4e12b2c877697db9f8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
BeginUpdateResourceW
IsDebuggerPresent
GetVersionExW
lstrcpyA
GetLocaleInfoA
GetFileAttributesW
GetACP
FindClose
RemoveDirectoryA
RemoveDirectoryW
CloseHandle
GetVersion
GetSystemDirectoryA
GetEnvironmentVariableA
LoadLibraryExA
ExitProcess
InterlockedCompareExchange
DebugBreak
ReadFile
InterlockedDecrement
GetFullPathNameA
CopyFileW
LoadLibraryExW
FindNextFileW
GetFileAttributesA
SetFilePointer
GetModuleHandleW
GetOEMCP
GetFullPathNameW
GetFileInformationByHandle
GlobalFree
GlobalAlloc
lstrlenA
FreeLibrary
OutputDebugStringA
lstrlenW
RaiseException
FreeResource
CopyFileA
LocalFree
InterlockedIncrement
GetThreadLocale
UpdateResourceW
EndUpdateResourceW
WideCharToMultiByte
lstrcmpiA

msvcrt

_controlfp
_XcptFilter
realloc
memset
_vsnprintf
wcsrchr
_wcsicmp
??3@YAXPAX@Z
fputs
__p__commode
__dllonexit
_iob
atoi
_CxxThrowException
iswspace
_c_exit
__p__fmode
vwprintf
?terminate@@YAXXZ
wcslen
_except_handler3
qsort
_itoa
__setusermatherr
_wcslwr
__winitenv
_exit
_vsnwprintf
strchr
_wcsnicmp
_initterm
??2@YAPAXI@Z
??1type_info@@UAE@XZ
_onexit
_adjust_fdiv
_snwprintf
__wgetmainargs
_snprintf
wcsstr
strncmp
_purecall
__CxxFrameHandler
exit
_itow
__set_app_type
_cexit
free

user32

CharNextA
CharNextW
wsprintfW

ole32

StringFromIID
CoInitialize
CoTaskMemFree
CoUninitialize
CLSIDFromString
CoCreateInstance
StringFromCLSID

imagehlp

ImageNtHeader
ImageDirectoryEntryToData
ImageRvaToVa
ImageGetDigestStream

msvfw32

ICGetInfo
ICRemove

shell32

CommandLineToArgvW

Sections

.text
Size: 705KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da7ee59f40736e4e12b2c877697db9f8

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

ole32

imagehlp

msvfw32

shell32

Sections

.text Size: 705KB - Virtual size: 705KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 251KB - Virtual size: 250KB

.rsrc Size: 34KB - Virtual size: 3.2MB

.text
Size: 705KB - Virtual size: 705KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 251KB - Virtual size: 250KB

.rsrc
Size: 34KB - Virtual size: 3.2MB