8b44c8158f2a233e745d3723e271a39c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8b44c8158f2a233e745d3723e271a39c_JaffaCakes118
Size

82KB
MD5

8b44c8158f2a233e745d3723e271a39c
SHA1

1ea1277f2e65824560a0e482f1d6df0ae6879202
SHA256

e5013b489cfc1877635f7fde0006b5bfd29c9ee8dccc1f3e873d89ed14591177
SHA512

efed109ca358259966d2027841e4cc1260303ef9c42cc8cf1a7dc0d54d7fe2feb7b8d4d6698ff363d6706baccfa681de51eea0651156ecaa49a824ebc5639970
SSDEEP

1536:pN7Fcte1hSwgnhIeIX5gfpJ6FnUaejmRoOhrdrqnZjFXzrRLIq/URbCT:nFc4S7nOeIXG/P9CRpuRzhb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b44c8158f2a233e745d3723e271a39c_JaffaCakes118

Files

8b44c8158f2a233e745d3723e271a39c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3d1e569e8a87507a135bb8094d4d468c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shdocvw

SetQueryNetSessionCount
DllGetVersion
DoFileDownload
DoAddToFavDlg
AddUrlToFavorites
DoAddToFavDlgW
SHAddSubscribeFavorite
HlinkFrameNavigateNHL
URLQualifyW
HlinkFrameNavigate
SoftwareUpdateMessageBox
DoPrivacyDlg
SHGetIDispatchForFolder
HlinkFindFrame
URLQualifyA
DllRegisterWindowClasses
DoOrganizeFavDlg

msvcrt40

_j0
?what@exception@@UBEPBDXZ
_ftol
?hex@@YAAAVios@@AAV1@@Z
??_Gstdiobuf@@UAEPAXI@Z
fflush
?freeze@strstreambuf@@QAEXH@Z
_mbctombb
?overflow@strstreambuf@@UAEHH@Z
_mbsnbcnt
??5istream@@QAEAAV0@PAD@Z
_spawnle
??1strstream@@UAE@XZ
?setf@ios@@QAEJJJ@Z
?x_lockc@ios@@0U_CRT_CRITICAL_SECTION@@A
_ismbchira
_putenv

kernel32

ReadConsoleOutputAttribute
VirtualAlloc
QueryPerformanceCounter
IsBadCodePtr
FindClose
MapViewOfFile
SetThreadUILanguage
GetWindowsDirectoryW
VirtualLock
RtlCaptureContext
GetThreadLocale
GlobalFix
GetTickCount
GetCurrentDirectoryW
GetCurrentThreadId
SetVolumeMountPointA
GetCurrentProcessId
LoadLibraryA
QueryPerformanceFrequency
GetSystemTimeAsFileTime

expsrv

__vbaVarAbs
rtBoolFromErrVar
PutMemNewObj
TipInvokeMethod
rtcVarBstrFromByte
__vbaRsetFixstrFree
_adj_fdiv_m64
__vbaGetOwner3
__vbaStrTextCmp
rtcMidBstr
rtcSgnVar
__vbaCyVar

Sections

.text
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d1e569e8a87507a135bb8094d4d468c

Headers

DLL Characteristics

File Characteristics

Imports

shdocvw

msvcrt40

kernel32

expsrv

Sections

.text Size: 39KB - Virtual size: 38KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 20KB - Virtual size: 29KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 512B - Virtual size: 252B

.text
Size: 39KB - Virtual size: 38KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 20KB - Virtual size: 29KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 512B - Virtual size: 252B