3cd7a3483c060997e75f948e81480764_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3cd7a3483c060997e75f948e81480764_JaffaCakes118
Size

879KB
MD5

3cd7a3483c060997e75f948e81480764
SHA1

4ba9c4ab0a563711bde796cd4fab6a6d3d84fdcb
SHA256

57f96c9f253e79f542c2e49154a92fa2c2a2260f7e411e83a89acdeb65a74d94
SHA512

e27ca142692a7d73f38cb1745d2c2f606ceb810fc4a15625e6902593366b09f9a61e81213c941e61fb318bb035f0a0cc14dba175dd0786b4554059d3a3d1c329
SSDEEP

24576:TrplRK8n2rHkzDFOGCvQCDc0K0LbhM1yZdKiG8RY:npwrYJOtg50L21kdJlu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3cd7a3483c060997e75f948e81480764_JaffaCakes118

Files

3cd7a3483c060997e75f948e81480764_JaffaCakes118
.exe windows:5 windows x86 arch:x86

af35ec7db592cc7b45f3b55d4dec95a8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

CryptCATAdminReleaseCatalogContext
WTHelperGetProvSignerFromChain

wininet

HttpQueryInfoW
HttpSendRequestW
InternetOpenW
InternetQueryOptionW
InternetOpenUrlW
InternetSetOptionW

kernel32

GetFullPathNameW
RemoveDirectoryW
CreateFileMappingW
CreateEventW
GetSystemTime
CloseHandle
FindClose
WriteFile
GetStdHandle
GetFileType
SetHandleCount
WaitForMultipleObjects
LeaveCriticalSection
EnterCriticalSection
GetLastError
IsSystemResumeAutomatic
SwitchToThread
ExitProcess
VirtualAlloc
GetProcAddress
GetOEMCP
IsValidCodePage
HeapFree
Sleep
RtlUnwind
HeapSize
LCMapStringW
GetStringTypeW
HeapAlloc
FindNextFileW
HeapReAlloc
GetACP
GetCPInfo
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
LoadLibraryW
GetCommandLineA
HeapSetInformation
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetModuleHandleW
DecodePointer
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar

comctl32

FlatSB_SetScrollProp
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
CreateStatusWindowW
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_SetDragCursorImage
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_AddMasked
ImageList_GetBkColor
ImageList_GetImageCount
InitCommonControlsEx
ord17
PropertySheetW
DestroyPropertySheetPage
InitializeFlatSB

winspool.drv

CloseSpoolFileHandle

user32

DdeCreateDataHandle
GetWindowInfo
FindWindowW
SetParent
SetMenuDefaultItem
CharPrevW
RegisterClipboardFormatW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 821KB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af35ec7db592cc7b45f3b55d4dec95a8

Headers

File Characteristics

Imports

wintrust

wininet

kernel32

comctl32

winspool.drv

user32

Sections

.text Size: 48KB - Virtual size: 47KB

.data Size: 821KB - Virtual size: 7.3MB

.idata Size: 3KB - Virtual size: 3KB

.xdata Size: 5KB - Virtual size: 8KB

.text
Size: 48KB - Virtual size: 47KB

.data
Size: 821KB - Virtual size: 7.3MB

.idata
Size: 3KB - Virtual size: 3KB

.xdata
Size: 5KB - Virtual size: 8KB