f9a64053c84fb54553a79e2d650d91e3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9a64053c84fb54553a79e2d650d91e3_JaffaCakes118
Size

999KB
MD5

f9a64053c84fb54553a79e2d650d91e3
SHA1

ce54090bb1a57226a4a0740676f98f17b914888e
SHA256

2745e4a680b9154d5419332d9075dc70350af35aa3f33c090f3f4901eb0e1355
SHA512

2dd92b7ba7995a5dcf0d572e3d7473a4ed30ce8b10bea8cd6e9c94324876c6afcbfc48175a0070977156e42ac4d3a5e8c9bb5f29a264df08c87ee7021509a216
SSDEEP

12288:EpS0YAgHxYTD7z/fkZXMjaF/4YeGio6OrbuvbBHegvX+wZDkGnYGOCFayjVKP+jl:RggHg8Mjab3XuvJegjkryRKseMQPg/w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9a64053c84fb54553a79e2d650d91e3_JaffaCakes118

Files

f9a64053c84fb54553a79e2d650d91e3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d710977ca32c0392f5d728a5e1a131e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_except_handler3
_c_exit
exit
__dllonexit
atoi
_snwprintf
_wcsicmp
qsort
__p__commode
__p__fmode
_iob
iswspace
?terminate@@YAXXZ
_purecall
_itoa
vwprintf
??2@YAPAXI@Z
_cexit
_onexit
__CxxFrameHandler
??1type_info@@UAE@XZ
__set_app_type
_XcptFilter
_snprintf
_CxxThrowException
_exit
__wgetmainargs
fputs
_wcsnicmp
??3@YAXPAX@Z
_vsnprintf
wcsrchr
strchr
memset
__winitenv
_adjust_fdiv
_itow
_initterm
_controlfp
strncmp
__setusermatherr
_wcslwr
realloc
wcsstr
wcslen
_vsnwprintf
free

kernel32

GetThreadLocale
GlobalAlloc
GetVersion
DebugBreak
UpdateResourceW
GetFullPathNameW
lstrcpyA
CloseHandle
InterlockedExchange
GetLocaleInfoA
InterlockedDecrement
ReadFile
RemoveDirectoryA
lstrlenA
EndUpdateResourceW
lstrcmpiA
GetSystemDirectoryA
InterlockedIncrement
CopyFileA
CopyFileW
LoadLibraryExW
GetVersionExW
RemoveDirectoryW
GetModuleHandleW
GetEnvironmentVariableA
ExitProcess
GlobalFree
FindNextFileW
GetACP
SetFilePointer
GetOEMCP
LocalFree
GetFileAttributesA
RaiseException
LoadLibraryExA
OutputDebugStringA
BeginUpdateResourceW
GetFileAttributesW
IsDebuggerPresent
InterlockedCompareExchange
FreeLibrary
GetFileInformationByHandle
lstrlenW
FreeResource
GetFullPathNameA
WideCharToMultiByte
FindClose

ole32

CoInitialize
StringFromCLSID
CoUninitialize
StringFromIID
CLSIDFromString
CoCreateInstance
CoTaskMemFree

msvfw32

ICGetInfo
ICRemove

user32

wsprintfW
CharNextW
CharNextA

imagehlp

ImageGetDigestStream
ImageRvaToVa
ImageNtHeader
ImageDirectoryEntryToData

shell32

CommandLineToArgvW

Sections

.text
Size: 706KB - Virtual size: 706KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 37KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d710977ca32c0392f5d728a5e1a131e1

Headers

File Characteristics

Imports

msvcrt

kernel32

ole32

msvfw32

user32

imagehlp

shell32

Sections

.text Size: 706KB - Virtual size: 706KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 251KB - Virtual size: 251KB

.rsrc Size: 37KB - Virtual size: 3.2MB

.text
Size: 706KB - Virtual size: 706KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 251KB - Virtual size: 251KB

.rsrc
Size: 37KB - Virtual size: 3.2MB