03ca3706021e51436dae8e8005c50b11_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

03ca3706021e51436dae8e8005c50b11_JaffaCakes118
Size

384KB
MD5

03ca3706021e51436dae8e8005c50b11
SHA1

48729e579ae713c5aae20d946bf8df04496eeb49
SHA256

02a63512cda6d2907b07d81035113ce349b9846f87fdc27bd24fa24d30222b55
SHA512

56e5d5667c238d76a7e2f0e701a55174b116879b5a16548c8fd3cea6c4378ddf3d7da9ce0b288648d22e26188804d3fed24afc57a502b34db9f275a2aa3aec7b
SSDEEP

6144:MyoO93HJIMQdCro1S/6Th2UKo9QcW0peHtH9t1WtGCl3wqdcIj0EJ3:pD93JqdoYSaQJOuwNwQ0C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03ca3706021e51436dae8e8005c50b11_JaffaCakes118

Files

03ca3706021e51436dae8e8005c50b11_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3f9361e3da1102996811d47a76759f81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualFree
VirtualProtect
GetCommandLineA
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
DisableThreadLibraryCalls
HeapFree
GetProcessHeap
OpenFileMappingW
MapViewOfFile
CloseHandle
SetLastError
InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
LeaveCriticalSection
EnterCriticalSection
CreateMutexA
CreateEventA
ReleaseSemaphore
CreateProcessA
GetLastError
WaitForSingleObject
ReleaseMutex
WideCharToMultiByte
lstrcmpiW
GetModuleHandleW
LocalFree
WriteFile
LocalAlloc
WriteConsoleW
FormatMessageW
InterlockedIncrement
InterlockedDecrement
lstrlenW
ReadFile
GetOverlappedResult
SwitchToThread
lstrlenA
GetSystemInfo
CreateFileW
TlsGetValue
MultiByteToWideChar
FormatMessageA
GetProcAddress
FindFirstFileW
FindClose
CreateEventW
SetEvent
CancelIo
FindNextFileW
ConnectNamedPipe
DisconnectNamedPipe
InterlockedExchangeAdd
GetVersionExW
DebugBreak
GetSystemWindowsDirectoryW
GetFileAttributesW
CreateDirectoryW
GetComputerNameW
DeleteFileW
GetTempPathW
RemoveDirectoryW
SetFilePointer
FlushFileBuffers
GetDateFormatA
GetTimeFormatA
lstrcmpW
HeapAlloc
HeapReAlloc
ExitProcess
RaiseException
GetModuleHandleA
GetStartupInfoA

user32

FindWindowA
LoadStringW

ole32

CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

rpcrt4

RpcBindingFree
RpcBindingSetAuthInfoExW
NdrClientCall2
RpcBindingFromStringBindingW

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
__setusermatherr
__getmainargs
_amsg_exit
_acmdln
_except_handler3
_adjust_fdiv
free
malloc
_initterm
wcslen
strcmp
_strnicmp
atol
memcpy
memmove
strlen
memset
_wcsnicmp
_vsnwprintf
fprintf
_wtol
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit

Sections

.text
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 279KB - Virtual size: 558KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f9361e3da1102996811d47a76759f81

Headers

File Characteristics

Imports

kernel32

user32

ole32

rpcrt4

msvcr71

Sections

.text Size: 82KB - Virtual size: 81KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 279KB - Virtual size: 558KB

.sxdata Size: 512B - Virtual size: 8B

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 82KB - Virtual size: 81KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 279KB - Virtual size: 558KB

.sxdata
Size: 512B - Virtual size: 8B

.rsrc
Size: 17KB - Virtual size: 17KB