f3597bd581a336ff9970555ac216d081_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f3597bd581a336ff9970555ac216d081_JaffaCakes118
Size

84KB
MD5

f3597bd581a336ff9970555ac216d081
SHA1

dd008946134c5bd3b2eed05f97a41262a5475b54
SHA256

e0d06af8a815fe4bec828392f186bbf1411424fc157c3709a7b951eabc5241c3
SHA512

e7a60fcdaf3500af65313e51260408d89ed7b4d43e2dfec1496f10ea434de9105aa7e946439f6f2295515073b794bbd358a440bf0975284b90c27ed636b26a75
SSDEEP

1536:S53Ym6NN4a4BAvGwh1tEBLnLhi2RHJFMEh7wjNkolTNcam:SANvzruDRHD7whDlpcD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f3597bd581a336ff9970555ac216d081_JaffaCakes118

Files

f3597bd581a336ff9970555ac216d081_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4eea665c79a37280ea1a3993bc7e927e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Vss\VAExt\1.0.5.0\WA6P Release\VAExternal.pdb

Imports

shlwapi

StrChrA
StrToIntA
StrStrIA

wininet

InternetGetCookieA
InternetSetCookieA

kernel32

VirtualProtect
GetSystemDirectoryA
GetWindowsDirectoryA
GetFileSize
lstrcpyA
lstrcpynA
WriteFile
SetFilePointer
LockResource
LoadResource
GetSystemInfo
FindResourceA
CloseHandle
CreateFileA
CreateDirectoryA
lstrcatA
GetVersion
GetLastError
GetModuleFileNameA
IsValidCodePage
IsValidLocale
GetTimeZoneInformation
GetLocaleInfoW
CompareStringA
CompareStringW
SizeofResource
UnhandledExceptionFilter
EnumSystemLocalesA
GetLocaleInfoA
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetProcAddress
TerminateProcess
GetCurrentProcess
GetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsAlloc
SetLastError
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
HeapDestroy
HeapCreate
VirtualFree
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
FatalAppExitA
VirtualAlloc
HeapReAlloc
IsBadWritePtr
SetStdHandle
FlushFileBuffers
ReadFile
InitializeCriticalSection
GetACP
GetOEMCP
GetCPInfo
SetEndOfFile
HeapSize
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID

user32

CharLowerA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4eea665c79a37280ea1a3993bc7e927e

Headers

File Characteristics

PDB Paths

Imports

shlwapi

wininet

kernel32

user32

advapi32

shell32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 16KB - Virtual size: 14KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 16KB - Virtual size: 14KB