06ef4268c843b105f0b221a27e4883dc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

06ef4268c843b105f0b221a27e4883dc_JaffaCakes118
Size

166KB
MD5

06ef4268c843b105f0b221a27e4883dc
SHA1

3b2050a8b5a6078cc844967c6ef4aa22a97afb1a
SHA256

d5c7ac49ea9ba23c2822b62b7acf413fb8b35ac70744a42102e000c39bac03fc
SHA512

79d83782980983f46e78c767ff642483b1402337c04867a4d2d88dd47a92a1a87664250633861d99f90bfb09b4fcfbb6a1da86fcaa7fccbf65440ab1fddd79c7
SSDEEP

3072:lEj58dOpb3HRKUtZFC1+A75xL5Hu8p5kpNXmttmPii7wmB:qj56OpbXRKEFAxlHu8ANO+R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06ef4268c843b105f0b221a27e4883dc_JaffaCakes118

Files

06ef4268c843b105f0b221a27e4883dc_JaffaCakes118
.exe windows:6 windows x86 arch:x86

e0e3223f182218d138e1916b1871b55b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
Sleep
GetCurrentProcess
CreateProcessA
GetModuleHandleA
GetProcAddress
CreateFileW
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
OutputDebugStringW
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
GetLastError
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapFree
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetCommandLineA
GetCPInfo
HeapAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
IsProcessorFeaturePresent
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
HeapSize
IsDebuggerPresent
GetStdHandle
WriteFile
GetModuleFileNameW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThreadId
GetProcessHeap
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileType
ReadFile
ReadConsoleW
SetFilePointerEx
DeleteFileW
GetTimeZoneInformation
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile

wininet

FtpGetFileA
InternetConnectA
InternetCloseHandle
InternetOpenA
FtpPutFileA

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e0e3223f182218d138e1916b1871b55b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

wininet

Sections

.text Size: 113KB - Virtual size: 112KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 113KB - Virtual size: 112KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 7KB - Virtual size: 7KB