2d4fb783323493e48fbab73686aee38e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d4fb783323493e48fbab73686aee38e_JaffaCakes118
Size

83KB
MD5

2d4fb783323493e48fbab73686aee38e
SHA1

fe9718e7437ae2fe484b38f047a7a49a6374db84
SHA256

11ed5831b400af030dc2e57f0f2ef2e19f945f1d4f926aad5a676d5f45dc22ed
SHA512

e1c8986338117c443cf5d7ce459c50fd1e0c75709bc434e645e0db41601ff0d1b88f450e871987f7dbdfbcdc193c99f989cd4f836709ad30dd484d8cadff3091
SSDEEP

1536:wWIocZC5vmhLOikRMqSFGdYfW2lNgNDFkQeJ:wDCchLGSMwBNg0QK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d4fb783323493e48fbab73686aee38e_JaffaCakes118

Files

2d4fb783323493e48fbab73686aee38e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

854d087995cffb200be39ce7e64a7ffb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LoadResource
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetModuleHandleA
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FindResourceA
WideCharToMultiByte
lstrcatA
lstrcmpA
lstrcpyA
lstrlenA
Sleep

advapi32

RegCreateKeyA
RegQueryValueExA
RegSetValueExA

mfc70

ord1507
ord1451
ord4972
ord2356
ord2546
ord2648
ord4088
ord2529
ord2675
ord2359
ord2463
ord2352
ord3522
ord3523
ord3513
ord2461
ord3751
ord4267
ord4043
ord2990
ord546
ord300
ord705
ord5815
ord1936
ord1397
ord5669
ord1273
ord4013
ord4986
ord2799
ord4042
ord2972
ord518
ord528
ord1269
ord5980
ord1783
ord1345
ord3885
ord1941
ord1422
ord4018
ord3036
ord598
ord1781
ord1344
ord3884
ord1939
ord1399
ord4015
ord2979
ord532
ord957
ord1643
ord1646
ord5950
ord3211
ord3890
ord571
ord2896
ord1871
ord331
ord5003
ord4436
ord5422
ord5136
ord1352
ord4029
ord4070
ord3947
ord4526
ord4647
ord5406
ord5133
ord1317
ord815
ord3120
ord495
ord678
ord4594
ord3018
ord1784
ord3012
ord1755
ord3452
ord3271
ord536
ord2094
ord1765
ord2432
ord4790
ord4793
ord4090
ord3917
ord2747
ord4685
ord832
ord5126
ord2800
ord2254
ord2253
ord3819
ord1409
ord3747
ord4929
ord4977
ord2021
ord1178
ord4058
ord4046
ord576
ord547
ord683
ord692
ord4944
ord703
ord3886
ord1944
ord3051
ord1805
ord1508
ord956
ord3835
ord508
ord499
ord478
ord303
ord341
ord5565
ord1993
ord5617
ord4080
ord2480
ord1495
ord1433
ord3099
ord656
ord4250
ord4248
ord3487
ord3832
ord3814
ord5992
ord3609
ord5990
ord4107
ord1913
ord1868
ord5339
ord3614
ord899
ord4883
ord5933
ord5152
ord3640
ord1770
ord2741
ord4996
ord4998
ord2096
ord3750
ord4349
ord5002
ord4985
ord5322
ord2651
ord4262
ord3140
ord512
ord698
ord5838
ord534
ord4997
ord4900
ord280
ord848
ord493
ord3831
ord5729
ord947
ord1013
ord3449
ord3255
ord4347
ord2431
ord2438
ord5952
ord1866
ord1901
ord4935
ord5348
ord1251
ord5178
ord2555
ord5255
ord4038
ord4633
ord4520
ord1772
ord4003
ord2848
ord2581
ord5688
ord5791
ord4263
ord4045
ord557
ord570
ord561
ord4486
ord1406
ord3003
ord1396
ord330
ord314
ord949
ord1347
ord917
ord2560
ord3486
ord3395
ord4953
ord3564
ord4225
ord4224
ord4571
ord3985
ord4562
ord4761
ord3953
ord3962
ord4372
ord4558
ord4167
ord4182
ord4180
ord4162
ord4165
ord4160
ord4645
ord4642
ord3776
ord4932
ord3151
ord1233
ord4054
ord697
ord511
ord3907
ord1306
ord6002
ord4870
ord1580
ord4087
ord5007
ord5005
ord2219
ord2229
ord2227
ord2225
ord2221
ord2244
ord2232
ord1097
ord801
ord1814
ord4954
ord1234
ord4748
ord3152
ord5991
ord3610
ord5993
ord1377
ord2020
ord2026
ord2234
ord2216
ord2214
ord2237
ord2242
ord2223
ord2239
ord823
ord819
ord821
ord817
ord812
ord5714
ord1452
ord4063
ord4503
ord3208
ord4975
ord3966
ord5989
ord4854
ord1760
ord4933
ord4025
ord1272
ord3748
ord1469
ord1472
ord5666
ord1403
ord1522
ord1523
ord1870
ord4361
ord4671
ord4516
ord3993
ord4958
ord1744
ord982
ord1077
ord1081
ord1155
ord3445
ord977

msvcr70

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
memmove
_setmbcp
__CxxFrameHandler
_mbsstr
_mbscmp
sprintf
atoi
fclose
fprintf
fopen
fscanf
_except_handler3

shell32

ShellExecuteA

user32

LoadMenuA
SetMenu
UpdateWindow
MessageBoxA
SetTimer
GetClientRect
EnableWindow
SendMessageA

wsock32

WSAStartup

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rebuild
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

854d087995cffb200be39ce7e64a7ffb

Headers

File Characteristics

Imports

kernel32

advapi32

mfc70

msvcr70

shell32

user32

wsock32

Sections

.text Size: 36KB - Virtual size: 35KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 312B

.rsrc Size: 20KB - Virtual size: 18KB

.rebuild Size: 2KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 35KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 312B

.rsrc
Size: 20KB - Virtual size: 18KB

.rebuild
Size: 2KB - Virtual size: 2KB