e284a15f1607903d4ab0814cc2412736_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

e284a15f1607903d4ab0814cc2412736_JaffaCakes118
Size

157KB
MD5

e284a15f1607903d4ab0814cc2412736
SHA1

9091d61f8d76aa7b4c25af5fd3a47951578e9b2f
SHA256

151dc1a0050a5b8eba73bfe782c2d576b3e2bfaa6939f2352389323e2ab8f573
SHA512

b36e553ea09218b9d49b26f0b7e75c10d312f0ac43132e4d6bd0265d9164c1a989475805b177b7613889cc3bd4189a8ad9d65e27e3550341de1964e3aada01db
SSDEEP

3072:37XIV7RGdtBn7wLuzhi3Ytpx6NmshdXo2vXXThikst8pyqjdljZ:rXAeRwLuzhMY7sNpPooXXt3st8p95lF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e284a15f1607903d4ab0814cc2412736_JaffaCakes118

Files

e284a15f1607903d4ab0814cc2412736_JaffaCakes118
.exe windows:5 windows x86 arch:x86

30ff5f314bfcf5e6019c6e8355d762d0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemWindowsDirectoryW
WaitForSingleObject
SetEvent
GetModuleHandleW
GetTickCount
SetFileTime
WriteFile
OpenProcess
Thread32First
WideCharToMultiByte
LoadLibraryW
CopyFileW
GetVersionExW
TerminateProcess
Thread32Next
ReadFile
GetModuleFileNameW
CreateFileW
lstrcmpW
GetTempPathW
GetProcAddress
Process32FirstW
CompareFileTime
CreateEventW
Process32NextW
lstrcmpiW
CreateToolhelp32Snapshot
GetFileTime
CloseHandle
GetSystemTime
SuspendThread
lstrcpyW
GetVolumeInformationW
CreateThread
HeapAlloc
InterlockedIncrement
InterlockedDecrement
HeapFree
GetProcessHeap
InitializeCriticalSection
LeaveCriticalSection
lstrcmpiA
EnterCriticalSection
DeleteCriticalSection
SystemTimeToFileTime
CreateProcessW
lstrlenA
lstrcmpA
GetEnvironmentVariableW
ExitProcess
lstrlenW
OpenThread
Sleep

user32

GetSystemMetrics
UpdateWindow
DispatchMessageW
EndPaint
DestroyWindow
GetWindowRect
SetWindowLongW
CallWindowProcW
DefWindowProcW
SetTimer
GetMessageW
PostQuitMessage
KillTimer
LoadCursorW
BeginPaint
TranslateMessage
RegisterClassExW
ShowWindow
FrameRect
wsprintfW
CreateWindowExW

gdi32

GetStockObject

advapi32

RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegFlushKey
RegCloseKey
RegSetValueExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

OleUninitialize
OleInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

wininet

InternetCrackUrlW
InternetReadFile
InternetConnectW
HttpSendRequestW
HttpOpenRequestW
InternetCloseHandle
InternetOpenW

shlwapi

PathFileExistsW
StrStrW
PathAppendW
StrCmpNW

urlmon

CoInternetGetSession
CoInternetSetFeatureEnabled

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data1
Size: 138KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

30ff5f314bfcf5e6019c6e8355d762d0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

shlwapi

urlmon

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 1KB - Virtual size: 1KB

.data1 Size: 138KB - Virtual size: 140KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 1KB - Virtual size: 1KB

.data1
Size: 138KB - Virtual size: 140KB