0fa5505d2faba9181f76312c15ced116_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fa5505d2faba9181f76312c15ced116_JaffaCakes118
Size

42KB
MD5

0fa5505d2faba9181f76312c15ced116
SHA1

8b5db21157b5ba871bed51a3df6f1ff7d65893e2
SHA256

dd45c9661409c936aa78fdf746e7c9a1b26eb0a6b65b002bed0b8af40006cd71
SHA512

a394fbc5101ea58c5feaaa2e244c61410fbe4ff08d033278ccc6080cd2f2dd4e9bbd3d7d33767e06f548986e32be2324db0a711fd6b54bb4659b38a41bb20da1
SSDEEP

768:auHOat1CYraXUHV8+ZuWH1bJL8iKUVLXH+GT+BNpl9PBCnaObvD1wrRJ:71CYGXUHVVZuWH1bOjUVj36Nl9WaObvk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fa5505d2faba9181f76312c15ced116_JaffaCakes118

Files

0fa5505d2faba9181f76312c15ced116_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dd8e336c15d5938e0bfe3b04988bf008

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TerminateProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
MultiByteToWideChar
lstrlenW
GetCurrentProcessId
DeleteFileA
SetFileAttributesA
GetFileAttributesA
Sleep
CreateProcessA
CreateMutexA
ExitProcess
GetTempPathA
lstrcatA
GlobalFree
GlobalAlloc
lstrcpyA
GetModuleFileNameA
CopyFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
GetVersionExA
GetCurrentProcess
GetTickCount
GetModuleHandleA
GetCommandLineA
GetCommandLineW
OpenMutexA
FindClose
FindNextFileA
FindFirstFileA
GetVolumeInformationA
GetCurrentDirectoryA
GetStartupInfoA
lstrcpynA
GetLastError
LocalFree
GetFileSize
ReadFile
CreateFileA
WriteFile
CloseHandle
WideCharToMultiByte
lstrlenA

user32

EnumChildWindows
ShowWindow
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
wsprintfA
CreateWindowExA
RegisterClassExA
LoadCursorA
LoadIconA
GetWindowTextA
GetParent
GetDesktopWindow
DefWindowProcA
PostQuitMessage
SetTimer

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA

shell32

CommandLineToArgvW
SHGetSpecialFolderPathA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoCreateInstance
CoInitialize
CoTaskMemFree
OleRun
CoUninitialize
CoCreateGuid

oleaut32

VariantClear

msvcrt

_mbslwr
_CxxThrowException
_onexit
__dllonexit
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
memcmp
memmove
_except_handler3
srand
rand
_beginthreadex
_strlwr
wcsstr
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
__CxxFrameHandler
strcat
memset
strncpy
atoi
strlen
free
malloc
sprintf
??1type_info@@UAE@XZ
strstr
strcmp
strcpy

wininet

HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetQueryDataAvailable
InternetReadFile
DeleteUrlCacheEntry
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA

psapi

GetModuleFileNameExA

urlmon

URLDownloadToFileA

netapi32

Netbios

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd8e336c15d5938e0bfe3b04988bf008

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcrt

wininet

psapi

urlmon

netapi32

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 2KB - Virtual size: 2KB