0c763e9249a8ac506dfb118830ce4254_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c763e9249a8ac506dfb118830ce4254_JaffaCakes118
Size

346KB
MD5

0c763e9249a8ac506dfb118830ce4254
SHA1

2e656003e433bf7bb5b051ba830a9fd38d16f6d3
SHA256

1545559fa4b36e8c3db220f60fff5adea8cb5c9aa19138b4058a3fee01cec407
SHA512

c322ec17cb0079642101fa994db1607073616f0de6b92169a506d2cb5b7a11f1010db1d7191b8d7169e17f6b57b50fa6b26b3d19186e5492af5ab2aa62e41e5d
SSDEEP

6144:iiAm2jS+YolC4xOEkI3nfdfDpvKPKK+mnNHpYuGmQjvNg/O+OBSlBw:NAm2nrF3nfdf5KfNJz1Qjvi2+OB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c763e9249a8ac506dfb118830ce4254_JaffaCakes118

Files

0c763e9249a8ac506dfb118830ce4254_JaffaCakes118
.exe windows:4 windows x86 arch:x86

053290ff88d04dec91967bf43206c1ac

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

atol
free
_ltow
qsort
isdigit
_wcsnicmp
_commit
_initterm
memmove
bsearch
wcslen
_ultoa
_ltoa
__dllonexit
_onexit
wcscmp
malloc
_except_handler3
wcschr
_wcsicmp
wcscat
wcscpy
strncpy
strncmp
_snwprintf
isxdigit
_itow
isupper
strtoul
sprintf

dnsapi

DnsApiAlloc
DnsApiFree
DnsValidateName_UTF8

comctl32

ImageList_Destroy
InitCommonControlsEx
CreateToolbarEx
CreatePropertySheetPageW
PropertySheetW
ImageList_Draw
ImageList_GetIconSize

comdlg32

GetOpenFileNameA
PrintDlgA

kernel32

GetProcessHeap
GetStartupInfoW
LockFile
CompareStringW
MulDiv
GetFileTime
FreeEnvironmentStringsA
SetEvent
ExitProcess
GetEnvironmentStringsW
RtlUnwind
UnlockFile
GetThreadLocale
TlsSetValue
DuplicateHandle
GetCurrentThread
CompareStringA
GetCurrentThreadId
DeleteCriticalSection
HeapAlloc
IsDebuggerPresent
FindNextFileW
WritePrivateProfileStringW
TerminateProcess
FlushFileBuffers
SetEndOfFile
lstrcpyA
GlobalHandle
lstrcmpA
ConvertDefaultLocale
FreeResource
InterlockedIncrement
CreateProcessW
FormatMessageW
GetCPInfo
GetEnvironmentStrings
SetFileTime
ResetEvent
GetOEMCP
LCMapStringA
InterlockedDecrement
GetFullPathNameW
SetErrorMode
GlobalFindAtomW
LCMapStringW
WriteFile
SetLastError
SetThreadPriority
GlobalSize
EnumResourceLanguagesW
TlsFree
GetCommandLineW
GlobalDeleteAtom
GetStdHandle
GetVersion
SuspendThread
FindFirstFileW
LoadLibraryA
FileTimeToSystemTime
TlsAlloc
CloseHandle
CreateEventW
WaitForSingleObject
SetUnhandledExceptionFilter
SetCurrentDirectoryA
LocalReAlloc
GlobalFree
GetCurrentProcessId
GetLocaleInfoW
LeaveCriticalSection
GlobalAddAtomW
CopyFileW
CreateThread
GlobalUnlock
VirtualAlloc
GetShortPathNameW
GetVersionExA
LoadResource
SetFileAttributesW
IsValidCodePage
EnterCriticalSection
FatalAppExitA
GetVolumeInformationW
InterlockedExchange
UnhandledExceptionFilter
GlobalFlags
CreateFileW
GetDriveTypeW
GetLastError
InitializeCriticalSection
FindClose
HeapCreate
HeapSize
SystemTimeToFileTime
FindResourceW
ExitThread
SetHandleCount
LocalAlloc
VirtualFree
GetFileSize
HeapDestroy
GetCommandLineA
Sleep
FreeEnvironmentStringsW
GetPrivateProfileStringW
SetFilePointer
WideCharToMultiByte
lstrcmpW
GetFileAttributesW
GlobalLock
ResumeThread
GlobalAlloc
DeleteFileW
GetModuleHandleA
TlsGetValue
FileTimeToLocalFileTime
GlobalGetAtomNameW
GetSystemInfo
GlobalReAlloc
lstrlenA
lstrcmpiW
GetPrivateProfileIntW
GetCurrentDirectoryA
GetStringTypeExW
GetCurrentProcess
lstrlenW
GetAtomNameW
GetModuleFileNameW
LocalFileTimeToFileTime
GetACP
GetUserDefaultLCID
GetFileAttributesA
HeapFree
ReadFile
SizeofResource
GetVersionExW
RaiseException
HeapReAlloc
LockResource
MoveFileW

Sections

.data
Size: 192KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

053290ff88d04dec91967bf43206c1ac

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

dnsapi

comctl32

comdlg32

kernel32

Sections

.data Size: 192KB - Virtual size: 1.0MB

.rdata Size: 59KB - Virtual size: 59KB

.rsrc Size: 27KB - Virtual size: 27KB

.text Size: 65KB - Virtual size: 64KB

.reloc Size: 512B - Virtual size: 20B

.data
Size: 192KB - Virtual size: 1.0MB

.rdata
Size: 59KB - Virtual size: 59KB

.rsrc
Size: 27KB - Virtual size: 27KB

.text
Size: 65KB - Virtual size: 64KB

.reloc
Size: 512B - Virtual size: 20B