f2b56491c586090d17959ed313f2881e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f2b56491c586090d17959ed313f2881e_JaffaCakes118
Size

531KB
MD5

f2b56491c586090d17959ed313f2881e
SHA1

920da25c82cd3f0b3cef953cb080d7db34596d45
SHA256

d3763060581fdaa52a06b8c3ee95c2338346a77adc1d1131b227c0a3933cb606
SHA512

49a1ca78dce137a35f2c8c7d484b7cc9e2ea22045fe484710bd4d8bd1e43e14accbbb625059242ea78d9728d8c460aac33efbf533a66f1b8f42764bc62876735
SSDEEP

12288:7/Tlvt7wsLJZrHZqXVEPWydFlHRMvPek6CGaJDjYGND:TTf0UJZrHZqXNAFlHCXDGaB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2b56491c586090d17959ed313f2881e_JaffaCakes118

Files

f2b56491c586090d17959ed313f2881e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5ee18262fc45e303f9338fe405e8dc7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\emoqbfoacv\ieyael\yorve

Imports

wininet

InternetSetDialState
DeleteUrlCacheEntryW
InternetGetConnectedStateExA

user32

PaintDesktop
PeekMessageW
IsCharAlphaA
RegisterClassExA
GetInputState
DestroyAcceleratorTable
RegisterClassA
PostMessageW
CreateIconIndirect
ShowWindow
SetWinEventHook
wsprintfW
DrawFocusRect
CreateDialogIndirectParamA
RemovePropA
IsChild
MessageBoxW
CreateWindowExA
RegisterHotKey
IsCharLowerA
CharToOemA
GetWindowPlacement
DragObject
GetWindowWord
CloseDesktop
FillRect
WindowFromPoint
DlgDirListA
DdeCmpStringHandles

comctl32

InitCommonControlsEx

kernel32

GetConsoleMode
GetModuleFileNameA
TlsAlloc
SetStdHandle
HeapReAlloc
WriteConsoleA
HeapSize
InterlockedIncrement
HeapCreate
FreeEnvironmentStringsW
GetFileType
SetConsoleCtrlHandler
GetCommandLineW
ReadFile
TerminateProcess
HeapDestroy
HeapFree
LoadLibraryA
EnumSystemLocalesA
WriteFile
GetStdHandle
TlsGetValue
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
OpenMutexA
CreateToolhelp32Snapshot
GetDateFormatA
VirtualQuery
TlsFree
GetLocaleInfoA
RtlUnwind
SetEnvironmentVariableA
GetModuleHandleA
GetLocaleInfoW
GetSystemTimeAsFileTime
CompareStringW
GetCurrentProcessId
GetOEMCP
ReadConsoleInputW
GetCommandLineA
FreeLibrary
UnhandledExceptionFilter
lstrcmpA
SetUnhandledExceptionFilter
LCMapStringA
GetConsoleOutputCP
InterlockedDecrement
GetConsoleCP
GetACP
GetCurrentProcess
SetFilePointer
WriteConsoleW
ExitProcess
LeaveCriticalSection
VirtualAlloc
SetHandleCount
CompareStringA
GetUserDefaultLCID
IsDebuggerPresent
VirtualFree
LCMapStringW
GetStartupInfoA
GetTickCount
GetProcAddress
GetCPInfo
QueryPerformanceCounter
GetCurrentThread
IsValidLocale
GetStringTypeA
GetStringTypeW
TlsSetValue
InterlockedExchange
CloseHandle
HeapAlloc
AddAtomA
GetCurrentThreadId
WideCharToMultiByte
GetTimeFormatA
Sleep
EnterCriticalSection
CreateFileA
SetLastError
GetTimeZoneInformation
FlushFileBuffers
CreateMutexA
MultiByteToWideChar
IsValidCodePage
GetModuleHandleW
GetModuleFileNameW
GetLastError
GetEnvironmentStringsW

Sections

.text
Size: 371KB - Virtual size: 371KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 117KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ee18262fc45e303f9338fe405e8dc7a

Headers

File Characteristics

PDB Paths

Imports

wininet

user32

comctl32

kernel32

Sections

.text Size: 371KB - Virtual size: 371KB

.rdata Size: 26KB - Virtual size: 36KB

.data Size: 117KB - Virtual size: 116KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 371KB - Virtual size: 371KB

.rdata
Size: 26KB - Virtual size: 36KB

.data
Size: 117KB - Virtual size: 116KB

.rsrc
Size: 16KB - Virtual size: 15KB