a727c4c871f0ca69009417af8ca9e720_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a727c4c871f0ca69009417af8ca9e720_JaffaCakes118
Size

104KB
MD5

a727c4c871f0ca69009417af8ca9e720
SHA1

1e5a52618ee1647042fa860e9405061400a25aee
SHA256

ba40061d2660346632db74ce29632cc99b7907698f9f1db7504f34abfbe252db
SHA512

fc3ca9fc83dc095a193e9ea701c9eda323b9a8d8d3c6b9908e2014fb884f8b19bda69791bba99cd5d0ef03c2d689c7b7de7a29a7df8f231e30f88534aa2a63d0
SSDEEP

3072:ob0EOphPYjmWUoBeaGLl6/0HrB8D1nak/9Lsx9MXK:BEOpxQ5sWsk/9L4T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a727c4c871f0ca69009417af8ca9e720_JaffaCakes118

Files

a727c4c871f0ca69009417af8ca9e720_JaffaCakes118
.exe windows:4 windows x86 arch:x86

29759022e6a069b31510664e37894bfa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc80

ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord266
ord265
ord5119
ord1084
ord1920
ord1489
ord2902
ord299
ord6703
ord6118
ord781
ord5403
ord2468
ord2931
ord5224
ord5226
ord2248
ord3948
ord4568
ord5230
ord5213
ord5566
ord2537
ord2731
ord2835
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3333
ord566
ord3934
ord876
ord757
ord4541
ord3683
ord784
ord911
ord578
ord593
ord3255
ord334
ord310
ord2131
ord764
ord1207

msvcr80

_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_snprintf
_crt_debugger_hook
__CxxFrameHandler3
memset
sprintf
_mbsicmp
_setmbcp
_mbsnbcpy
_mbsstr
_mbsninc
_mbslwr

kernel32

SetLastError
GetFileAttributesA
InterlockedExchange
GetLastError
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
lstrcmpiA
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
FormatMessageA

user32

MessageBoxA

winspool.drv

GetPrinterDriverA
GetPrinterDriverDirectoryA
EnumPrintersA
GetPrinterDataA
OpenPrinterA
GetPrinterA
DocumentPropertiesA
SetPrinterA
ClosePrinter

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteExA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

29759022e6a069b31510664e37894bfa

Headers

File Characteristics

Imports

mfc80

msvcr80

kernel32

user32

winspool.drv

advapi32

shell32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 80KB - Virtual size: 80KB