d20b4765096763a3f75f695f7a7b00de_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d20b4765096763a3f75f695f7a7b00de_JaffaCakes118
Size

972KB
MD5

d20b4765096763a3f75f695f7a7b00de
SHA1

799f7f4bb212911bfa25eb6a516f02ecf2fb9c50
SHA256

63739de488e119d2ecea253e0ff35ca390f9820bdccb140fc2913f59d2116e91
SHA512

527b7b982a154d0cb54f05962fc9837d3021d88f4955b3fbd2c1f2f8fdc58d7dc861228829b390df5b29da0020befcebc947eb31879cd5c824e9f49825ff4434
SSDEEP

24576:0l3fYS3AWM4kvc1wQRwcH7n1LWdCVtGBL1NONK9:HBpUwat/GBnUA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d20b4765096763a3f75f695f7a7b00de_JaffaCakes118

Files

d20b4765096763a3f75f695f7a7b00de_JaffaCakes118
.exe windows:5 windows x86 arch:x86

31cc6abe2a794bf68c4b055a37857aea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

CommandLineToArgvW

kernel32

GetThreadLocale
LoadLibraryExA
InterlockedCompareExchange
InterlockedIncrement
CloseHandle
FreeResource
FindClose
UpdateResourceW
GetSystemDirectoryA
ReadFile
GetFileAttributesA
GlobalFree
DebugBreak
FreeLibrary
GetOEMCP
BeginUpdateResourceW
InterlockedDecrement
LoadLibraryExW
GetFileAttributesW
lstrcmpiA
RaiseException
WideCharToMultiByte
CopyFileW
CopyFileA
InterlockedExchange
GetVersion
lstrlenW
FindNextFileW
GetEnvironmentVariableA
GetFullPathNameW
lstrcpyA
RemoveDirectoryW
IsDebuggerPresent
GetVersionExW
GetFileInformationByHandle
EndUpdateResourceW
GetACP
ExitProcess
RemoveDirectoryA
OutputDebugStringA
LocalFree
GlobalAlloc
GetFullPathNameA
SetFilePointer
lstrlenA
GetLocaleInfoA
GetModuleHandleW

imagehlp

ImageGetDigestStream
ImageNtHeader
ImageRvaToVa
ImageDirectoryEntryToData

msvfw32

ICGetInfo
ICRemove

msvcrt

__p__commode
_itow
strchr
?terminate@@YAXXZ
iswspace
fputs
wcsstr
exit
__winitenv
__p__fmode
wcsrchr
qsort
_onexit
_snwprintf
_initterm
_vsnwprintf
_wcsicmp
_itoa
wcslen
_except_handler3
_cexit
??1type_info@@UAE@XZ
strncmp
atoi
_controlfp
__set_app_type
__wgetmainargs
_wcslwr
_vsnprintf
realloc
_exit
_wcsnicmp
free
_purecall
_CxxThrowException
_c_exit
_adjust_fdiv
__CxxFrameHandler
_XcptFilter
_snprintf
??2@YAPAXI@Z
??3@YAXPAX@Z
__setusermatherr
memset
__dllonexit
vwprintf
_iob

user32

CharNextW
CharNextA
wsprintfW

ole32

StringFromIID
CoTaskMemFree
CLSIDFromString
StringFromCLSID
CoUninitialize
CoInitialize
CoCreateInstance

Sections

.text
Size: 707KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

31cc6abe2a794bf68c4b055a37857aea

Headers

File Characteristics

Imports

shell32

kernel32

imagehlp

msvfw32

msvcrt

user32

ole32

Sections

.text Size: 707KB - Virtual size: 707KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 251KB - Virtual size: 251KB

.rsrc Size: 9KB - Virtual size: 3.2MB

.text
Size: 707KB - Virtual size: 707KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 251KB - Virtual size: 251KB

.rsrc
Size: 9KB - Virtual size: 3.2MB