0fb8d9bf1fc89dd873caa6be78047ede_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fb8d9bf1fc89dd873caa6be78047ede_JaffaCakes118
Size

43KB
MD5

0fb8d9bf1fc89dd873caa6be78047ede
SHA1

e3e1cc9dc6b77196ec5c0b375cdd318ac7b02c3c
SHA256

7664e005f3110581a50420425d613b7fdb52c507adf3f568214edd6d00494408
SHA512

bf18c3330697c9b03cb9b0e6c462f83c6c4e0a786dcac551c55e42ac761d4d45087776f18b95c6597ec80448d8747efa525fb844276084583533e545d9998019
SSDEEP

768:TI6N9+pRsEQdpZ2iaR9H4OfHm1PUKSfKq3fdeX:TI6j5EQdpZ2FcOfHm1PUKSv3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fb8d9bf1fc89dd873caa6be78047ede_JaffaCakes118

Files

0fb8d9bf1fc89dd873caa6be78047ede_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f4f418440dfc421375ceb4d136fc37e1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
_strnicmp
strncmp
strncpy
_strdup
free
strcmp
memmove
strlen
strcpy
strcat
memcpy

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
WinExec
GetLogicalDrives
GetVolumeInformationA
GetDriveTypeA
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
OpenProcess
GlobalMemoryStatus
Sleep
EnterCriticalSection
WaitForSingleObject
LeaveCriticalSection
InitializeCriticalSection
CreateThread
GetModuleFileNameA
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
HeapAlloc
CreateProcessA
HeapFree
GetCommandLineA
PeekNamedPipe
ReadFile
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetTickCount
TlsGetValue
FreeLibrary
LoadLibraryA
GetProcAddress
CreateDirectoryA
SetFileAttributesA
FindFirstFileA
FindClose
GetFileAttributesA
DeleteFileA
CopyFileA
GetLastError
FindNextFileA
WriteFile
CreateFileA
SetFilePointer
GetFileSize
HeapReAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
WaitForMultipleObjects
GetCurrentThread
CreateSemaphoreA
ReleaseSemaphore

user32

CharLowerA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard

advapi32

SetServiceStatus
StartServiceCtrlDispatcherA
OpenSCManagerA
OpenServiceA
DeleteService
CloseServiceHandle
CreateServiceA
ChangeServiceConfig2A
RegisterServiceCtrlHandlerA
StartServiceA
ControlService
QueryServiceStatus

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteExA

winmm

timeBeginPeriod
timeEndPeriod

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree

Sections

.code
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 43B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f4f418440dfc421375ceb4d136fc37e1

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

shell32

winmm

ole32

Sections

.code Size: 21KB - Virtual size: 20KB

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 512B - Virtual size: 43B

.data Size: 6KB - Virtual size: 6KB

.code
Size: 21KB - Virtual size: 20KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 512B - Virtual size: 43B

.data
Size: 6KB - Virtual size: 6KB