06b15424f27ab2285cf8582bb0056953_JaffaCakes118

General

Target

06b15424f27ab2285cf8582bb0056953_JaffaCakes118
Size

391KB
MD5

06b15424f27ab2285cf8582bb0056953
SHA1

b34324f9cf08ca8faf344de49a68656f0b14f9f8
SHA256

3e30c882d991146ff1ac86c6f4bef2999a55bbde15a42e831653165f228e246b
SHA512

5ff1c8a1699192f6323707763cc685c500fc82da7a3979ae19a91e6181b934e8f3123de058f55ada91b972b7034527b4c297ebd8696c3b025467b8d204b51a5a
SSDEEP

12288:I/Sxcwfs3pyYyTGkQufktSjd2Atdrq4plmZRRQ/s:lgwctSRtdrvQPQ/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
06b15424f27ab2285cf8582bb0056953_JaffaCakes118

Files

06b15424f27ab2285cf8582bb0056953_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b3bad69df2dc9f9e1492ff951e4dc683

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetCPInfo
TlsSetValue
GetFileType
HeapAlloc
LoadLibraryA
GetStdHandle
SetHandleCount
GetCommandLineA
EnterCriticalSection
GetEnvironmentStringsW
HeapDestroy
InterlockedExchange
GetTickCount
GetVersion
WideCharToMultiByte
WriteFile
GetCurrentThread
MultiByteToWideChar
LCMapStringW
GetModuleFileNameA
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThreadId
TlsFree
VirtualFree
GetProcAddress
GetOEMCP
UnhandledExceptionFilter
HeapFree
GetACP
LCMapStringA
GetComputerNameW
IsBadWritePtr
VirtualQuery
GetStringTypeA
TlsAlloc
GetSystemTimeAsFileTime
HeapCreate
GetCurrentProcessId
GetStartupInfoA
TlsGetValue
HeapReAlloc
RtlUnwind
ExitProcess
GetLastError
GetEnvironmentStrings
VirtualAlloc
TerminateProcess
QueryPerformanceCounter
GetCurrentProcess
InitializeCriticalSection
GetModuleHandleA
SetLastError

gdi32

CreatePalette
TextOutW
ColorCorrectPalette
GetRgnBox

shell32

ExtractIconExA
DuplicateIcon
SHGetPathFromIDListA
DoEnvironmentSubstW
SHAppBarMessage
SHLoadInProc

wininet

InternetConnectW
InternetReadFileExA
UnlockUrlCacheEntryStream
HttpSendRequestA
InternetLockRequestFile
GopherCreateLocatorW
InternetAutodialHangup
InternetCheckConnectionA
UpdateUrlCacheContentPath
HttpQueryInfoW
InternetCreateUrlW
InternetWriteFileExA
GetUrlCacheEntryInfoExA
InternetGetConnectedStateExW
InternetTimeToSystemTimeA

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 267KB - Virtual size: 271KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3bad69df2dc9f9e1492ff951e4dc683

Headers

File Characteristics

Imports

kernel32

gdi32

shell32

wininet

Sections

.text Size: 118KB - Virtual size: 117KB

.data Size: 267KB - Virtual size: 271KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 118KB - Virtual size: 117KB

.data
Size: 267KB - Virtual size: 271KB

.rsrc
Size: 4KB - Virtual size: 4KB