b4edde60f19ce7e2c4e8ae47da16d739_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b4edde60f19ce7e2c4e8ae47da16d739_JaffaCakes118
Size

168KB
MD5

b4edde60f19ce7e2c4e8ae47da16d739
SHA1

4cb5006810b77f52357c0975bfb85a7810b0022b
SHA256

d39722b83639d8896a2d9ee8ebb9b2ef603c43bef4854680b2ac1655895f0ff3
SHA512

eddab592dcc36b5dd64c81b12892f0033b1972ad8e1e060f36c28db8f7c22ab2f0e793315a73f277da6f5d510a8e8a764261dff82b18ad87f706e33f104e6c58
SSDEEP

3072:KkxzG69VHWa58eELsmgFD6DHWFm/heOaY4fMF4apx6MmDRTdJn:/X9Vt5p0smgFIx5FNOP2x6hhdJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4edde60f19ce7e2c4e8ae47da16d739_JaffaCakes118

Files

b4edde60f19ce7e2c4e8ae47da16d739_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dbdb30b2ca09eb2d8fd8922543c7196b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

xpcom

NS_StringContainerInit
NS_StringContainerFinish
NS_CStringContainerInit
NS_CStringContainerFinish
NS_CStringContainerInit2
NS_ShutdownXPCOM
NS_GetServiceManager
NS_StringGetData
NS_NewNativeLocalFile
NS_CStringGetData
NS_CStringToUTF16
NS_InitXPCOM2
NS_CStringSetData

xul

XRE_GetBinaryPath
XRE_GetFileFromPath
XRE_main
XRE_FreeAppData
XRE_CreateAppData

nspr4

PR_vsmprintf
PR_SetEnv
PR_Read
PR_Close
PR_Write
PR_GetEnv
PR_snprintf
PR_smprintf_free

plc4

PL_strcasecmp

kernel32

GetModuleHandleA
ExpandEnvironmentStringsA

user32

MessageBoxA

advapi32

RegCreateKeyExA
RegSetValueExA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA

msvcp71

?_Nomemory@std@@YAXXZ

msvcr71

_initterm
__wgetmainargs
_amsg_exit
__p___winitenv
exit
_cexit
_XcptFilter
_exit
_c_exit
_callnewh
strchr
strtol
strpbrk
__setusermatherr
getenv
_fullpath
_wfopen
fseek
ftell
fread
??3@YAXPAX@Z
fclose
memset
memcpy
strcmp
free
_adjust_fdiv
__p__commode
malloc
_snprintf
__p__fmode
__set_app_type
_except_handler3
__dllonexit
_onexit
_controlfp
_access
_strdup
wcslen
??_V@YAXPAX@Z
printf
strlen
sprintf
strcpy
fprintf
_iob

Sections

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dbdb30b2ca09eb2d8fd8922543c7196b

Headers

File Characteristics

Imports

xpcom

xul

nspr4

plc4

kernel32

user32

advapi32

msvcp71

msvcr71

Sections

.text Size: 12KB - Virtual size: 9KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 364B

.rsrc Size: 72KB - Virtual size: 69KB

.rrdata Size: 68KB - Virtual size: 68KB

.text
Size: 12KB - Virtual size: 9KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 364B

.rsrc
Size: 72KB - Virtual size: 69KB

.rrdata
Size: 68KB - Virtual size: 68KB