eba01a6e37000410739bf7a090c42534_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eba01a6e37000410739bf7a090c42534_JaffaCakes118
Size

4.2MB
MD5

eba01a6e37000410739bf7a090c42534
SHA1

75c8a2bd8501df10f607acf75f1aca615fd5f4d7
SHA256

a23e79e77fcf0179b64badd7ddd98bf7fd7b5e22ffd9fbfc3401bd9eede577fc
SHA512

f63d006dddb58deb85b1abd4400b92546e07ff2744cc4240338cbafcbbb09f0471a0e62d5181eb5ae5667eac5b7af09fbcf052b452639ec3280e426ead10d9f3
SSDEEP

24576:PVB5DUP/7CHU1lzW8vRtXKmNsT9kAXZ/I1o1zz1AXysMMdXj/ZKTG6FWqAkO:ZG3T/MJR2q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eba01a6e37000410739bf7a090c42534_JaffaCakes118

Files

eba01a6e37000410739bf7a090c42534_JaffaCakes118
.exe windows:5 windows x86 arch:x86

17ed385e0e3c1853a6661c9c6ecc6c55

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysStringLen
SafeArrayGetUBound
VarNeg
SysFreeString
SysReAllocStringLen
VarR8FromStr
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement

user32

GetCursorPos
ShowCaret
SetWindowLongW
InsertMenuW

kernel32

HeapReAlloc
HeapAlloc
GetVersion
VirtualAllocEx
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
UnmapViewOfFile
lstrcmpW
lstrlenW
LoadLibraryW
FindFirstFileExW
IsValidCodePage
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EncodePointer
SetUnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
UnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapFree
Sleep
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
IsProcessorFeaturePresent
HeapSize

mpr

WNetGetLastErrorW

gdi32

GetICMProfileW
SetColorSpace
SetViewportExtEx
PolyBezierTo
PtVisible
GetCharABCWidthsFloatW
EnumFontsW
AnimatePalette

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 74KB - Virtual size: 7.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4.1MB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17ed385e0e3c1853a6661c9c6ecc6c55

Headers

File Characteristics

Imports

oleaut32

user32

kernel32

mpr

gdi32

Sections

.text Size: 75KB - Virtual size: 74KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 74KB - Virtual size: 7.5MB

.rsrc Size: 4.1MB - Virtual size: 4.1MB

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 74KB - Virtual size: 7.5MB

.rsrc
Size: 4.1MB - Virtual size: 4.1MB