8e761f3680cf6de34bc521652c95211f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8e761f3680cf6de34bc521652c95211f_JaffaCakes118
Size

160KB
MD5

8e761f3680cf6de34bc521652c95211f
SHA1

fccb6fbf8c0055b69d8654407e34d82e67eef2b0
SHA256

d55eb6fa641a52db1639fc170d836eb7bd1a7979034761e523408c2cc4ed97c5
SHA512

3e288032376514bceca682054faf8d7312b9f270632a75d07350e433ec20f1735f08a92fddb03f4f92967af94634f13a41e4b2ae1cab1eede27ce36fa6d8e6ee
SSDEEP

3072:d9gYWToGURd52aHoWeeC1l9AgKm4il418xglvj:d96ZURjZG1l9AgV/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8e761f3680cf6de34bc521652c95211f_JaffaCakes118

Files

8e761f3680cf6de34bc521652c95211f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b4fdb81780a7c096af32732749ecc04d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
GetStringTypeW
VirtualAlloc
GetOEMCP
GetACP
GetCPInfo
LoadLibraryA
GetProcAddress
FreeLibrary
GetCurrentDirectoryA
GetModuleFileNameA
HeapReAlloc
GetLastError
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
HeapAlloc
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
HeapFree
VirtualFree
HeapCreate
HeapDestroy
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
TerminateProcess
GetCurrentProcess

user32

DialogBoxParamA
CheckDlgButton
ShowWindow
SetTimer
EndDialog
EnableWindow
GetWindowTextA
MessageBoxA
GetDlgItem
SetWindowTextA
KillTimer

advapi32

RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteA

msvcirt

??1fstream@@UAE@XZ
??1ios@@UAE@XZ
?close@fstream@@QAEXXZ
_mtunlock
?get@istream@@IAEAAV1@PADHH@Z
_mtlock
??0fstream@@QAE@PBDHH@Z
?write@ostream@@QAEAAV1@PBDH@Z
?seekp@ostream@@QAEAAV1@JW4seek_dir@ios@@@Z
?seekg@istream@@QAEAAV1@JW4seek_dir@ios@@@Z
?read@istream@@QAEAAV1@PADH@Z
?openprot@filebuf@@2HB
??_Dfstream@@QAEXXZ

msvcrt

fclose
fprintf
fopen
sprintf
_beginthread
strstr
_access

Sections

.text
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4fdb81780a7c096af32732749ecc04d

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcirt

msvcrt

Sections

.text Size: 24KB - Virtual size: 20KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 124KB - Virtual size: 120KB

.text
Size: 24KB - Virtual size: 20KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 124KB - Virtual size: 120KB