0e8b79526aa8880e6284ea72f9ebba4f_JaffaCakes118

General

Target

0e8b79526aa8880e6284ea72f9ebba4f_JaffaCakes118
Size

168KB
MD5

0e8b79526aa8880e6284ea72f9ebba4f
SHA1

2e13df1098faf1d1d26f9c7f7c65c216cc433dc2
SHA256

18eac41429554c82cd4111d19f53dd4999d91c000af641e64ee34e8ab64d906e
SHA512

e8908f21968520098a7b00a29621c7457cc4f2c6924266106e2c1479cac7df96cc0acbf35c3e3dce83d09b2ab6715d19a5c0c98bfade2600247773055cb112e0
SSDEEP

3072:0kLC7x6fEXj3oYDNUKBC5CH+xF7vCww95YeoLoSqtIzp:zOTrXBC564ubYe5t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e8b79526aa8880e6284ea72f9ebba4f_JaffaCakes118

Files

0e8b79526aa8880e6284ea72f9ebba4f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b766f8eb6e8d44f02db2b3ae529c2df2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

alleg40

ord390
ord100
ord531
ord645
ord61
ord199
ord421
ord574
ord655
ord243
ord191
ord654
ord84
ord748
ord652
ord590
ord359
ord369
ord202
ord99
ord620
ord659
ord273
ord70
ord582
ord648
ord159
ord7
ord85
ord72
ord682
ord153
ord367
ord358
ord362
ord74
ord361
ord113
ord469
ord394
ord474
ord117
ord118
ord565
ord196
ord594
ord608
ord405
ord605
ord653
ord152
ord503
ord272
ord651
ord619
ord67
ord477
ord658
ord661
ord379
ord479
ord504
ord640
ord382
ord107

kernel32

LCMapStringW
LCMapStringA
SetEndOfFile
LoadLibraryA
ReadFile
GetACP
GetCPInfo
GetOEMCP
SetFilePointer
FlushFileBuffers
CreateFileA
GetStringTypeW
GetStringTypeA
SetStdHandle
WriteFile
RtlUnwind
MultiByteToWideChar
GetStdHandle
SetHandleCount
GetFileType
GetEnvironmentStrings
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsA
GetModuleFileNameA
FreeEnvironmentStringsW
GetProcAddress
CloseHandle
UnhandledExceptionFilter
HeapSize
GetLastError
VirtualAlloc
VirtualFree
HeapReAlloc
HeapDestroy
GetVersion
HeapCreate
GetStartupInfoA
GetModuleHandleA
GetCommandLineA
TerminateProcess
ExitProcess
GetCurrentProcess
HeapFree
HeapAlloc

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

�>
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b766f8eb6e8d44f02db2b3ae529c2df2

Headers

File Characteristics

Imports

alleg40

kernel32

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 8KB - Virtual size: 124KB

.rsrc Size: 8KB - Virtual size: 20KB

�> Size: 92KB - Virtual size: 92KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 8KB - Virtual size: 124KB

.rsrc
Size: 8KB - Virtual size: 20KB

�>
Size: 92KB - Virtual size: 92KB