ea7da7d0c3ecf8a5a942a90003f0ffd5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea7da7d0c3ecf8a5a942a90003f0ffd5_JaffaCakes118
Size

84KB
MD5

ea7da7d0c3ecf8a5a942a90003f0ffd5
SHA1

176a8417fd8b59a60cce35a8176df9ca2a2b008b
SHA256

d0039db44eb6f259ada15552e0018c3d88bda98fcbcf3fb05be8b82fb3389a2d
SHA512

4d3c7b3f09382f0caf02c99a1355117a86c014b7bd3c9d608d3b81c37f77c89479466cfb84f71b17a15dbf85df000a7d9f001ea8419c578e203b2863c562338d
SSDEEP

1536:7OL85ntSH2jM8tcSZNlwkJmwn+ynZwGT40WmoGuJvUl/LaV+r:7OOtDM+lpIG4pmZuJvUlmV+r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea7da7d0c3ecf8a5a942a90003f0ffd5_JaffaCakes118

Files

ea7da7d0c3ecf8a5a942a90003f0ffd5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b681279be5d344ca3d9ce203955a5b5e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlA
InternetOpenA

urlmon

URLDownloadToFileA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

MoveFileExA
FindFirstFileA
ReleaseMutex
WaitForSingleObject
GlobalAlloc
CloseHandle
GetTempPathA
CreateMutexA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
LoadLibraryA
lstrlenA
lstrcpynA
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
lstrcatA
Sleep
SetStdHandle
FlushFileBuffers
ReadFile
CreateFileA
DeleteFileA
IsBadCodePtr
IsBadReadPtr
GetSystemInfo
VirtualProtect
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
HeapFree
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapAlloc
HeapReAlloc
GetOEMCP
GetCPInfo
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
HeapSize
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

wsprintfA

advapi32

CreateServiceA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenServiceA
DeleteService
OpenSCManagerA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
StartServiceCtrlDispatcherA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b681279be5d344ca3d9ce203955a5b5e

Headers

File Characteristics

Imports

wininet

urlmon

version

kernel32

user32

advapi32

shell32

iphlpapi

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 4KB - Virtual size: 568B

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 4KB - Virtual size: 568B