f4a86f8f253e6ed4593ed3e7f3f07aa1_JaffaCakes118

General

Target

f4a86f8f253e6ed4593ed3e7f3f07aa1_JaffaCakes118
Size

242KB
MD5

f4a86f8f253e6ed4593ed3e7f3f07aa1
SHA1

2164e5b35576fc6327dd6d5b4ab0b0ea29ee9675
SHA256

b11492fb5c6b194e32e5dac043c78cd1a3486b7bbec319aee2d708d4e7b1e9d9
SHA512

bd5ce76150ed15b39396c68da7e9186e0520c3d6d4fac7ed1145a37b58971bf23d149943833d4fe112450f9c356d8ca79a06e60788c714b7aeafa9496877b4e4
SSDEEP

6144:Ys0S8/KelWvn7xTOyRlzaxNKwM4UIba84nx:a/Ko67xTOkl+xMwM4g8i

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4a86f8f253e6ed4593ed3e7f3f07aa1_JaffaCakes118

Files

f4a86f8f253e6ed4593ed3e7f3f07aa1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eaaa81e2e6b56a8c28deabae4d0f7072

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
GetFileType
GetEnvironmentStringsW
GetCurrentThread
RtlUnwind
WideCharToMultiByte
GetCommandLineA
GetCurrentProcess
TlsFree
VirtualAlloc
GetLastError
LCMapStringA
HeapReAlloc
MultiByteToWideChar
LeaveCriticalSection
LCMapStringW
GetStringTypeA
InterlockedExchange
GetModuleFileNameA
GetVersion
VirtualFree
ExitProcess
InitializeCriticalSection
UnhandledExceptionFilter
GetPrivateProfileStructW
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
TlsGetValue
GetStdHandle
EnterCriticalSection
QueryPerformanceCounter
GlobalAddAtomW
TlsAlloc
FreeEnvironmentStringsW
VirtualQuery
GetCurrentThreadId
GetStartupInfoA
HeapAlloc
SetLastError
HeapFree
lstrcmp
TerminateProcess
GetCurrentProcessId
GetCPInfo
WriteFile
TlsSetValue
SetTimeZoneInformation
FreeEnvironmentStringsA
GetOEMCP
IsBadWritePtr
GetACP
GetStringTypeW
GetProcAddress
SetHandleCount
DeleteCriticalSection
GetEnvironmentStrings
GetModuleHandleA
HeapValidate
HeapDestroy

wininet

FreeUrlCacheSpaceW
FtpRemoveDirectoryW
InternetSetFilePointer
InternetConfirmZoneCrossing
InternetCloseHandle
InternetCombineUrlW

shell32

ExtractAssociatedIconW
SHGetFileInfoA
SheChangeDirA
ExtractIconW
SHLoadInProc
SHGetSpecialFolderPathA
SHGetDiskFreeSpaceA
DragQueryFile
CheckEscapesW
SheSetCurDrive
DuplicateIcon
ShellExecuteA

Sections

.text
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 132KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eaaa81e2e6b56a8c28deabae4d0f7072

Headers

File Characteristics

Imports

kernel32

wininet

shell32

Sections

.text Size: 98KB - Virtual size: 98KB

.data Size: 132KB - Virtual size: 153KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 98KB - Virtual size: 98KB

.data
Size: 132KB - Virtual size: 153KB

.rsrc
Size: 11KB - Virtual size: 10KB