a0de8e208092ea386e45c5b9d55b4158_JaffaCakes118

General

Target

a0de8e208092ea386e45c5b9d55b4158_JaffaCakes118
Size

59KB
MD5

a0de8e208092ea386e45c5b9d55b4158
SHA1

784a37084f57b427fd8c7ba4c31cb389154e90dc
SHA256

71aaeea76ef420db21c091f84a75c7ed5107ad7b38ec38e50158cbec660dd045
SHA512

078e374ceca2d89d23fff20d5f284410eb16cb945a77ccb8cc11e7e9719364600fbdf0f915c16d7a49ded90e795e122e9e47fe7c6301f1b90696fcc48e96937c
SSDEEP

1536:e7goNxwShFAZTZF3UIjXg7kxGz33RlNfdPt/pplI:FoNxwciZHUl7H3Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a0de8e208092ea386e45c5b9d55b4158_JaffaCakes118

Files

a0de8e208092ea386e45c5b9d55b4158_JaffaCakes118
.exe windows:4 windows x86 arch:x86

10a0608e5a069e4eea5111e0da08f8c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
CreateProcessA
GetBinaryTypeA
SetEnvironmentVariableA
GetEnvironmentVariableA
FreeLibrary
GetProcAddress
LoadLibraryA
GetStartupInfoA
GetFullPathNameA
SetCurrentDirectoryA
GetCurrentDirectoryA
CloseHandle
ResumeThread
SetLastError
GetProcessTimes
GetCurrentProcess
CreateEventA
WaitForMultipleObjects
Process32Next
GetLastError
OpenProcess
GetCurrentProcessId
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
GetCurrentThread
FreeResource
LockResource
SizeofResource
LoadResource
FindResourceA
ReadFile
GetFileSize
CreateFileA
WriteFile
GetModuleHandleA
GetPrivateProfileStringA
GetModuleFileNameA
DeleteFileA
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
GetDriveTypeA
GetPrivateProfileSectionA
GetVersionExA
GetWindowsDirectoryA
GetSystemDirectoryA
ExpandEnvironmentStringsA
GetFileAttributesA
CreateFileMappingA

msvcrt

fgets
fclose
atol
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
atoi
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
free
_mbsspnp
_mbschr
strchr
_mbsnbcpy
fopen
_itoa
_mbsnbicmp
fputs
??2@YAPAXI@Z
strlen
memcpy
abort
puts
memmove
exit
_splitpath
strcpy
memset
_mbsstr
_mbslwr
sprintf
strcat
_mbsicmp
memcmp

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

10a0608e5a069e4eea5111e0da08f8c5

Headers

File Characteristics

Imports

kernel32

msvcrt

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 23KB - Virtual size: 44KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 23KB - Virtual size: 44KB