261f4d4788db8c0555ee9de589a4e04b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

261f4d4788db8c0555ee9de589a4e04b_JaffaCakes118
Size

494KB
MD5

261f4d4788db8c0555ee9de589a4e04b
SHA1

c9bffb11291b079e8265bef27d0e1dafb496bc30
SHA256

bf3a25fa3c4206cd54b8748a237c583c6e7dfd9d3eced53837bd3a3dd2709682
SHA512

6e1e10186693af961645acb30949629e6994802de049a77a96a69feedacd850b81d1d37100a16faeb2bdf2b71ba8e378369818fec466df3c76fc834388b9b8e1
SSDEEP

12288:0FOsqELTHU63kpH4gNeOacTVxBX3zy9c6+:GqEcpeOaQOuB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
261f4d4788db8c0555ee9de589a4e04b_JaffaCakes118

Files

261f4d4788db8c0555ee9de589a4e04b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e55ff1df89baf35f6e13913208a7b29b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

esent

JetDeleteIndex
JetEnumerateColumns
JetOpenFileInstance
JetRetrieveColumn@32
JetRetrieveColumns
JetOpenTempTable
JetUnregisterCallback
JetAddColumn
JetSetTableSequential
JetExternalRestore2
JetRegisterCallback
JetSetColumnDefaultValue
JetGetCursorInfo
JetRenameTable
JetDefragment
JetBeginSession
JetGetTableInfo

cmpbk32

PhoneBookGetPhoneDispA
PhoneBookParseInfoA
PhoneBookLoad
PhoneBookGetCountryNameW
PhoneBookHasPhoneType
PhoneBookGetRegionNameA
PhoneBookEnumRegions
PhoneBookGetPhoneDescA
PhoneBookMatchFilter
PhoneBookEnumNumbers
PhoneBookUnload
PhoneBookGetCountryNameA
PhoneBookMergeChanges
PhoneBookGetPhoneType
PhoneBookCopyFilter

kernel32

GetFileType
WriteConsoleW
GetStartupInfoW
GetLastError
lstrcatA
LocalAlloc
DnsHostnameToComputerNameW
GetSystemWow64DirectoryW
GetThreadSelectorEntry
LoadLibraryA
GetExitCodeThread
GetSystemTimeAsFileTime
OpenFileMappingA

oleaut32

VarCyFromI2
VarR4FromI4
VarUI8FromUI2
VarR8FromI4
SafeArrayLock
VarSub
VarUI8FromR4
VarI8FromI2
SafeArrayGetLBound
VarUI1FromUI8
BSTR_UserUnmarshal
VarUI2FromDec
VarBstrCmp
VarBoolFromI1
VarDateFromUdate

msvcrt

memmove
wcscoll
__set_app_type
wcsxfrm
_spawnvp
__getmainargs
_wsopen
_ismbbkprint
_utime64
__unguarded_readlc_active
_CIpow
_endthreadex
_sys_nerr
_lseeki64
_ismbclegal
??_Gbad_cast@@UAEPAXI@Z
_adj_fprem
__p__commode
_local_unwind2
exit

user32

EndDialog

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e55ff1df89baf35f6e13913208a7b29b

Headers

File Characteristics

Imports

esent

cmpbk32

kernel32

oleaut32

msvcrt

user32

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 160KB - Virtual size: 160KB

.data Size: 99KB - Virtual size: 99KB

.rsrc Size: 111KB - Virtual size: 111KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 160KB - Virtual size: 160KB

.data
Size: 99KB - Virtual size: 99KB

.rsrc
Size: 111KB - Virtual size: 111KB