eff38ccbaa289120bb3501bd96f0ecc8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

eff38ccbaa289120bb3501bd96f0ecc8_JaffaCakes118
Size

194KB
MD5

eff38ccbaa289120bb3501bd96f0ecc8
SHA1

a9a1227adf5270e21410a6dd536382c68891beb3
SHA256

d329235b98441762a8d76507e5f057682b55f2cf2773936983860c86591b9f5c
SHA512

f5bfadd5c7900a2da058d2a5976e11009b8342aa9e50bfe7475d1ddab49b7d1d1f43772c3a8ed580d18f04c8b0a783517e7c9166ccc28dc221bd301fe571086c
SSDEEP

3072:e8rgiEHh13pIlYPM44knMz47ej8RmPaEPDkaFn5vta70JN6fgNDWsyKfeVTWJH9I:Xpcb3PRhMM6GmPa8kE1LN6ohRWV2JG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/PROFORMA INVOICE5294_EXPO_SCAN DOC_PDF.exe

Files

eff38ccbaa289120bb3501bd96f0ecc8_JaffaCakes118
.ace
out.ace
.ace
PROFORMA INVOICE5294_EXPO_SCAN DOC_PDF.exe
.exe windows:6 windows x86 arch:x86

a4d132423e62db5ebff0b0c2e615a93f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc

ole32

OleSaveToStream
CoQueryReleaseObject
CreateFileMoniker
WriteOleStg

ws2_32

WSAAsyncGetHostByName
WSAStringToAddressA
WSAIsBlocking
WSASetEvent
WSAAsyncGetHostByAddr

urlmon

CoInternetParseUrl
CoInternetCombineUrl
CopyStgMedium
IsLoggingEnabledA
URLOpenPullStreamA

mapi32

ord154
ord201
ord130
ord139

shlwapi

SHGetValueW
PathAddBackslashA
StrStrA
UrlCreateFromPathW
PathAppendW
PathGetArgsW

crypt32

CertRDNValueToStrW
CertCompareCertificate

pdh

PdhGetDefaultPerfObjectW
PdhEnumObjectItemsA
PdhGetLogFileSize

Sections

.text
Size: 512B - Virtual size: 174B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 831B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stub
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a4d132423e62db5ebff0b0c2e615a93f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ole32

ws2_32

urlmon

mapi32

shlwapi

crypt32

pdh

Sections

.text Size: 512B - Virtual size: 174B

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1024B - Virtual size: 831B

.code Size: 512B - Virtual size: 4B

.stub Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 88B

.text
Size: 512B - Virtual size: 174B

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1024B - Virtual size: 831B

.code
Size: 512B - Virtual size: 4B

.stub
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 88B