dc6eb7384152c904f4fb870d26bf1552_JaffaCakes118

General

Target

dc6eb7384152c904f4fb870d26bf1552_JaffaCakes118
Size

64KB
MD5

dc6eb7384152c904f4fb870d26bf1552
SHA1

c5919a05f8995f4f5f85af280a43a15482b6c7ec
SHA256

8de3c5ab557d08befd0bdbda43d2dc54d4ad7b3ec8f72801ded6345a72c2c2d5
SHA512

70d4071ff3d50a1140db1aa02edc3b9523b752e9b8a0443718681cf047513a62cc3f5fe158f4ceee0cf89339385ea70d4d7c126aba2b7f5711a008e28dd93801
SSDEEP

768:VMwAgbQ5qHrBQYTgcwUZVNo0swmyBk8jM5mNXBD8JP5YDFCJ:VtAyDlQYzTq9wmskMMMlGUDF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc6eb7384152c904f4fb870d26bf1552_JaffaCakes118

Files

dc6eb7384152c904f4fb870d26bf1552_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fcd8a4df5c0aead139b4bdbf07df668c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

mfc42

ord6648
ord537
ord2764
ord4129
ord823
ord800

msvcrt

_onexit
__dllonexit
free
memmove
strncmp
_exit
__CxxFrameHandler
atoi
_except_handler3
strstr
rand
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
exit
_controlfp

kernel32

GetLastError
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoA
VirtualFree
GetFileSize
ReadFile
VirtualProtectEx
WriteProcessMemory
SetThreadContext
TerminateProcess
GetThreadContext
ReadProcessMemory
VirtualQueryEx
VirtualAlloc
GetModuleHandleA
CopyFileA
lstrlenA
lstrcmpiA
TerminateThread
GetTempPathA
WaitForSingleObject
FindResourceA
SizeofResource
LoadResource
GlobalAlloc
LockResource
GlobalFree
WriteFile
GetSystemDirectoryA
GetModuleFileNameA
GetShortPathNameA
GetEnvironmentVariableA
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
CloseHandle
DeviceIoControl
CreateThread
CreateFileA
ExitProcess
CreateMutexA
ResumeThread
CreateProcessA
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcd8a4df5c0aead139b4bdbf07df668c

Headers

File Characteristics

Imports

msvcp60

mfc42

msvcrt

kernel32

Sections

.text Size: 16KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 20KB

.rsrc Size: 36KB - Virtual size: 35KB

.text
Size: 16KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 20KB

.rsrc
Size: 36KB - Virtual size: 35KB