f626323de849655eae95a2733b432a33_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f626323de849655eae95a2733b432a33_JaffaCakes118
Size

405KB
MD5

f626323de849655eae95a2733b432a33
SHA1

a0f488589405f33c3d543ff6b87800addb44dc80
SHA256

17a9b8486173e328d0efae9265360f451a26e5840d9599f73a06e19794040b97
SHA512

25a9a9de8ab400f916a909f42fcc26dd10ace2312706a1d85c48b05f0e929532b12df1a376a04021ae205b97e9d41e1bae6e7b5f450a9676e78709cea0cb8883
SSDEEP

12288:qDxgXpY1uFUDOdDVmYVwosQ5axSisEPk0w/S:qD3DOXm8ikaQijc0wS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f626323de849655eae95a2733b432a33_JaffaCakes118

Files

f626323de849655eae95a2733b432a33_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a79584763b2f33f186d4a4c4fa8f8ec8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpSendRequestW
SetUrlCacheEntryGroupW
HttpCheckDavCompliance
InternetGetCookieA
ShowClientAuthCerts
InternetWriteFile
SetUrlCacheEntryInfoA
InternetConfirmZoneCrossingW
InternetCreateUrlA
InternetDial
InternetGetConnectedStateExW

comdlg32

PageSetupDlgW
ReplaceTextW
ChooseColorW
GetOpenFileNameW
FindTextW
FindTextA
PageSetupDlgA
GetOpenFileNameA

gdi32

Escape
GetWinMetaFileBits
TranslateCharsetInfo
CreateDIBPatternBrush
StartDocW
WidenPath

user32

IsCharAlphaW
WINNLSGetEnableStatus
EnumChildWindows
IsCharAlphaNumericW
InternalGetWindowText
RegisterWindowMessageA
GetKeyState
RegisterClassW
DdeNameService
SetLastErrorEx
LockWindowUpdate
GetClientRect
ValidateRect
GetMenuItemID
CreateMenu
ChildWindowFromPointEx
ModifyMenuA
CreateIconFromResourceEx
GetMenuInfo

kernel32

TlsGetValue
VirtualProtect
WideCharToMultiByte
VirtualFree
InterlockedExchange
GetCurrentProcessId
GetProcAddress
TlsFree
LeaveCriticalSection
CompareStringA
GetVersionExA
GetSystemTime
GetTimeZoneInformation
GetStringTypeW
SetEnvironmentVariableA
MultiByteToWideChar
GetStartupInfoA
GetSystemDirectoryW
IsValidLocale
GetCurrentProcess
LoadLibraryA
HeapFree
RtlUnwind
GetDateFormatA
GetLocaleInfoW
TlsSetValue
LCMapStringA
GetModuleFileNameA
GetACP
VirtualQuery
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetFileType
GetEnvironmentStringsW
GetCommandLineA
IsBadWritePtr
HeapSize
GetCPInfo
SetHandleCount
IsValidCodePage
GetCurrentThreadId
GetLocaleInfoA
ExitProcess
GetStdHandle
HeapCreate
DeleteCriticalSection
HeapAlloc
SetLastError
GetLastError
InitializeCriticalSection
GetSystemInfo
WriteFile
EnterCriticalSection
GetTimeFormatA
GetOEMCP
GetCurrentThread
HeapDestroy
GetUserDefaultLCID
LCMapStringW
GetTickCount
QueryPerformanceCounter
FreeEnvironmentStringsW
GetEnvironmentStrings
GetSystemTimeAsFileTime
GetModuleHandleA
CreateMailslotA
UnlockFile
TerminateProcess
CompareStringW
TlsAlloc
EnumSystemLocalesA
HeapReAlloc
VirtualAlloc
GetStringTypeA

advapi32

CryptAcquireContextW
CryptEnumProvidersW
CryptVerifySignatureA
RegCreateKeyW
RegOpenKeyA
RegDeleteValueW
RegSetValueA
StartServiceW
DuplicateTokenEx
CryptSignHashW
LookupAccountSidA
CreateServiceW
RevertToSelf
RegNotifyChangeKeyValue
AbortSystemShutdownW
RegEnumKeyExA
LookupPrivilegeValueA
CryptDuplicateHash
RegFlushKey
GetUserNameA
LookupPrivilegeValueW
CryptVerifySignatureW
RegDeleteKeyA

Sections

.text
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 271KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a79584763b2f33f186d4a4c4fa8f8ec8

Headers

File Characteristics

Imports

wininet

comdlg32

gdi32

user32

kernel32

advapi32

Sections

.text Size: 126KB - Virtual size: 126KB

.data Size: 271KB - Virtual size: 288KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 126KB - Virtual size: 126KB

.data
Size: 271KB - Virtual size: 288KB

.rsrc
Size: 6KB - Virtual size: 6KB