f7f193fee77f792b10334523271e264c_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f7f193fee77f792b10334523271e264c_JaffaCakes118
Size

414KB
MD5

f7f193fee77f792b10334523271e264c
SHA1

946f750c193d739d5e3d644413aa8bf6ea8ab877
SHA256

445d3644702a83e1962200b9a4a901723a63080192bfddff5e231be43ee99089
SHA512

ad49f42d4777f3827b8d8ef1814868e1d995e4f4cd1e7e27567017a927d199b66656e25abd011caa5936f0f8aee0723b269a7c50fd637e67bdeee804687dd06b
SSDEEP

6144:/KE7CpkgIcuoSRJ+debucu8HS1WD/ctcvLj2jcd7iPWJ1M9UMfU4a:/KuCpkhcGTh/ctcTigd7iPWACMfBa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f7f193fee77f792b10334523271e264c_JaffaCakes118

Files

f7f193fee77f792b10334523271e264c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9cfb681bf00df994f5e551d45358103d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
VirtualQuery
LoadLibraryA
GetProcessHeaps
RtlUnwind
GetTempPathW
QueryPerformanceCounter
GetCurrentProcess
GetProcAddress
VirtualAlloc
GetCurrentThreadId
GetThreadPriority
HeapReAlloc
HeapAlloc
GetCurrentDirectoryA
GetSystemTimeAsFileTime
HeapFree
InterlockedExchange
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
ExitProcess
GetTickCount

wininet

HttpQueryInfoA
FtpRemoveDirectoryW
InternetGetConnectedStateExA
InternetFindNextFileA
GetUrlCacheEntryInfoExW
FtpRenameFileW
GetUrlCacheHeaderData
InternetGetConnectedState
SetUrlCacheGroupAttributeA
RetrieveUrlCacheEntryStreamW
InternetSetCookieA
InternetOpenA

advapi32

RegReplaceKeyW
LookupSecurityDescriptorPartsW
RegRestoreKeyW
CryptAcquireContextA

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ