0b00be74474c4dd5ca0c7df4fc44caf2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b00be74474c4dd5ca0c7df4fc44caf2_JaffaCakes118
Size

155KB
MD5

0b00be74474c4dd5ca0c7df4fc44caf2
SHA1

3f5b0fe1f7bb5af0617d9b869d0609d80cbc6ca5
SHA256

a26a46f57264251b40d45dc169f81467d40761bb1dbe7411ae00319e0f98d301
SHA512

c979c9e5fd4624cc660232f9d375c0d400645bc4c8a6dde97e2f2bcaa7f0fccdec16c75450c260ab929f631af93eba49e4592195db21ebbb7f8f9baefc56785d
SSDEEP

3072:b6YrQgK+AAf9l0Q7tIQeM8qjigxAroEOM:/znFr0SiMFFEv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b00be74474c4dd5ca0c7df4fc44caf2_JaffaCakes118

Files

0b00be74474c4dd5ca0c7df4fc44caf2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0515b991c061e8c07e7c0321db817e4c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
GetStartupInfoA
SetErrorMode
VirtualAlloc
GetStringTypeA
LockResource
GetVersionExA
GetACP
ExitThread
EnterCriticalSection
lstrcatA
CreateEventA
lstrcpyA
GetCurrentProcessId
LoadLibraryA
ResetEvent
GetDateFormatA
lstrcmpA
MulDiv
SetEvent
GetCurrentProcess
SetThreadLocale
GetProcAddress
GetLocalTime
HeapAlloc
SizeofResource
GetFileSize
GetStringTypeW
GetEnvironmentStrings
GetCPInfo
GetProcessHeap
ExitProcess
ReadFile
GetCurrentThreadId
lstrlenA
GetCurrentThread
DeleteFileA
SetHandleCount
GlobalAddAtomA
WriteFile
GetFileType
GetFullPathNameA
LocalAlloc

user32

GetIconInfo
GetScrollInfo
GetClipboardData
EndPaint
GetSubMenu
ShowWindow
EnableScrollBar
IsChild
GetMenuItemInfoA
GetCursor
DefMDIChildProcA
GetMenuStringA
TrackPopupMenu
EnableWindow
ShowScrollBar
IsWindowVisible
EnumThreadWindows
DispatchMessageA
EnumWindows
GetFocus
GetCursorPos
MessageBoxA
IsWindowEnabled

msvcrt

_wfopen
_acmdln
wcschr
swprintf
wcsncmp
time
sprintf
memcpy
_amsg_exit
_stat
tolower
__p__commode
exit

ole32

CoDisconnectObject
PropVariantClear
CoCreateFreeThreadedMarshaler
CoCreateGuid
CoRegisterClassObject
CoFreeUnusedLibraries
CLSIDFromProgID
CoGetObjectContext

comdlg32

FindTextA

version

GetFileVersionInfoA

Sections

CODE
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 135KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0515b991c061e8c07e7c0321db817e4c

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

ole32

comdlg32

version

Sections

CODE Size: 8KB - Virtual size: 8KB

.data Size: 3KB - Virtual size: 2KB

.edata Size: 135KB - Virtual size: 210KB

BSS Size: 5KB - Virtual size: 4KB

INIT Size: 2KB - Virtual size: 1KB

CODE
Size: 8KB - Virtual size: 8KB

.data
Size: 3KB - Virtual size: 2KB

.edata
Size: 135KB - Virtual size: 210KB

BSS
Size: 5KB - Virtual size: 4KB

INIT
Size: 2KB - Virtual size: 1KB