03f36e781c2f03f550ce3881c8f22d6f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

03f36e781c2f03f550ce3881c8f22d6f_JaffaCakes118
Size

104KB
MD5

03f36e781c2f03f550ce3881c8f22d6f
SHA1

7e5acea1a2907a1c31048ef20ee54916d490d0ef
SHA256

71441417a47b7d215d5510c8ca03eb187fb1d99c511d6831745406f8076429d3
SHA512

111fd517d000d023f14ee478b8d49999dcf61ea2ee21fa2c26c8403cd607a8e6c76b195b791d6b561021e70b27de25f695cbef27ab22e43fb5d24fead7a95135
SSDEEP

1536:i603PFZLcmoR2IIGk0DxLASOu2L8cAyIF4Sra3ve4jmuyw5KingIV0c3nfOxibSz:WFymRGkcKSra3ffywETIV0cvOxZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03f36e781c2f03f550ce3881c8f22d6f_JaffaCakes118

Files

03f36e781c2f03f550ce3881c8f22d6f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

98be8f29a3c7efd53475441e15d854a9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\obj\nt_ms_x86_p\dbunload.pdb

Imports

dbtool8

ord140
ord139
ord113

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

kernel32

VirtualFree
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
LoadLibraryA
FreeLibrary
IsDBCSLeadByte
GetModuleFileNameA
GetSystemDirectoryA
GetWindowsDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetModuleHandleA
FlushFileBuffers
SetEndOfFile
GetLastError
SetFilePointer
GetPrivateProfileStringA
GetEnvironmentVariableA
GetACP
GetSystemDefaultLangID
HeapFree
HeapAlloc
GetCommandLineA
GetVersionExA
SetConsoleCtrlHandler
HeapReAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetFileAttributesA
CloseHandle
GetFileType
CreateFileA
SetStdHandle
ReadFile
WriteFile
GetDriveTypeA
SetEnvironmentVariableA
GetCurrentDirectoryA
HeapDestroy
HeapCreate
VirtualAlloc
TlsFree
SetLastError
GetCurrentThreadId
TlsSetValue
TlsGetValue
TlsAlloc
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStartupInfoA
HeapSize
RtlUnwind
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
GetFullPathNameA
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
VirtualProtect
GetSystemInfo
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
CompareStringA
CompareStringW

user32

MessageBoxA
CharToOemA
SetForegroundWindow
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetDlgItem
EndDialog
DialogBoxParamA
IsCharAlphaA
OemToCharA
LoadStringA
CharUpperA
CharLowerA

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

98be8f29a3c7efd53475441e15d854a9

Headers

File Characteristics

PDB Paths

Imports

dbtool8

advapi32

kernel32

user32

Sections

.text Size: 60KB - Virtual size: 59KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 12KB - Virtual size: 28KB

.text
Size: 60KB - Virtual size: 59KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 12KB - Virtual size: 28KB