b0be26beb5cb8a67660c16df9982c54a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0be26beb5cb8a67660c16df9982c54a_JaffaCakes118
Size

38KB
MD5

b0be26beb5cb8a67660c16df9982c54a
SHA1

212bcba1328b985af39ec9296790536a99aa171d
SHA256

9d18570e3bf16ac95eed648564b3c851a48abbc2af7e533a30a4c91d7f1a8f92
SHA512

4b0f1dd4e0fd1118b832186114724c5a3dee40074ef11aa56957fd9fba9de31f9d8427db0d8a50037d64913d7ac1bf400089acb67af6093245a550c5b59826b3
SSDEEP

768:YtbI97Y21ZA/W5ARsnmsfDtaTote35dJYkOEB8ceFam:Ytb0Y6aWqsnms8ToQ35ghEBVm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0be26beb5cb8a67660c16df9982c54a_JaffaCakes118

Files

b0be26beb5cb8a67660c16df9982c54a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

36a0c96d6f1000694b1e342826c70635

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3738
ord561
ord825
ord815
ord801
ord5829
ord3726
ord541
ord800
ord540
ord798
ord1997
ord6407
ord924
ord532
ord791
ord1995
ord926
ord2818
ord5479
ord5797
ord2029
ord2077
ord523
ord665
ord922
ord2764
ord537
ord5442
ord1979
ord3318
ord5186
ord4424
ord535
ord4202
ord858
ord4203
ord6883
ord1199
ord1247
ord1168
ord941
ord860
ord6648
ord5683
ord5710
ord5861
ord6143
ord654
ord5858
ord341
ord1105
ord4277
ord2763
ord4129
ord6663
ord5856
ord5194
ord533
ord940
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord354
ord4673
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_setmbcp
__CxxFrameHandler
srand
time
_exit
_onexit
__dllonexit
fopen
fclose
rename
rand
_stricmp
_controlfp

kernel32

Process32Next
Process32First
CreateToolhelp32Snapshot
GetProcessHeap
GetWindowsDirectoryA
DeleteFileA
CopyFileA
GetExitCodeProcess
OpenProcess
GetVersionExA
GetModuleHandleA
GetStartupInfoA
lstrlenA
GetModuleFileNameA
GetSystemDirectoryA
OutputDebugStringA
FindClose
FindNextFileA
Sleep
FindFirstFileA
GetProcAddress
TerminateProcess
CloseHandle
LoadLibraryA

user32

GetMessageA
DispatchMessageA
TranslateMessage

advapi32

RegEnumKeyA
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegEnumValueA

shell32

SHFileOperationA
ShellExecuteA

wsock32

WSAStartup
htons

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 881KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36a0c96d6f1000694b1e342826c70635

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

advapi32

shell32

wsock32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 8KB - Virtual size: 881KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 8KB - Virtual size: 881KB

.rsrc
Size: 4KB - Virtual size: 1KB