e0840bd60e20c0ed350386dca2e70cb7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e0840bd60e20c0ed350386dca2e70cb7_JaffaCakes118
Size

13KB
MD5

e0840bd60e20c0ed350386dca2e70cb7
SHA1

e9bf4ed107b2299e050139800f3d1078fb3675d8
SHA256

6a42e2dbebf37a4754c7e113ca9071455286b355243c2b00032759e0e648bd51
SHA512

8b53e4f2f8cc3d290701a2524952aba5e2b69b2d157be8271f12e8b81e76c5a95a16c5f32fe45e3d2ba891fcc37eb338199589d3772b0cc708e83a44b24b9f4d
SSDEEP

192:KbNHBRWs+yCI6yRnRNbPjhUpK5aSbnMAYTcN+hSthskTMr1r38GFRRsSZ9J:sPJ+XIJ95aSbMAac+StW5hH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e0840bd60e20c0ed350386dca2e70cb7_JaffaCakes118

Files

e0840bd60e20c0ed350386dca2e70cb7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9f12750fffe700a1b1509e75afdb14b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Q:\projects\CLoader\bin\Debug\CLoader.pdb

Imports

kernel32

FindResourceA
GetModuleHandleA
WideCharToMultiByte
CloseHandle
ReadFile
GetFileSize
CreateFileA
WriteFile
GetLastError
OutputDebugStringA
DeleteFileA
LoadResource
CreateProcessA
GetSystemInfo
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetModuleFileNameA
Sleep
CreateMutexA
OpenMutexA
ExitProcess
GetTickCount
GetVersionExA
SizeofResource
GetTempPathA
LockResource

msvcrt

srand
strcat
strlen
strncmp
_scprintf
sprintf
strcpy
rand
_vsnprintf
memcpy
atoi
isspace
strncat
realloc
strncpy
_stricmp
malloc
memset
free
wcslen
_strdup

ntdll

RtlImageNtHeader

wininet

InternetOpenUrlA
InternetOpenA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetReadFile
InternetCloseHandle
InternetConnectA
HttpSendRequestA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHGetFolderPathA

ole32

StringFromGUID2
CoCreateGuid

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen

shlwapi

PathCombineA
PathAppendA

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 618B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f12750fffe700a1b1509e75afdb14b5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcrt

ntdll

wininet

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 264B

.reloc Size: 1024B - Virtual size: 618B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 264B

.reloc
Size: 1024B - Virtual size: 618B