167751cc1d3693c359ef7041f433112e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

167751cc1d3693c359ef7041f433112e_JaffaCakes118
Size

454KB
MD5

167751cc1d3693c359ef7041f433112e
SHA1

822fc204a594c1d25c3820d0d1e259466136370a
SHA256

a1c28472d1b339377980d4b4acc8ce97f66a6c44e286851bf17e86aa705e7740
SHA512

bda138cc4f1b31b4c7cc012877c0ea6b9e0d664ad162b791c5f31a3ce799624ea34bcb5fbf6741ef871a01f43f4f309f6cef7aaab50f34b1f69c11b836d91b8e
SSDEEP

12288:SpEvxFyovNXxAGrB3IXYZ/pFeZ6c1O5KfAz5+S+phRnDp1g:N1xhII1qEaO5QE8S+pXnN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
167751cc1d3693c359ef7041f433112e_JaffaCakes118

Files

167751cc1d3693c359ef7041f433112e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

33e336d9e296c82ad0586885f473e3aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

UnlockUrlCacheEntryStream
FtpGetFileA
InternetDialW
InternetGetLastResponseInfoA
IsHostInProxyBypassList
InternetCrackUrlA
InternetTimeFromSystemTimeA
InternetSecurityProtocolToStringA
InternetSetDialStateA
SetUrlCacheEntryInfoW
InternetAlgIdToStringA

gdi32

EndDoc

advapi32

RegCreateKeyExA
CryptGetKeyParam
GetUserNameW
LookupPrivilegeDisplayNameA
RegCreateKeyExW
RegSaveKeyW
CryptEncrypt

comdlg32

ChooseColorA
GetOpenFileNameA
PageSetupDlgW
GetOpenFileNameW
ChooseFontA
PrintDlgW
ChooseFontW
FindTextW
ReplaceTextA
FindTextA

kernel32

SetEnvironmentVariableA
SetHandleCount
ResetEvent
GetFileType
GetLastError
ExitProcess
SetLastError
WideCharToMultiByte
GetOEMCP
VirtualFree
LoadLibraryA
Sleep
GetModuleHandleA
HeapFree
GetUserDefaultLCID
SetConsoleCtrlHandler
DeleteCriticalSection
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
LCMapStringW
GetTimeZoneInformation
WriteFile
GetEnvironmentStringsW
HeapCreate
CompareStringA
HeapDestroy
IsValidCodePage
CompareStringW
HeapAlloc
MultiByteToWideChar
GetVersionExA
GetStringTypeW
LCMapStringA
EnterCriticalSection
GetStartupInfoW
GetLocaleInfoW
GetModuleFileNameA
TlsAlloc
GetStringTypeA
TerminateProcess
SetUnhandledExceptionFilter
HeapSize
GetProcessHeap
GetCommandLineW
GetModuleFileNameW
GetSystemTimeAsFileTime
GetACP
GetProcAddress
GetEnvironmentStrings
TlsSetValue
GetTimeFormatA
InterlockedIncrement
GetCurrentProcess
QueryPerformanceCounter
EnumSystemLocalesA
LeaveCriticalSection
VirtualQuery
RtlUnwind
TlsGetValue
GetStartupInfoA
InterlockedExchange
VirtualAlloc
FreeLibrary
InitializeCriticalSection
FreeEnvironmentStringsA
GetDateFormatA
GetStdHandle
GetCPInfo
OpenProcess
TlsFree
UnhandledExceptionFilter
GetCurrentThread
GetCommandLineA
IsValidLocale
InterlockedDecrement
IsDebuggerPresent
GetLocaleInfoA
HeapReAlloc
FreeEnvironmentStringsW

Sections

.text
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 311KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

33e336d9e296c82ad0586885f473e3aa

Headers

File Characteristics

Imports

wininet

gdi32

advapi32

comdlg32

kernel32

Sections

.text Size: 132KB - Virtual size: 131KB

.data Size: 311KB - Virtual size: 341KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 132KB - Virtual size: 131KB

.data
Size: 311KB - Virtual size: 341KB

.rsrc
Size: 10KB - Virtual size: 10KB