2ef473985a0147293a5fef56f59e1096_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2ef473985a0147293a5fef56f59e1096_JaffaCakes118
Size

94KB
MD5

2ef473985a0147293a5fef56f59e1096
SHA1

efea040bcba869c2a44fe884076b9fd6c2ed2780
SHA256

01b06eb4c385015e0dc4f5d6b2ed2d37f416f05c25372c29324a95a1949b3043
SHA512

938ca055dcd0bcd80eefb6681a52ad7c733313fb14501a32595bceb3792607c51c801253e9a870f2e94712b4f0556f0e7f458cc0187b04d74bc1a56cceb49edd
SSDEEP

1536:m3A9GnB985OY7IPY99asTzKSz79Nfmt6D7Q3MPA3CBFadMtom6EKvl0azYo:mA9GtY7IP25DP3+MD7QcPGdMf2l0uYo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ef473985a0147293a5fef56f59e1096_JaffaCakes118

Files

2ef473985a0147293a5fef56f59e1096_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e98ec8195701cc38b24ec08eb3d00c7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

malloc
memset

wininet

InternetCloseHandle
InternetOpenA

ole32

CoGetClassObject
CoTaskMemFree
CoGetMalloc
CoTaskMemAlloc

kernel32

CloseHandle
GetCurrentProcessId
WriteProcessMemory
ReleaseMutex
ExitProcess
HeapAlloc
HeapFree
MoveFileA
GetProcessHeap
WriteFile
OpenProcess
CompareStringW
CreateMutexA
LoadLibraryA

user32

PostMessageA
ShowWindow
GetWindowLongA
ModifyMenuA
GetForegroundWindow
ShowCursor
DrawEdge
CreateMenu
LoadBitmapA
GetWindowRect
SetCursor
DrawTextA
GetDC
ReleaseDC
GetActiveWindow
SetWindowTextA
DrawFrameControl
GetWindow
MoveWindow
SetWindowLongA
CreateWindowExA
GetCursor

gdi32

DrawEscape
DeleteDC
InvertRgn
CreateFontIndirectA
CreateDCA
BeginPath
ExtCreatePen
GetPath
CreateDIBPatternBrush
PolyDraw
CreateCompatibleDC
CreateCompatibleBitmap
EndPath
PathToRegion
ExtTextOutA
CreateFontIndirectW
StretchBlt
CreateBitmap
DeleteObject
SelectObject

Exports

Exports

?IWantGetAway@@YGPAXKKK@Z
?YouLieToMe@@YGPAXKKK@Z

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e98ec8195701cc38b24ec08eb3d00c7f

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

wininet

ole32

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

DATA Size: 512B - Virtual size: 256B

.rsrc Size: 84KB - Virtual size: 84KB

.reloc Size: 512B - Virtual size: 336B

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

DATA
Size: 512B - Virtual size: 256B

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 512B - Virtual size: 336B