0317a9f24977f9a063f134cf7542795c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0317a9f24977f9a063f134cf7542795c_JaffaCakes118
Size

38KB
MD5

0317a9f24977f9a063f134cf7542795c
SHA1

8793513e9d4cc04d9cd6cfe6946cffbfd4216532
SHA256

178a22106e25de0e10d39844fa01d7a7e46f58550c4238195d13f1651d6ca4f7
SHA512

bd141693bcf2b8f25013b5da21d35a403fbd5330be6628a74c1c3f4ad684bce3778e1eb04e255dc7f40f26becfe6ae94db5b031728046ffc6ff52f02cd4eb3c0
SSDEEP

768:9ON4RhW9VKw/BAHi6yG7w6ctZA4KHJNliQHMhxQSwaDRBvVINC:9O+KQ829yz6cEVJNkQHYSIRtVINC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0317a9f24977f9a063f134cf7542795c_JaffaCakes118

Files

0317a9f24977f9a063f134cf7542795c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bca2b2fc5532abb8fcf88a428407c55f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord850
ord1572
ord2044
ord6383
ord5440
ord2107
ord5834
ord2448
ord6394
ord5450
ord2841
ord3663
ord2818
ord536
ord922
ord539
ord861
ord356
ord2770
ord668
ord941
ord5683
ord4129
ord924
ord858
ord2915
ord540
ord4202
ord2764
ord561
ord825
ord537
ord823
ord860
ord535
ord800
ord815

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
_exit
__p__commode
_onexit
__dllonexit
_CxxThrowException
_itoa
_mbscmp
fscanf
strncmp
_stricmp
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
_controlfp
strstr
malloc
memcpy
strlen
__CxxFrameHandler
memset
fread
fseek
strcpy
fwrite
fputc
fclose
exit
rename
strchr
strncat
strcat
_except_handler3
fopen
printf
_strnicmp

kernel32

CopyFileA
MultiByteToWideChar
ExpandEnvironmentStringsA
DeleteFileA
GetModuleFileNameA
GetTempPathA
GetTickCount
GetSystemDirectoryA
CreateThread
Sleep
GetLastError
CreateMutexA
GetModuleHandleA
FreeLibrary
MapViewOfFile
CreateFileMappingA
GetFileSize
UnmapViewOfFile
GetWindowsDirectoryA
GetProcAddress
LoadLibraryA
GetShortPathNameA
Module32First
CreateToolhelp32Snapshot
CloseHandle
Process32Next
Process32First
TerminateProcess
OpenProcess
FreeResource
CreateFileA
LoadResource
FindResourceA
HeapFree
HeapAlloc
GetProcessHeap
lstrcatA
SetErrorMode
lstrlenA

user32

DefWindowProcA
LoadIconA
RegisterClassA
PostQuitMessage
SetTimer
UpdateWindow
GetMessageA
GetClassNameA
CreateWindowExA
KillTimer
GetWindow
SetWindowLongA
GetWindowLongA
ShowWindow
GetWindowThreadProcessId
wsprintfA
GetDesktopWindow
GetTopWindow

gdi32

GetStockObject

advapi32

InitializeAcl
RegCreateKeyExA
FreeSid
RegCloseKey
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
GetLengthSid
AllocateAndInitializeSid
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegQueryValueExA
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA

ole32

CoInitialize
CoUninitialize
CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
VariantClear

msvcp60

??0Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA

rpcrt4

UuidCreateSequential

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bca2b2fc5532abb8fcf88a428407c55f

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp60

wininet

rpcrt4

Sections

.text Size: 29KB - Virtual size: 28KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 88KB - Virtual size: 88KB

.text
Size: 29KB - Virtual size: 28KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 88KB - Virtual size: 88KB