0e181cb1b1627cc97387cc82508edd0f_JaffaCakes118

General

Target

0e181cb1b1627cc97387cc82508edd0f_JaffaCakes118
Size

56KB
MD5

0e181cb1b1627cc97387cc82508edd0f
SHA1

cb27e52f45adf21b7ef478f98208dd6cd4ab6aef
SHA256

8bd7d4e14b30bf5ea096f0abc280e85735d103d45eb0597062627e24bac42297
SHA512

28da344164953bf9953dca17684a70f957a29d7fe8442880531da51dd490b104ee52a1296937c68fa0f7e3f6410401d963d91ab4ee437b755b5fd3cfcffa7ac6
SSDEEP

768:WsKcAvjyFaOSloICwQ8IKpZzuGyB3j+n9PAEXl3WHlO:JKcTIOgCpnIzu93jeAxl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e181cb1b1627cc97387cc82508edd0f_JaffaCakes118

Files

0e181cb1b1627cc97387cc82508edd0f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

af73bdc2e19ca445f0db42619f898bab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WriteFile
CreateFileA
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrcatA
lstrcpynA
GetTempFileNameA
GetTempPathA
CloseHandle
GetModuleFileNameA
CompareStringW
CompareStringA
LoadLibraryA
GetProcAddress
DeleteFileA
Sleep
lstrlenA
GetProcessHeap
HeapAlloc
GetVersionExA
lstrcpyA
HeapFree
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetEnvironmentVariableA
ExitProcess
TerminateProcess
GetCurrentProcess
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
WideCharToMultiByte
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount

user32

GetMessageA
LoadStringA
CharNextA
TranslateMessage

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueA

shell32

ShellExecuteA
SHGetFolderPathA

wininet

HttpQueryInfoA
InternetCloseHandle
InternetReadFile
InternetOpenA
InternetOpenUrlA
InternetSetOptionA

setupapi

SetupIterateCabinetA

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

af73bdc2e19ca445f0db42619f898bab

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

wininet

setupapi

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 14KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 14KB