04ac3c60d0fe3f3c49a104b0fedf27cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

04ac3c60d0fe3f3c49a104b0fedf27cd_JaffaCakes118
Size

176KB
MD5

04ac3c60d0fe3f3c49a104b0fedf27cd
SHA1

0d3c816b5a4464627080bb7ea9fdab91b2a99fe7
SHA256

b1b71346c68f102a9864fbe85a66868c9b96ed02280ac070203f79a8813877cf
SHA512

aadf1fd74dff9f566f78f792f7871c0a1ace406c32b8c649268fcf4f9ef1411b1f26e5071452af1eb1713cb275d06cecba83de74067baca1e026eccf0a0e06b2
SSDEEP

3072:O2vnJkFXEs26wJzqmC9OeQp+Rgoyp9279lEGq9Df7:HSFXEs26wz+9OHcRgZkPEnf7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
04ac3c60d0fe3f3c49a104b0fedf27cd_JaffaCakes118

Files

04ac3c60d0fe3f3c49a104b0fedf27cd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a7a68bc8c0a678097a36258ec5ba9e14

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ora805

kpudtch
kpusebf
kputac
ologof
oclose
oexec
oparse
osnttc
kghfrh
kpughndl
kpuatch
ocom
kghfre
kghalo
kghini
kghgrw
kghfrf
slgtd
kzsrdep
oopen
olog
kzsrenc
kpummgnls
kpugattr
kpucia
oexn
kpummealloc
kpufhndl
kpummini
obndrv
oerhms
kpusattr
kpuauth
kpupin
kpuinit
kpummpin
ofen
obndra
kghalf
ttcpie
odessp
oexfet
odescr
odefin
orol

xa80

ord14

core40

ord136
ord309
ord185
ord190
ord311
ord312
ord308
ord310
ord86
ord82
ord205
ord97
ord57
ord206
ord315
ord316
ord150
ord148
ord60
ord85
ord40
ord87
ord44
ord156
ord155

nlsrtl33

ord3
ord6
ord2
ord117
ord175
ord201
ord203
ord67
ord112
ord224
ord287
ord222
ord231
ord244
ord4
ord358
ord143
ord247
ord131
ord58
ord130
ord11
ord288
ord110
ord116
ord210
ord237
ord215
ord159
ord233
ord172

pls805

peflinit
pextproc
peflic_InitCache
peflunload
peflcc_CloseCache
peflload

nl80

nlstdgg
nlstdstp

ncr80

sncrswntgad
ncrsta2msg

ns80

nsbfree
nsballoc

ni80

nioqsn
nioqwa
nioqbr
nioqts
nioqrs
nioqrc

sqllib80

sqlld2

msvcrt

strncpy
_setjmp3
exit
strncmp
sprintf
atoi
fflush
vfprintf
fclose
ctime
time
fread
tolower
__p__iob
localtime
_exit
_XcptFilter
__p___initenv
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
fopen
vsprintf
longjmp

kernel32

GetCurrentProcessId

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7a68bc8c0a678097a36258ec5ba9e14

Headers

File Characteristics

Imports

ora805

xa80

core40

nlsrtl33

pls805

nl80

ncr80

ns80

ni80

sqllib80

msvcrt

kernel32

Sections

.text Size: 126KB - Virtual size: 125KB

.rdata Size: 512B - Virtual size: 40B

.data Size: 42KB - Virtual size: 41KB

.idata Size: 3KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 12B

.text
Size: 126KB - Virtual size: 125KB

.rdata
Size: 512B - Virtual size: 40B

.data
Size: 42KB - Virtual size: 41KB

.idata
Size: 3KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 12B