03565209e63a317ae783a4f7034be0c9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

03565209e63a317ae783a4f7034be0c9_JaffaCakes118
Size

444KB
MD5

03565209e63a317ae783a4f7034be0c9
SHA1

45361a55f4ece071ab4ce4ded16ee5de3d16ca4a
SHA256

d5290859d34925bf70c5a785656ae723c06e6a28143ccfe8bed98966d191fdc0
SHA512

a0937a30866ca7d31790d63fe6dc8b7b521fe3fe2d50983589227a71302d5597b4fc33ccd9563035b08daf6373230e87004004995877d94c636fa244efb70370
SSDEEP

12288:brMO2gaLXzVUhB90tO6Ik8paEkwN8FhPv363:brMO2FTzVUn90tmLpSwN8FJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03565209e63a317ae783a4f7034be0c9_JaffaCakes118

Files

03565209e63a317ae783a4f7034be0c9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

db7b05566049006389dec451155d26c7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareStringW
GetDateFormatA
GetTimeZoneInformation
GetCurrentProcess
LoadLibraryA
GetACP
ReadConsoleA
SetEnvironmentVariableA
GetStringTypeW
lstrcatA
GetSystemTimeAsFileTime
GetProcAddress
HeapAlloc
LeaveCriticalSection
VirtualQuery
FreeEnvironmentStringsA
FreeEnvironmentStringsW
CreatePipe
UnhandledExceptionFilter
ReleaseMutex
GetLogicalDriveStringsW
DeleteFileW
WriteFile
EnumResourceLanguagesW
EnumSystemLocalesA
MapViewOfFile
HeapSize
GetCurrentProcessId
TlsFree
QueryPerformanceCounter
GetModuleHandleA
GetLocaleInfoW
OpenEventW
HeapCreate
RtlUnwind
VirtualUnlock
InterlockedExchange
CreateFileA
SetUnhandledExceptionFilter
HeapDestroy
GetThreadPriority
VirtualAlloc
RemoveDirectoryA
TerminateProcess
HeapFree
GetSystemDirectoryW
SetLastError
VirtualFree
EnterCriticalSection
HeapReAlloc
GetTickCount
GetFileTime
TlsGetValue
SetConsoleCtrlHandler
GetStdHandle
FreeLibrary
IsValidLocale
GetFileAttributesA
GetUserDefaultLCID
ExitProcess
LCMapStringA
Sleep
TlsAlloc
GetLongPathNameW
WideCharToMultiByte
CompareStringA
IsValidCodePage
LCMapStringW
DeleteCriticalSection
GetEnvironmentStrings
TlsSetValue
GetCurrentThreadId
LocalCompact
IsDebuggerPresent
InitializeCriticalSection
GetLastError
GetEnvironmentStringsW
GetTimeFormatA
lstrcat
InterlockedDecrement
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
GetModuleHandleW
GetCommandLineA
GetCPInfo
GetCurrentThread
GetOEMCP
MultiByteToWideChar
GetStringTypeA
WriteConsoleOutputAttribute
GetLocaleInfoA
GetFileType
SetHandleCount
GetStartupInfoA
GetModuleFileNameA

wininet

ShowCertificate
SetUrlCacheEntryGroupA
ResumeSuspendedDownload
FtpDeleteFileA
InternetConfirmZoneCrossingA
InternetReadFileExW

user32

SetThreadDesktop
GetMenuStringA

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db7b05566049006389dec451155d26c7

Headers

File Characteristics

Imports

kernel32

wininet

user32

Sections

.text Size: 141KB - Virtual size: 141KB

.rdata Size: 8KB - Virtual size: 12KB

.data Size: 280KB - Virtual size: 279KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 8KB - Virtual size: 12KB

.data
Size: 280KB - Virtual size: 279KB

.rsrc
Size: 13KB - Virtual size: 13KB