f264610d4a8a94886d1258ef5bb36aa4_JaffaCakes118

General

Target

f264610d4a8a94886d1258ef5bb36aa4_JaffaCakes118
Size

26KB
MD5

f264610d4a8a94886d1258ef5bb36aa4
SHA1

9d03e5d9db4769189167f518e1fd332f2d952ed4
SHA256

7b397c99a79de5eb0d5a2cfa92600d34219436fc68854eba17a3274502f843ec
SHA512

c0df97b232714eee123de0b9416e01ec072d6d8e181febdfcc4e58ec7ce21eca9bd6d9634c69bddf66629026bfe19f11fdb69450003e15f9897f951e7dbce388
SSDEEP

384:tZIaZDggvmo++WfgKbSt92xH2bXmw41ukDFwulavCED/:tZfDh1++jP92xSH4b5wuwh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f264610d4a8a94886d1258ef5bb36aa4_JaffaCakes118

Files

f264610d4a8a94886d1258ef5bb36aa4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

461d01c75a104d7f031a3401a3b67d4f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crtdll

memset
_strnicmp
strncmp
strlen
strncpy
_strdup
free
strcpy
sprintf
memmove
strcat
memcpy
pow
localtime
mktime
gmtime

kernel32

GetModuleHandleA
HeapCreate
GetModuleFileNameA
GetSystemDirectoryA
HeapDestroy
ExitProcess
LocalFree
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateToolhelp32Snapshot
Process32First
Process32Next
HeapFree
HeapAlloc
InitializeCriticalSection
GetCurrentProcess
DuplicateHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
Sleep
GetVersionExA
GetDriveTypeA
FindFirstFileA
FindClose
WriteFile
CreateFileA
HeapReAlloc
GetLocalTime

wininet

DeleteUrlCacheEntryA
InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

urlmon

URLDownloadToFileA

advapi32

GetSecurityInfo
SetEntriesInAclA
SetSecurityInfo
RegCreateKeyA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteExA

ntdll

RtlInitUnicodeString
ZwOpenSection

Sections

.code
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.flat
Size: 512B - Virtual size: 189B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

461d01c75a104d7f031a3401a3b67d4f

Headers

File Characteristics

Imports

crtdll

kernel32

wininet

urlmon

advapi32

shell32

ntdll

Sections

.code Size: 12KB - Virtual size: 12KB

.text Size: 9KB - Virtual size: 9KB

.data Size: 2KB - Virtual size: 2KB

.flat Size: 512B - Virtual size: 189B

.code
Size: 12KB - Virtual size: 12KB

.text
Size: 9KB - Virtual size: 9KB

.data
Size: 2KB - Virtual size: 2KB

.flat
Size: 512B - Virtual size: 189B