01171a8b66f863709148eac84dab58f0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01171a8b66f863709148eac84dab58f0_JaffaCakes118
Size

128KB
MD5

01171a8b66f863709148eac84dab58f0
SHA1

48af5c3b6127935f736708322883896f68f8cb59
SHA256

9e32c0958c976666f36f6c183545377b2f9fffc668d6193aad7df3a1f5cabf83
SHA512

6ad9ce87f5f6d7464679d0f2d8ab24a3fb7e2fd8827053bd6b6f7a1af71cfd3690ba05183968665ecb04e7a51c90643a6b24ad8a5b926c9ba1b1e1f76b0ddafd
SSDEEP

768:eivIppppppppppp1Kd840VnXTNL/hrDpJDu/X3JyjJyH:DyVXrDHDu/EjJy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01171a8b66f863709148eac84dab58f0_JaffaCakes118

Files

01171a8b66f863709148eac84dab58f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

86632da30434ccfc050190a47fb559c4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
_acmdln
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
calloc
exit
memcpy
memset
_itow
??2@YAPAXI@Z
_wcsdup
??3@YAXPAX@Z
free
__p__commode

kernel32

GetModuleHandleA
GetTempPathW
GetModuleHandleW
GetModuleFileNameW
CreateFileW
SetFilePointer
CloseHandle
GetTempFileNameW
FreeLibrary
DeleteFileW
WriteFile
ReadFile
LoadLibraryW
GetProcAddress
GetStartupInfoA

user32

MessageBoxW

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RCryptor
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RCryptor
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RCryptor
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RCryptor
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RCryptor
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RCryptor
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RCryptor
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RCryptor
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86632da30434ccfc050190a47fb559c4

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

Sections

.text Size: 56KB - Virtual size: 56KB

.rsrc Size: 28KB - Virtual size: 28KB

RCryptor Size: 4KB - Virtual size: 4KB

RCryptor Size: 4KB - Virtual size: 4KB

RCryptor Size: 4KB - Virtual size: 4KB

RCryptor Size: 4KB - Virtual size: 4KB

RCryptor Size: 4KB - Virtual size: 4KB

RCryptor Size: 4KB - Virtual size: 4KB

RCryptor Size: 4KB - Virtual size: 4KB

RCryptor Size: 12KB - Virtual size: 12KB

.text
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 28KB - Virtual size: 28KB

RCryptor
Size: 4KB - Virtual size: 4KB

RCryptor
Size: 4KB - Virtual size: 4KB

RCryptor
Size: 4KB - Virtual size: 4KB

RCryptor
Size: 4KB - Virtual size: 4KB

RCryptor
Size: 4KB - Virtual size: 4KB

RCryptor
Size: 4KB - Virtual size: 4KB

RCryptor
Size: 4KB - Virtual size: 4KB

RCryptor
Size: 12KB - Virtual size: 12KB