0ff73f0dea328da43a6d41aa1b2ef3cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0ff73f0dea328da43a6d41aa1b2ef3cd_JaffaCakes118
Size

64KB
MD5

0ff73f0dea328da43a6d41aa1b2ef3cd
SHA1

d940b2dc9c5e69173d1176c329ba052e19264233
SHA256

e2ec2d8f16f71abbf49f9a77db54d49caef47df7f4acd3121a2ae9ad2e0b5aa0
SHA512

e108033dec177f745843841f4c2eb852466e8ed24746051ec0b461bab04814defd48b66714babff30142a3b0c2b48a8f5cc1e6ff27b87f76e1dac7fa2b1bfdd1
SSDEEP

1536:DtJPZ/EYZ4SbiUOdPnQhRjhW1G5MMP91W+:5t+APXEP0WszP911

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0ff73f0dea328da43a6d41aa1b2ef3cd_JaffaCakes118

Files

0ff73f0dea328da43a6d41aa1b2ef3cd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2278b847798e98e4b1a198d33cf5dc9a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msioff10.ocx

DeleteOfficeData
GetOfficeData

mfc42

ord3470
ord1238
ord842
ord939
ord3115
ord941
ord2814
ord2813
ord836
ord1601
ord539
ord537
ord825
ord540
ord850
ord800
ord823
ord858

msvcrt

_acmdln
exit
_XcptFilter
__set_app_type
__getmainargs
__setusermatherr
__p__fmode
_initterm
memset
memcpy
realloc
malloc
free
_adjust_fdiv
__CxxFrameHandler
memcmp
__p__commode
_exit
_controlfp
?terminate@@YAXXZ
_except_handler3
_EH_prolog
_wcsicmp

kernel32

MultiByteToWideChar
FreeLibrary
IsDBCSLeadByte
GetCurrentThreadId
lstrcpynA
InterlockedDecrement
GetCommandLineA
lstrcmpiA
DeleteCriticalSection
InterlockedIncrement
InitializeCriticalSection
lstrlenA
GetShortPathNameA
GetStartupInfoA
EnterCriticalSection
LeaveCriticalSection
lstrcatA
lstrcpyA
LoadLibraryA
GetProcAddress
LoadResource
lstrlenW
LoadLibraryExA
GetLastError
FindResourceA
SizeofResource
WideCharToMultiByte
GetModuleFileNameA
GetModuleHandleA

user32

GetMessageA
CharNextA
PostThreadMessageA
DispatchMessageA

advapi32

RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA

ole32

CoTaskMemAlloc
CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoSuspendClassObjects

oleaut32

SysStringLen
LoadRegTypeLi
VariantClear
LoadTypeLi
VarUI4FromStr
SysFreeString
RegisterTypeLi
SysAllocString

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2278b847798e98e4b1a198d33cf5dc9a

Headers

File Characteristics

Imports

msioff10.ocx

mfc42

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 40KB - Virtual size: 38KB

.data Size: 16KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 32KB

.text
Size: 40KB - Virtual size: 38KB

.data
Size: 16KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 32KB