f4e3df4d1eaeadc46d1052e5352f59ca_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f4e3df4d1eaeadc46d1052e5352f59ca_JaffaCakes118
Size

421KB
MD5

f4e3df4d1eaeadc46d1052e5352f59ca
SHA1

4acc51720e14d8f2e127748946d42e09cd279c3f
SHA256

df43c5fbde114d32d69452067034e6cafc8e14c34d7e005940fce810c899a902
SHA512

d38be8d91a0c9d60bc7908dc1929dff0cc355ecf2106f7b91b302e5baab50a1692cb4b92e674012f7c0d7008930a0bcdd5bbad5b6a9fe651c7247a2aa90101b7
SSDEEP

12288:BRmNhOKw/xcmdlnv1RRGxPLqGfy7pPB6W6Crtrg1QXxx:6C3RdHGxPLTwpuCprgi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f4e3df4d1eaeadc46d1052e5352f59ca_JaffaCakes118

Files

f4e3df4d1eaeadc46d1052e5352f59ca_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dff986a28f7634980a30ecabad489f5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
RegEnumValueW
CryptGetDefaultProviderW
CryptHashSessionKey
RegReplaceKeyA
CryptGetProvParam
CryptDeriveKey
CryptSetKeyParam
RegQueryMultipleValuesA
LookupAccountNameA
RevertToSelf
ReportEventA
RegDeleteValueW
RegEnumKeyExA
CryptEnumProviderTypesA
CryptSetProviderExA
RegQueryInfoKeyA
RegCreateKeyExW
LookupPrivilegeValueW
StartServiceW
CryptHashData
RegNotifyChangeKeyValue

comdlg32

GetOpenFileNameA
GetOpenFileNameW
FindTextW
GetFileTitleA
FindTextA
GetSaveFileNameA

shell32

DoEnvironmentSubstW
DragQueryFileAorW

gdi32

GetLogColorSpaceA
CreatePolyPolygonRgn
WidenPath
CombineTransform
SetTextJustification
PathToRegion
FloodFill
GetGlyphOutlineA
GetViewportOrgEx
GetCharWidthFloatA
SetMapperFlags
GetWinMetaFileBits
ArcTo
RemoveFontResourceA
GetCharABCWidthsW
SetPixelFormat
GetDIBColorTable
Rectangle
CreateMetaFileW
ExtEscape
Polygon
FrameRgn
SetSystemPaletteUse

kernel32

GetStdHandle
GetStartupInfoA
WriteFile
HeapSize
RtlUnwind
GetDriveTypeA
GetFileType
GetLastError
LoadLibraryA
IsValidCodePage
GetModuleFileNameA
GetDateFormatA
CreateNamedPipeA
VirtualAlloc
FindResourceA
GetProcAddress
GetOEMCP
GetTempPathW
TerminateProcess
LCMapStringW
GetCurrentProcess
GetPrivateProfileIntA
TlsFree
GetEnvironmentStringsW
GetUserDefaultLCID
ExitProcess
FillConsoleOutputCharacterW
GetCPInfo
TlsGetValue
QueryPerformanceCounter
GetThreadPriorityBoost
HeapCreate
VirtualProtect
InitializeCriticalSection
GetCommandLineW
CreateEventA
GetStartupInfoW
IsBadWritePtr
GetModuleFileNameW
WideCharToMultiByte
FreeEnvironmentStringsW
SetWaitableTimer
GetACP
DeleteCriticalSection
GetEnvironmentStrings
GetVersionExA
HeapFree
VirtualFree
SetLastError
GetSystemInfo
IsValidLocale
GetCurrentProcessId
GetTimeFormatA
UnhandledExceptionFilter
GetCurrentThread
HeapDestroy
CompareStringA
SetEnvironmentVariableA
CreateMailslotW
MultiByteToWideChar
EnumSystemLocalesA
LCMapStringA
FreeEnvironmentStringsA
TlsSetValue
GetSystemTimeAsFileTime
EnumSystemCodePagesW
GetLocaleInfoW
HeapAlloc
GetLocaleInfoA
InterlockedExchange
GetStringTypeA
CreateSemaphoreW
RtlFillMemory
GetStringTypeW
GetCommandLineA
GetTimeZoneInformation
GetCurrentThreadId
SetUnhandledExceptionFilter
HeapReAlloc
EnterCriticalSection
TlsAlloc
SetHandleCount
CompareStringW
GetTickCount
GetModuleHandleA
Sleep
OpenWaitableTimerW
VirtualQuery
LeaveCriticalSection
GetTempFileNameW

wininet

InternetGoOnline
RetrieveUrlCacheEntryStreamW
InternetGetLastResponseInfoW
UrlZonesDetach
InternetSetCookieW
GetUrlCacheEntryInfoA
InternetTimeToSystemTimeA
InternetOpenA
GopherGetLocatorTypeW
InternetSetDialStateA
IsHostInProxyBypassList
FindFirstUrlCacheEntryExW
FtpRemoveDirectoryA
GopherFindFirstFileA
FtpFindFirstFileW
InternetHangUp
InternetSetDialState
SetUrlCacheConfigInfoA
FreeUrlCacheSpaceA
SetUrlCacheGroupAttributeA
SetUrlCacheConfigInfoW
GopherGetAttributeW
InternetQueryOptionW
InternetSecurityProtocolToStringA
InternetDial

Sections

.text
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 273KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dff986a28f7634980a30ecabad489f5d

Headers

File Characteristics

Imports

advapi32

comdlg32

shell32

gdi32

kernel32

wininet

Sections

.text Size: 140KB - Virtual size: 139KB

.data Size: 273KB - Virtual size: 290KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 140KB - Virtual size: 139KB

.data
Size: 273KB - Virtual size: 290KB

.rsrc
Size: 7KB - Virtual size: 7KB