17cf7384da2436f7df03cae66492e350_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17cf7384da2436f7df03cae66492e350_JaffaCakes118
Size

152KB
MD5

17cf7384da2436f7df03cae66492e350
SHA1

4217baf7e7cbd58c9c4dba556355ad59bd50af69
SHA256

c3ecc396695f396b7c2da25a124530a0e0017e82b719ba2c1c59e6361974870f
SHA512

0bef1fd82945666fd5d94c6444e440e64d61b3ede17a667c041ba5e673286e4289bb97a7de1c138e4b8f2e40366aeac67bc7b0b3a4b347faaad2461da247ad99
SSDEEP

3072:g4rkkkgGmEXhZQuSJc5k+ne9r3cZGsFV/WdcpkEvn627fov7E74CoqYYve42T8v5:lkkkgGhZQuSJc5k+ne9r3cZGsFV/Wdct

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17cf7384da2436f7df03cae66492e350_JaffaCakes118

Files

17cf7384da2436f7df03cae66492e350_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3f27f90094620537ca640c641da42b08

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrToIntA

wsock32

gethostname
gethostbyname
WSACleanup
WSAStartup
inet_addr

wininet

InternetCloseHandle
InternetQueryOptionA
InternetSetOptionA
InternetGetConnectedState
InternetOpenA

urlmon

UrlMkSetSessionOption
URLDownloadToFileA

version

GetFileVersionInfoA
VerQueryValueA

netapi32

NetUserGetLocalGroups
NetUserEnum
NetApiBufferFree

kernel32

GetTempFileNameA
GetTempPathA
GetSystemTimeAsFileTime
WideCharToMultiByte
CreateEventA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
WaitForSingleObject
CreateThread
OpenEventA
SetEvent
ReadFile
CloseHandle
GetFileSize
CreateFileA
HeapAlloc
GetProcessHeap
HeapFree
GetProcAddress
LoadLibraryA
FreeLibrary
OpenProcess
GetCurrentProcessId
WriteFile
SetFilePointer
Sleep
GlobalMemoryStatus
QueryPerformanceCounter
GetTickCount
GetLastError
GetCurrentThread
FileTimeToSystemTime
SystemTimeToFileTime
GetWindowsDirectoryA
GetSystemDirectoryA
GetModuleFileNameA
ExitThread
MultiByteToWideChar
FindClose
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetLogicalDriveStringsA
GetEnvironmentStrings
GetVersionExA
GetComputerNameA
GetLocalTime
lstrcpyA
lstrcatA
WinExec
DeleteFileA
ExitProcess
SetErrorMode
TerminateProcess

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
GetUserNameA
RegEnumValueA
RegCreateKeyA
RegCloseKey
RegQueryValueA

shell32

SHGetPathFromIDListA
SHGetFolderPathA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 4KB - Virtual size: 380B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3f27f90094620537ca640c641da42b08

Headers

File Characteristics

Imports

shlwapi

wsock32

wininet

urlmon

version

netapi32

kernel32

advapi32

shell32

ole32

Sections

.text Size: 120KB - Virtual size: 116KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 4KB

.xdata Size: 4KB - Virtual size: 380B

.wdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 2KB

.text
Size: 120KB - Virtual size: 116KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 4KB

.xdata
Size: 4KB - Virtual size: 380B

.wdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 2KB