45d2b42ea871eb016a0278448bbd1729_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

45d2b42ea871eb016a0278448bbd1729_JaffaCakes118
Size

962KB
MD5

45d2b42ea871eb016a0278448bbd1729
SHA1

c2a9fcf30ff26f5bf0e5d757685fdb402499cb59
SHA256

3d4eb623091c02229c13b887a79584dacf46ea77ac8bad4552c49e680eab6b84
SHA512

16649775cd20802b78c8fede1f175efec6ae0d5cef1e973797d4ae5f332e91ec4246e7d426e2044230e3e6012391c258f0dc07a931ddf3a8ec6e5837c3f4d797
SSDEEP

12288:zkwCNrugOvOqlJ7M6gidZ6Bvhi9oEEVYKyALNx6ju3I4cZXQ8z/PJ:z3AxUO8gEdZYUtqx6BW8z/PJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45d2b42ea871eb016a0278448bbd1729_JaffaCakes118

Files

45d2b42ea871eb016a0278448bbd1729_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e277096782c2997a71a3fc7c442de132

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

ChooseFontW
ReplaceTextW

wininet

InternetOpenW
InternetSetOptionW

kernel32

WriteConsoleW
SetFilePointerEx
SetStdHandle
GetProcAddress
GetVersion
GlobalAlloc
LocalFree
VirtualAlloc
GetCurrentProcess
GetEnvironmentStringsW
GetCurrentThreadId
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetFileSize
WriteFile
MulDiv
GetSystemTime
lstrcmpiW
CreateFileMappingW
LoadLibraryW
GetStartupInfoW
CreateFileW
DeleteFileW
FindNextFileW
GetVersionExW
LCMapStringW
GetStringTypeW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
HeapReAlloc
GetCommandLineW
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
GetModuleFileNameW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapFree
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
IsProcessorFeaturePresent
LoadLibraryExW
RtlUnwind
OutputDebugStringW
HeapAlloc
CloseHandle

psapi

GetProcessImageFileNameW

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
Shell_NotifyIconW
SHGetSpecialFolderPathW
ExtractIconExW
DragFinish
DragQueryFileW
SHPathPrepareForWriteW
ShellExecuteExW

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 6.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e277096782c2997a71a3fc7c442de132

Headers

File Characteristics

Imports

comdlg32

wininet

kernel32

psapi

shell32

Sections

.text Size: 90KB - Virtual size: 89KB

.rdata Size: 748KB - Virtual size: 748KB

.data Size: 15KB - Virtual size: 6.9MB

.rsrc Size: 108KB - Virtual size: 107KB

.text
Size: 90KB - Virtual size: 89KB

.rdata
Size: 748KB - Virtual size: 748KB

.data
Size: 15KB - Virtual size: 6.9MB

.rsrc
Size: 108KB - Virtual size: 107KB