477957a9d5444dd4afa4fc01f3d8f510_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

477957a9d5444dd4afa4fc01f3d8f510_JaffaCakes118
Size

21KB
MD5

477957a9d5444dd4afa4fc01f3d8f510
SHA1

21bd80e32011d084b2a4efa13d2ec33742a6847f
SHA256

d059eae51d4df81131bcef43574a58ca29597282e07a4e03d98d91fa454f1efd
SHA512

bd0f3b67b899ead270a911f54b655e6700c42bcfe7807ad19b6650b5bca9df547d69991be85c2af8aab49109fcebaf4ba605c1c47ae710b5fa7e2ed76569e4d9
SSDEEP

384:i8XSvVHJlUNaT1AK7PY2WNTEbSIy6tWjbaaSIS5RqDTink:ihvVHnUNMAugIaSIS5RYg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
477957a9d5444dd4afa4fc01f3d8f510_JaffaCakes118

Files

477957a9d5444dd4afa4fc01f3d8f510_JaffaCakes118
.exe windows:5 windows x86 arch:x86

95f901004e4e93d8d6f4c577b096187e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA

wininet

HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetQueryOptionA
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetSetOptionA

iphlpapi

GetAdaptersAddresses

psapi

EnumProcesses
GetProcessImageFileNameA

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
CreateProcessA
UnhandledExceptionFilter
GetSystemInfo
CreateThread
GetProcAddress
GetProcessHeap
HeapAlloc
HeapFree
lstrlenA
GetWindowsDirectoryA
GetVolumeInformationA
lstrcpyA
GetVersion
Sleep
GetTempPathA
GetTempFileNameA
ExitProcess
OpenProcess
GetLastError
CloseHandle
lstrcmpiA
lstrcatA
GetComputerNameA
IsProcessorFeaturePresent
CreateFileA
GetFileSize
ReadFile
WriteFile
GetModuleFileNameA
TerminateProcess
GetEnvironmentVariableA
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
VirtualAlloc
VirtualFree
GetThreadContext
SetThreadContext
ResumeThread
GetProcessId
GetModuleHandleA
LoadLibraryA

user32

wsprintfA

advapi32

RegOpenKeyExA
OpenProcessToken
GetTokenInformation
RegSetValueExA
RegCloseKey
LookupAccountSidA

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 480B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 696B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

95f901004e4e93d8d6f4c577b096187e

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

wininet

iphlpapi

psapi

kernel32

user32

advapi32

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 3KB

.gfids Size: 4B - Virtual size: 4B

.rsrc Size: 480B - Virtual size: 480B

.reloc Size: 696B - Virtual size: 696B

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB

.gfids
Size: 4B - Virtual size: 4B

.rsrc
Size: 480B - Virtual size: 480B

.reloc
Size: 696B - Virtual size: 696B