01d421fc06a3951e1e4373077db15284_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01d421fc06a3951e1e4373077db15284_JaffaCakes118
Size

432KB
MD5

01d421fc06a3951e1e4373077db15284
SHA1

9e5cbcadef55b1c14a90382578b2c2cb5ca1aedc
SHA256

a9155e40069bb3c1532bf146567cef9f249b8f77bbb69fa42e040056fbe19ab0
SHA512

833c3948b59a5635df643488f4fc489a10869c10c43edeb7269d9554c79f2dd8ced3025ac1bf4f4ad1175ca0fc0a4870f993407c731861c5bbcadadb3f6201d6
SSDEEP

12288:pvALxR4OBjPeWrjkb5OUGyuHtBhdadAFkM6VXCzC:pvAxRniEk/o5ad7VX6C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01d421fc06a3951e1e4373077db15284_JaffaCakes118

Files

01d421fc06a3951e1e4373077db15284_JaffaCakes118
.exe windows:4 windows x86 arch:x86

844924522a9777605bba8aff6ed4eb36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

UnlockUrlCacheEntryFileW
InternetGetConnectedStateExA
FtpFindFirstFileA
IncrementUrlCacheHeaderData
UnlockUrlCacheEntryFileA
InternetConnectW
FindNextUrlCacheEntryExA
InternetWriteFileExW
GetUrlCacheGroupAttributeW

shell32

SHInvokePrinterCommandA
SHFormatDrive
SHBrowseForFolder

kernel32

SetConsoleCtrlHandler
GetUserDefaultLCID
WideCharToMultiByte
GetTimeFormatA
TlsFree
WriteFile
GetProcessHeap
GetDateFormatA
FreeEnvironmentStringsW
LoadLibraryA
LCMapStringA
LocalFileTimeToFileTime
GetEnvironmentStringsW
Sleep
GetModuleFileNameA
HeapReAlloc
GetCurrentProcessId
TlsSetValue
SetTimeZoneInformation
IsValidCodePage
HeapDestroy
CompareStringA
SetEnvironmentVariableA
ExitProcess
TlsGetValue
GetSystemTimeAsFileTime
VirtualAlloc
SetConsoleTitleA
QueryPerformanceCounter
GetCurrentProcess
EnterCriticalSection
GetMailslotInfo
GetProfileIntW
GetCurrentThreadId
GetStdHandle
GetFullPathNameW
GetLocaleInfoW
WriteConsoleInputA
GetProcAddress
LCMapStringW
LeaveCriticalSection
InterlockedDecrement
UnhandledExceptionFilter
GetTickCount
TerminateProcess
GetStringTypeW
GetEnvironmentStrings
GetCPInfo
SetHandleCount
TlsAlloc
InitializeCriticalSection
SetUnhandledExceptionFilter
IsDebuggerPresent
InterlockedExchange
MultiByteToWideChar
VirtualFree
GetTimeZoneInformation
CompareStringW
GetPrivateProfileStringA
FreeEnvironmentStringsA
GetLocaleInfoA
SetLastError
HeapSize
FreeLibrary
GetStartupInfoA
EnumSystemLocalesA
GetLastError
VirtualQuery
RtlUnwind
GetCurrentThread
GetCommandLineA
GetModuleHandleA
DeleteCriticalSection
WriteConsoleOutputW
GetFileType
HeapCreate
HeapFree
GetStringTypeA
SetConsoleTextAttribute
HeapAlloc
InterlockedIncrement
GetACP
IsValidLocale
GetVersionExA
GetOEMCP

comdlg32

GetSaveFileNameW
LoadAlterBitmap
FindTextW

gdi32

CloseEnhMetaFile
SetBitmapDimensionEx
StartDocW
GetGlyphOutlineA
GetMetaFileA
GetRgnBox
GetBitmapBits
SetICMProfileA
SetColorAdjustment
GetFontData
SetDIBits
FlattenPath
ExcludeClipRect
CombineRgn

Sections

.text
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

844924522a9777605bba8aff6ed4eb36

Headers

File Characteristics

Imports

wininet

shell32

kernel32

comdlg32

gdi32

Sections

.text Size: 127KB - Virtual size: 127KB

.rdata Size: 9KB - Virtual size: 13KB

.data Size: 280KB - Virtual size: 279KB

.rsrc Size: 15KB - Virtual size: 14KB

.text
Size: 127KB - Virtual size: 127KB

.rdata
Size: 9KB - Virtual size: 13KB

.data
Size: 280KB - Virtual size: 279KB

.rsrc
Size: 15KB - Virtual size: 14KB