df13d07e19c4f32ca427d50f971dc09b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df13d07e19c4f32ca427d50f971dc09b_JaffaCakes118
Size

983KB
MD5

df13d07e19c4f32ca427d50f971dc09b
SHA1

ebf6dc3ecb01d883c6e1d7985b9a5c65fd0055d7
SHA256

cc76b05f73dea444fa449c98d9a2df040ad0cada714993ab9c21c29f1d620347
SHA512

2f43a2804020a825b75a6c03d7091fe0c32e6339c22f414b6ddd816b173a6073a61611786978bf21af10b60b877c6d3e147458eaf0e8c831ccbc7518bb6cde1b
SSDEEP

12288:ZILLCj1xJyV9bsPA3RUZdHd0lmS/6W+EOFzfhiUjA7rDXak+P7f9C6MI7eA:nnJZWULK6iUjAXb9I71C6MyeA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df13d07e19c4f32ca427d50f971dc09b_JaffaCakes118

Files

df13d07e19c4f32ca427d50f971dc09b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cb537bb250089f3dc42cea1e11917b81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvfw32

ICGetInfo
ICRemove

imagehlp

ImageGetDigestStream
ImageDirectoryEntryToData
ImageNtHeader
ImageRvaToVa

ole32

StringFromCLSID
CLSIDFromString
StringFromIID
CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

msvcrt

exit
??2@YAPAXI@Z
_except_handler3
_itow
_snprintf
wcsstr
_CxxThrowException
iswspace
_cexit
__wgetmainargs
__setusermatherr
_wcsnicmp
vwprintf
??1type_info@@UAE@XZ
_XcptFilter
strncmp
_c_exit
realloc
_purecall
__p__fmode
free
_itoa
__CxxFrameHandler
_initterm
??3@YAXPAX@Z
_snwprintf
__winitenv
memset
qsort
__dllonexit
__p__commode
__set_app_type
_adjust_fdiv
_exit
strchr
fputs
_wcsicmp
_vsnwprintf
wcsrchr
atoi
_iob
_controlfp
_vsnprintf
wcslen
_onexit
_wcslwr
?terminate@@YAXXZ

kernel32

GetOEMCP
GetFileInformationByHandle
CopyFileA
GetFullPathNameW
GetModuleHandleW
RemoveDirectoryA
WideCharToMultiByte
InterlockedDecrement
CloseHandle
FindNextFileW
lstrcmpiA
FreeResource
GetThreadLocale
FindClose
GetVersionExW
GetACP
GetVersion
GlobalAlloc
FreeLibrary
lstrcpyA
OutputDebugStringA
IsDebuggerPresent
GetEnvironmentVariableA
UpdateResourceW
lstrlenA
InterlockedExchange
GetLocaleInfoA
GlobalFree
GetSystemDirectoryA
GetFileAttributesA
SetFilePointer
CopyFileW
DebugBreak
lstrlenW
ExitProcess
InterlockedCompareExchange
GetFullPathNameA
InterlockedIncrement
GetFileAttributesW
BeginUpdateResourceW
LocalFree
EndUpdateResourceW
LoadLibraryExW
RaiseException
LoadLibraryExA
RemoveDirectoryW
ReadFile

shell32

CommandLineToArgvW

user32

wsprintfW
CharNextA
CharNextW

Sections

.text
Size: 706KB - Virtual size: 705KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cb537bb250089f3dc42cea1e11917b81

Headers

File Characteristics

Imports

msvfw32

imagehlp

ole32

msvcrt

kernel32

shell32

user32

Sections

.text Size: 706KB - Virtual size: 705KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 251KB - Virtual size: 251KB

.rsrc Size: 21KB - Virtual size: 3.2MB

.text
Size: 706KB - Virtual size: 705KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 251KB - Virtual size: 251KB

.rsrc
Size: 21KB - Virtual size: 3.2MB