2c145606527cae5adec04cb49812fd8e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2c145606527cae5adec04cb49812fd8e_JaffaCakes118
Size

222KB
MD5

2c145606527cae5adec04cb49812fd8e
SHA1

35cfef8f01720bb120c850a047819982328833e6
SHA256

dd9033148487c1af31662ce2b58e97213cf2baf4f814aa010d5fa6d6bb99578a
SHA512

608cd83226c82fdb6043b8f7ca28274bb71f9f00e67ff795ce54dd27430af034e2ae72c2f4be7f61d7ef78932d9703a3f8796a3e6e1242f765e66787998bc135
SSDEEP

6144:FQXkRH+dkT0VmeZQAb/b4bfieopnck1B9:gmKVmuQAb/fpcu9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c145606527cae5adec04cb49812fd8e_JaffaCakes118

Files

2c145606527cae5adec04cb49812fd8e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

066c03fa3e52a91bf75ae6821c6abf6a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerFindFileA
VerInstallFileA
VerQueryValueA

kernel32

GetCurrentProcessId
VirtualQuery
WriteFile
GetCPInfo
HeapDestroy
LoadLibraryA
CompareStringA
GetCurrentThread
SetLastError
GetCurrentThreadId
GetFullPathNameA
SetHandleCount
LocalAlloc
GetCurrentProcess
WideCharToMultiByte
GetCommandLineA
SetErrorMode
lstrcpyA
VirtualAlloc
SizeofResource
VirtualFree
GetVersionExA
WaitForSingleObject
ExitProcess
lstrcmpA
GetDiskFreeSpaceA
SetEndOfFile
HeapAlloc
SetFilePointer
GlobalAlloc
CreateFileA
LocalFree
GetFileAttributesA
GetLocalTime
Sleep
FindClose
lstrlenA
GetOEMCP
LoadLibraryExA
LoadResource
FindResourceA

comdlg32

GetSaveFileNameA

shlwapi

StrTrimA

msvcrt

__p__commode
_wfopen
__wgetmainargs
memcpy
_acmdln
rand
memset
_XcptFilter
wcschr
_stat
atol
_unlock
srand
wcstol

user32

IsWindowVisible
FillRect
GetActiveWindow
SetWindowPos
DrawFrameControl
GetDCEx
GetCursor
GetWindow
DefWindowProcA
GetKeyState
CheckMenuItem
GetIconInfo
EnableScrollBar
GetSubMenu
RegisterClassA
GetFocus
GetForegroundWindow
DrawMenuBar
GetCursorPos
IsWindowEnabled
IsChild

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.init
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 562B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

066c03fa3e52a91bf75ae6821c6abf6a

Headers

File Characteristics

Imports

version

kernel32

comdlg32

shlwapi

msvcrt

user32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 2KB - Virtual size: 2KB

.edata Size: 201KB - Virtual size: 200KB

.init Size: 5KB - Virtual size: 4KB

INIT Size: 1024B - Virtual size: 562B

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 2KB - Virtual size: 2KB

.edata
Size: 201KB - Virtual size: 200KB

.init
Size: 5KB - Virtual size: 4KB

INIT
Size: 1024B - Virtual size: 562B