276250e68d7af310ef88586d9bd179ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

276250e68d7af310ef88586d9bd179ee_JaffaCakes118
Size

40KB
MD5

276250e68d7af310ef88586d9bd179ee
SHA1

477336b1d73bfb51ed1296c99bd64da878813b73
SHA256

e5f58df0a39fdb91aec179b836781b04af01146fac070f888f77dabae346485c
SHA512

e50986897e30be4cfed87a570e9941d41d30813353cabb6724d6999eea07c8c5bc4e1e3b76efe695da47b0a88eb49f6e706ff3e180beff496fcdd0179419636f
SSDEEP

768:3mDT3ouIH3PTwQn0B6mrU03aqo3oNAqIXn:G1IHfTDSav/qIX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
276250e68d7af310ef88586d9bd179ee_JaffaCakes118

Files

276250e68d7af310ef88586d9bd179ee_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d06348683a68e03efd7bfd7e781076a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateIoCompletionPort
CreateFileW
SetLastError
GetFileAttributesW
PostQueuedCompletionStatus
SetThreadPriority
GetThreadPriority
ReadDirectoryChangesW
GetQueuedCompletionStatus
GetCurrentThread
DeleteFileW
lstrcatW
lstrcpyW
GetLastError
GetCommandLineW
GetVersion
CreateThread
lstrlenW
GetWindowsDirectoryW
SetFileAttributesW
CreateDirectoryW
CreateProcessW
SetFileTime
GetFileTime
GetSystemDirectoryW
CopyFileW
lstrcmpW
GetModuleFileNameW
GetDriveTypeW
GetLogicalDrives
GetDiskFreeSpaceW
GetFileSize
ResetEvent
FreeLibrary
CreateEventW
SetEvent
CloseHandle
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
Sleep
GetModuleHandleW

user32

MessageBeep
DestroyWindow
GetWindowTextW
GetForegroundWindow
wsprintfW
PeekMessageW
TranslateMessage
DispatchMessageW
MsgWaitForMultipleObjects
RegisterClassW
GetMessageW
PostThreadMessageW
PostMessageW
CreateWindowExW
DefWindowProcW
IsWindow

gdi32

GetStockObject

advapi32

RegSetValueExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
GetUserNameW
RegCloseKey
RegOpenKeyExW

ole32

CoCreateInstance
CoInitialize

mfc42u

ord3176
ord3173
ord2756
ord1972
ord668
ord6655
ord2773
ord2762
ord356
ord5568
ord2910
ord2606
ord922
ord537
ord4197
ord4053
ord5706
ord1568
ord815
ord825
ord823
ord800
ord538
ord540
ord940
ord942
ord535
ord3579
ord543
ord803
ord6303
ord521
ord858
ord3696
ord500
ord772
ord1105
ord6138
ord2385
ord5856
ord663
ord348
ord1184
ord561

msvcrt

_wcsicmp
_controlfp
wcsstr
wcscat
wcslen
__dllonexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
__p___winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_onexit
free
_wcsdup
_except_handler3
_beginthreadex
__CxxFrameHandler
_purecall
malloc
wcstok
wcsrchr

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d06348683a68e03efd7bfd7e781076a4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

mfc42u

msvcrt

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 16B

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 16B