3671560687b3acf84c95d56517182ef7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3671560687b3acf84c95d56517182ef7_JaffaCakes118
Size

244KB
MD5

3671560687b3acf84c95d56517182ef7
SHA1

464f2d43f7477fd7211d71aa9980d2bca56fe518
SHA256

c23eb7fc35e298b641edac3e25c188281482c4c220f3942a92a2d74a02516ba7
SHA512

82d2309149645f9c7b0132e1294301ce9195d6a711ea3b70ec64242faf15e13fe9ab7f25c85aeeba0531cd80f70d4cfe4124f472a69a972425331ff0180d1de9
SSDEEP

6144:Ak2kqbySerMogm51va61m1EMKeFrlAV1JEgMK/O5mmZRq5xAcQEW:AqDzbgd0zWgMjRHCxAcQZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3671560687b3acf84c95d56517182ef7_JaffaCakes118

Files

3671560687b3acf84c95d56517182ef7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0b1432c7f8e39e9c9680f28ac8eeacb5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

gmtime
_swab
_execvpe
acos
puts
_heapset
_mktemp
srand
ceil
wprintf
_cexit
fwrite
iswupper
_c_exit
free
_tolower
_wcsicmp
_execlp
??3@YAXPAX@Z
_getdrives
_getcwd
clearerr
tolower
signal
_wcsrev
_fsopen
log

msvcrt

_getdrive
_mbsnbcnt
_memicmp
??1bad_cast@@UAE@XZ
_searchenv
_wrename
_wgetcwd
memchr
strcoll
_mbsninc
?name@type_info@@QBEPBDXZ
getc
?set_unexpected@@YAP6AXXZP6AXXZ@Z
fprintf
__getmainargs
_mbsicoll
_spawnlp
__badioinfo
__set_app_type
mbtowc
tan
_scprintf
perror
wcstombs
__p__commode
_strnset
wcsrchr
_lseeki64
_wgetenv
__p__fileinfo
_putws
_endthreadex
exit
fopen

ole32

CoCreateFreeThreadedMarshaler
CoReactivateObject
OleCreateLinkToFileEx
CoResumeClassObjects
HENHMETAFILE_UserMarshal
CoQueryReleaseObject
OleDuplicateData
HPALETTE_UserSize
CoGetCurrentLogicalThreadId
CreateILockBytesOnHGlobal
SNB_UserUnmarshal
HMETAFILE_UserMarshal
OleSave
StgGetIFillLockBytesOnFile
CoSetCancelObject
IsAccelerator
CoCancelCall
ReadClassStm
PropStgNameToFmtId
CLSIDFromString
HACCEL_UserMarshal
STGMEDIUM_UserSize
CoTaskMemFree
OleCreateLink
UpdateDCOMSettings
CoReleaseServerProcess
CoSetProxyBlanket
CoGetObjectContext
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CreateOleAdviseHolder

kernel32

lstrcpyA
GetUserDefaultLCID
SetThreadLocale
GetSystemWow64DirectoryW
GlobalGetAtomNameA
QueryDosDeviceW
SetConsoleCursorPosition
SystemTimeToFileTime
_hread
GetCurrentThread
SetCriticalSectionSpinCount
GetLocaleInfoA
ReleaseActCtx
CreateProcessInternalW
GetStringTypeExW
WritePrivateProfileSectionW
ExitProcess
GetThreadSelectorEntry
RegisterWaitForSingleObjectEx
InitializeSListHead
VirtualAlloc
WaitForDebugEvent
SetFileApisToANSI
_hwrite
GetWindowsDirectoryW
GetOEMCP
GetTickCount
LoadLibraryA
BeginUpdateResourceW
OpenEventW
GetSystemDirectoryA
DeleteFiber

inseng

CheckTrust
GetICifRWFileFromFile
CheckForVersionConflict
CheckTrustEx
GetICifFileFromFile
PurgeDownloadDirectory
DownloadFile

user32

EndDialog
MessageBoxA

shell32

SHGetMalloc

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b1432c7f8e39e9c9680f28ac8eeacb5

Headers

DLL Characteristics

File Characteristics

Imports

crtdll

msvcrt

ole32

kernel32

inseng

user32

shell32

Sections

.text Size: 127KB - Virtual size: 126KB

.rdata Size: 63KB - Virtual size: 63KB

.data Size: 44KB - Virtual size: 43KB

.rsrc Size: 8KB - Virtual size: 7KB

.text
Size: 127KB - Virtual size: 126KB

.rdata
Size: 63KB - Virtual size: 63KB

.data
Size: 44KB - Virtual size: 43KB

.rsrc
Size: 8KB - Virtual size: 7KB