eba23e539c3716daa64da3d9a125ab78_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eba23e539c3716daa64da3d9a125ab78_JaffaCakes118
Size

88KB
MD5

eba23e539c3716daa64da3d9a125ab78
SHA1

eb6230b6658c9c2dda7d6696975e5fa19c7197d8
SHA256

593da1b96093be72a76ec13b6454141045f08dd6213e9c8c392798565b032f74
SHA512

cec1a1f2c24d109c836f80694c0a4a94335a67cd30775d53e0673e08de991b65b18c2d8168e454a0e939d2605afc7301571c7f7b24727bf45300b63a75799b41
SSDEEP

1536:eOc/oLe7jpwPEixN/sZeWvGm78BwtWssMiKbNEmYTLwhTSF3LsSQm3EUeswL9:eOcQLe7j4E+kR9W2bHYOTYbsrm3q9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eba23e539c3716daa64da3d9a125ab78_JaffaCakes118

Files

eba23e539c3716daa64da3d9a125ab78_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0447d17e69c9c16d4f9333e83e217bbb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedDecrement
InterlockedIncrement
GetModuleHandleA
GetStartupInfoA

user32

PostMessageA
GetKeyState

pk79

ord5868
ord9827
ord2713
ord2138
ord332
ord2714
ord138
ord10104
ord482
ord2947
ord5981
ord955
ord8205
ord6415
ord3026
ord1333
ord9666
ord8854
ord918
ord7761
ord1733
ord6209
ord83
ord6499
ord9626
ord734
ord740
ord2944
ord6161
ord9246
ord9262
ord8850
ord5899
ord2861
ord5700
ord7175
ord4908
ord8447
ord9118
ord4052
ord2853
ord2950
ord7657
ord4587
ord4049
ord5320
ord9954
ord1206
ord6826
ord4530
ord6375
ord1776
ord4569
ord8911
ord7259
ord7776
ord1270
ord5495
ord8344
ord7440
ord813
ord8262
ord571
ord6095
ord2404
ord4633
ord8017
ord439
ord9220
ord7257
ord9370
ord5632
ord1585
ord9506
ord7458
ord9638
ord5624
ord274
ord4232
ord9089
ord4148
ord9190
ord680
ord6245
ord1109
ord2302
ord6512
ord5656
ord8616
ord3525
ord6304
ord2523
ord2499
ord325
ord1013
ord3916
ord2063
ord2004
ord6436
ord8501
ord4433
ord2175
ord6781
ord554
ord7272
ord1870
ord3426
ord8136
ord395
ord896
ord8535
ord9804
ord3912
ord576
ord1934
ord4042
ord7496
ord8119
ord9992
ord3161
ord4796
ord9456
ord6326
ord1844
ord10011
ord3396
ord5956
ord5784
ord8627
ord7017
ord7251
ord5343

msvcr71

_ismbblead
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
__CxxFrameHandler
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
strlen
__CxxLongjmpUnwind
_setjmp3
memcpy
_purecall
_CxxThrowException
??2@YAPAXI@Z
strcmp
??3@YAXPAX@Z

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0447d17e69c9c16d4f9333e83e217bbb

Headers

File Characteristics

Imports

kernel32

user32

pk79

msvcr71

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 348B

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 348B

.rsrc
Size: 20KB - Virtual size: 19KB