f608ce3cdff81e1faa8f07f2f994f970_JaffaCakes118

General

Target

f608ce3cdff81e1faa8f07f2f994f970_JaffaCakes118
Size

403KB
MD5

f608ce3cdff81e1faa8f07f2f994f970
SHA1

a9a0888c16e8644b18fe0153ac0fc5497a5138f1
SHA256

3c048e158083de7898e3ad146c0ac8948a4e2ed5715c23a8d1f21bd4b20f9795
SHA512

803df37cba14b6d8c83aaf2c2b7b69f57c903a9ba0a172991c7b8dfcb6f0c782e9d9bf50a2f5de1f41a7817c883a3df954a544650d91f3688f0373851ad8b619
SSDEEP

6144:NLnGLXo4wfR144/9TzZvb0b56r1Bw2TPCO8CeeblQ6Tbgep/2tdYLUTDoIswBJ:NLnGDol14CvZvx5BwKqC7Q6XgepqWIL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f608ce3cdff81e1faa8f07f2f994f970_JaffaCakes118

Files

f608ce3cdff81e1faa8f07f2f994f970_JaffaCakes118
.exe windows:4 windows x86 arch:x86

267c006a6f3049bbe3421bfca007efd0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
VirtualQuery
ResumeThread
GetUserDefaultLCID
RtlUnwind
GetFullPathNameW
QueryPerformanceCounter
GetCurrentProcess
GetProcAddress
VirtualAlloc
GetCurrentThreadId
SetConsoleTextAttribute
HeapReAlloc
HeapAlloc
GetSystemDirectoryA
LoadLibraryExA
HeapFree
InterlockedExchange
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
ExitProcess
GetNamedPipeHandleStateW
WriteConsoleOutputCharacterW
GlobalFindAtomA
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime

wininet

InternetConfirmZoneCrossing
FindFirstUrlCacheEntryW
InternetCanonicalizeUrlA
ShowX509EncodedCertificate
RetrieveUrlCacheEntryStreamW
CommitUrlCacheEntryW
InternetCreateUrlW
FtpFindFirstFileA
SetUrlCacheEntryGroupA
InternetQueryFortezzaStatus
HttpSendRequestW
FtpGetFileA
GopherGetAttributeW
FindNextUrlCacheContainerW
GetUrlCacheConfigInfoW
IncrementUrlCacheHeaderData
GopherFindFirstFileA
HttpSendRequestExA
InternetCheckConnectionA
InternetAlgIdToStringA
FtpPutFileW

advapi32

DuplicateTokenEx
LookupAccountSidW
RegEnumValueW
RegQueryInfoKeyA
RegSaveKeyA
CryptEnumProviderTypesW
InitializeSecurityDescriptor
LookupPrivilegeValueW
RegDeleteValueW
RegSetValueW
RegEnumValueA
RegQueryValueA
RegSetKeySecurity
LogonUserA
RegReplaceKeyW
RegQueryMultipleValuesW
RegConnectRegistryW

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

267c006a6f3049bbe3421bfca007efd0

Headers

File Characteristics

Imports

kernel32

wininet

advapi32

Sections

.text Size: 119KB - Virtual size: 118KB

.data Size: 265KB - Virtual size: 264KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 119KB - Virtual size: 118KB

.data
Size: 265KB - Virtual size: 264KB

.rsrc
Size: 18KB - Virtual size: 17KB