52977087553bd141eac8fc5f20b08357_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

52977087553bd141eac8fc5f20b08357_JaffaCakes118
Size

272KB
MD5

52977087553bd141eac8fc5f20b08357
SHA1

23e31449e0bcbbb9a9d634f14fc28ae8a78a6dde
SHA256

b4d1f0a190c73b500f666f17b68d42ccccd4495ebadac6c2daad7cca5ee27576
SHA512

8985ee305e18a5dd286553587494b61ee44265127eaa7ce319e74afc86bd3c8719ec8e0919c8fe3aa323bc59cca4d1ad99756670b4528236e6f5cc73c4045476
SSDEEP

6144:h73pepot7WiO7K0EiaNXcBJ/nzpzSC3Wbx2i+y6:F5Ft78kd+zB3WbQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
52977087553bd141eac8fc5f20b08357_JaffaCakes118

Files

52977087553bd141eac8fc5f20b08357_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9599163578534c8226c7307fff7af1e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultLCID
OutputDebugStringA
InterlockedIncrement
GetVersionExW
GetSystemDefaultLCID
InterlockedDecrement
HeapDestroy
MultiByteToWideChar
FormatMessageA
GetComputerNameA
GetCurrentThread
HeapFree
HeapAlloc
EnterCriticalSection
HeapCompact
LeaveCriticalSection
GetModuleHandleW
DeleteCriticalSection
HeapCreate
InitializeCriticalSection
HeapReAlloc
WideCharToMultiByte
GetCommandLineW
GetCommandLineA
GetComputerNameW
FormatMessageW
GetLastError
GetCurrentProcess
CloseHandle
GetModuleFileNameW
GetModuleFileNameA

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
_XcptFilter
__dllonexit
_exit
exit
memcmp
memcpy
_vsnwprintf
_onexit
_CxxThrowException
_wcsicmp
_ltow
??1type_info@@UAE@XZ
wcsncmp
_wcsnicmp
strlen
strcpy
wcsncpy
printf
iswspace
wcslen
_purecall
wcscmp
strcmp
__CxxFrameHandler

ole32

OleUninitialize
CoCreateInstance
OleInitialize
CoUninitialize

oleaut32

GetErrorInfo
SysFreeString
SetErrorInfo
VariantClear

sqlresld

SQLUIUnloadResourceDLL
SQLUILoadResourceDLL

user32

LoadStringW
LoadStringA

advapi32

GetUserNameW
LookupAccountSidW
GetUserNameA
OpenProcessToken
OpenThreadToken
GetTokenInformation

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.T�
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9599163578534c8226c7307fff7af1e3

Headers

File Characteristics

Imports

kernel32

msvcrt

ole32

oleaut32

sqlresld

user32

advapi32

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 332B

.rsrc Size: 4KB - Virtual size: 1KB

.T� Size: 232KB - Virtual size: 232KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 332B

.rsrc
Size: 4KB - Virtual size: 1KB

.T�
Size: 232KB - Virtual size: 232KB