f94e1797ca3c7faf512edc4c85104fee_JaffaCakes118

General

Target

f94e1797ca3c7faf512edc4c85104fee_JaffaCakes118
Size

385KB
MD5

f94e1797ca3c7faf512edc4c85104fee
SHA1

0ed57a08f7c6bcdcbfffd273180a49f5aa3c2b12
SHA256

da4db85295a6d9e9229870b9828bf4c30efc8a739d9ab449e3e4cce7498d626c
SHA512

da3ff3c082d1034a52b582cf4d2e9fdf7b97e50136dc5e897c915114bd49f829a235948f6403529ea06a98ec9ad9c4cba28bc6fa9fb0f88ccd676f98d10a170c
SSDEEP

12288:hboRacAR8wzjBrLedorxO77Bwj327ntTWVtv:isM7Zk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f94e1797ca3c7faf512edc4c85104fee_JaffaCakes118

Files

f94e1797ca3c7faf512edc4c85104fee_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cb7173c014756a620b099f0b43a6ae1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

GetOpenFileNameA
FindTextW
ChooseColorW
PrintDlgW
ChooseFontW
ChooseColorA
PrintDlgA
GetSaveFileNameA
GetFileTitleA

shell32

RealShellExecuteW
DoEnvironmentSubstA
SHAppBarMessage

wininet

InternetCrackUrlA
ShowSecurityInfo
DeleteUrlCacheEntryW
InternetConnectA
InternetConfirmZoneCrossingW
CommitUrlCacheEntryW
GopherFindFirstFileA
UrlZonesDetach
HttpEndRequestA
SetUrlCacheEntryGroup
FtpDeleteFileW
FindNextUrlCacheEntryA
InternetOpenUrlA
InternetGoOnlineW
IncrementUrlCacheHeaderData
HttpQueryInfoW
InternetSetDialState
RegisterUrlCacheNotification
ShowCertificate
InternetGetCookieA
FindFirstUrlCacheEntryW
FtpDeleteFileA
InternetWriteFileExA
HttpSendRequestA

advapi32

CryptImportKey
LookupSecurityDescriptorPartsA
RegQueryMultipleValuesW
RegSaveKeyW
AbortSystemShutdownW
LookupPrivilegeValueW
CryptGetDefaultProviderW
CryptEnumProviderTypesW
CryptVerifySignatureW
LookupAccountNameA

kernel32

GetCurrentProcessId
GetComputerNameW
LoadLibraryA
VirtualAlloc
QueryPerformanceCounter
ReleaseMutex
RtlUnwind
GetCalendarInfoA
InterlockedExchange
GetSystemTimeAsFileTime
FreeResource
GetTickCount
IsDebuggerPresent
GetModuleHandleA
HeapFree
VirtualQuery
CreateFileMappingA
ExitProcess
GetProcAddress
TerminateProcess
GetModuleFileNameA
HeapAlloc
DeleteFileA
HeapReAlloc
GetCurrentThreadId
GetCurrentProcess

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cb7173c014756a620b099f0b43a6ae1

Headers

File Characteristics

Imports

comdlg32

shell32

wininet

advapi32

kernel32

Sections

.text Size: 116KB - Virtual size: 115KB

.data Size: 263KB - Virtual size: 263KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 116KB - Virtual size: 115KB

.data
Size: 263KB - Virtual size: 263KB

.rsrc
Size: 5KB - Virtual size: 4KB