d48d323d6f324b87c3e4f7177046b56c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d48d323d6f324b87c3e4f7177046b56c_JaffaCakes118
Size

632KB
MD5

d48d323d6f324b87c3e4f7177046b56c
SHA1

f4dcdfb94c72a90036ed8897279dee3c9e66d11c
SHA256

48ded2c77291764456cd75ad530c26933ecaa84429abf82181172777f1e09733
SHA512

e2c86235a6341c4ae370360b99f6d9c810b9844aad05f7f8ef5e0956e0b50c3d87cce8212051e899bdafcfe6188b9c3a1b3bcda837b411d63a4da2a9fa8b0418
SSDEEP

12288:AcaXxNolTbMD5tgyNc7xIbG3BnaFvRTtsHpZstAThppnQ5xX:AJXwlTy5tVNcUG3BnakLsqhppaB

Score

7^/10

Malware Config

Signatures

Molebox Virtualization software 1 IoCs

Detects file using Molebox Virtualization software.

resource	yara_rule
sample	molebox

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d48d323d6f324b87c3e4f7177046b56c_JaffaCakes118

Files

d48d323d6f324b87c3e4f7177046b56c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6edc578cae8a9e2df12341e0250c0263

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegQueryValueW

kernel32

ExitProcess
InitializeCriticalSection
SetFilePointer
SetUnhandledExceptionFilter
SwitchToFiber
TerminateProcess
WriteFile

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_cexit
_iob
_onexit
_setmode
abort
atexit
memcpy
signal
strcpy
wcscpy

user32

CallWindowProcW
CheckMenuRadioItem
CloseClipboard
CreateMenu
DefFrameProcW
DestroyCursor
DestroyWindow
DrawTextW
EmptyClipboard
EnableWindow
EndDeferWindowPos
EnumClipboardFormats
GetDC
GetDesktopWindow
GetMenuItemCount
GetMessageW
GetScrollInfo
GetSystemMetrics
GetWindow
GetWindowRect
GetWindowTextLengthW
InsertMenuItemW
IsWindowEnabled
LoadBitmapW
LoadImageW
PostMessageW
PostQuitMessage
ReleaseDC
ScrollWindow
SendMessageW
SetScrollInfo
SetWindowPos
SetWindowRgn
SetWindowTextW
ShowWindow
TrackPopupMenu
UnregisterClassW
UnregisterHotKey
ValidateRect
VkKeyScanW

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 682KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 2KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6edc578cae8a9e2df12341e0250c0263

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

Sections

.text Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 136B

.idata Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 608B

.bss Size: - Virtual size: 682KB

.tls Size: 2KB - Virtual size: 12B

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 136B

.idata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 608B

.bss
Size: - Virtual size: 682KB

.tls
Size: 2KB - Virtual size: 12B

.rsrc
Size: 4KB - Virtual size: 3KB