ae3cd27b7ca11051d9dd5bec7d837946_JaffaCakes118

General

Target

ae3cd27b7ca11051d9dd5bec7d837946_JaffaCakes118
Size

37KB
MD5

ae3cd27b7ca11051d9dd5bec7d837946
SHA1

bddf2ceff62575810d0d15ee18a851d3d14fc7ff
SHA256

c692b551a82c68ad039bd2847b2e45cb8aec7394d21ba1216861a49ade07f0ca
SHA512

895a0ff29bc4907a834ccb81cb2c1427f4b72c639b7262b4e94813a866d3da42fac727e3aa331b5c6beec5aa9e1fbc0d15cb1a329c32317a0d05cc25fbaf8a84
SSDEEP

768:6m42f9a9D1yIg0+KN23GH7HNbLGxc6zdWBK6P2YCWH94:6Y1a7JK3GH7sxtzdWBuWH94

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/[Free] PF OTP On Off v.6067 By ~sKp135~.exe
unpack001/otp.~sKp135~

Files

ae3cd27b7ca11051d9dd5bec7d837946_JaffaCakes118
.rar
[Free] PF OTP On Off v.6067 By ~sKp135~.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\~sKp~\Documents\Visual Studio 2008\Projects\ohtempe\N3 InjeX\obj\Release\[Free] PF OTP On Off v.6067 By ~sKp135~.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.sdata
Size: 512B - Virtual size: 178B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
otp.~sKp135~
.dll windows:4 windows x86 arch:x86

4737de29d5ace386f73d6ce897a9d5fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CreateThread
DisableThreadLibraryCalls
ExitThread
FindAtomA
GetAtomNameA
Sleep

msvcrt

__dllonexit
_errno
_iob
abort
fflush
fprintf
free
malloc

user32

GetAsyncKeyState
MessageBeep
MessageBoxA

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 208B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 632B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 41KB - Virtual size: 40KB

.sdata Size: 512B - Virtual size: 178B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 12B

4737de29d5ace386f73d6ce897a9d5fa

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

Sections

.text Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 48B

.rdata Size: 512B - Virtual size: 304B

.bss Size: - Virtual size: 208B

.idata Size: 1024B - Virtual size: 632B

.reloc Size: 512B - Virtual size: 232B

.text
Size: 41KB - Virtual size: 40KB

.sdata
Size: 512B - Virtual size: 178B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 48B

.rdata
Size: 512B - Virtual size: 304B

.bss
Size: - Virtual size: 208B

.idata
Size: 1024B - Virtual size: 632B

.reloc
Size: 512B - Virtual size: 232B