18baaed7aad1a34359b86777157033cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

18baaed7aad1a34359b86777157033cc_JaffaCakes118
Size

25KB
MD5

18baaed7aad1a34359b86777157033cc
SHA1

fe49844faffb56cbc687983893019fbb36ff7f9f
SHA256

9cc4c49f45f297f97a43ec37008e49276e64102d01e0b93147217008c85587ce
SHA512

185196162c44416e28fd6f22c4d9a311f821c8f785844e64a174fb7e98a7cd83cc53ab157c18b2f8781a7b5d4a855b5e34b60192b6c04d7f59d72d42c5e80bdf
SSDEEP

384:JBJySnVN+Qvp5o5YDB22e/gVAWAdFxOADr6:4gNo5YDB2rYVxqFxOA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
18baaed7aad1a34359b86777157033cc_JaffaCakes118

Files

18baaed7aad1a34359b86777157033cc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7284ab1078794f76c42388884de6d381

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Documents and Settings\Administrator\Moje dokumenty\Visual Studio 2005\Projects\downloader\debug\downloader.pdb

Imports

wininet

HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetReadFile

ws2_32

htons
send
recv
closesocket
socket
gethostbyname
WSAStartup
connect

kernel32

GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
CloseHandle
WriteFile
CreateFileA
CreateProcessA
GetSystemDirectoryA
Sleep
CopyFileA
SetFileAttributesA
GetModuleFileNameA
GetModuleHandleA
GetVolumeInformationA
FatalAppExitA

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA

ole32

CoCreateInstance

oleaut32

SysStringLen
SysAllocString
SysFreeString

msvcr80d

_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_invoke_watson
_controlfp_s
strstr
_CrtDbgReportW
strlen
strncmp
strtok
memset
strcat
sprintf
tolower
printf
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_amsg_exit
__getmainargs
_exit
_XcptFilter
_cexit
exit
_ismbblead
_acmdln
_CrtSetCheckCount
_initterm
_initterm_e
_crt_debugger_hook

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7284ab1078794f76c42388884de6d381

Headers

File Characteristics

PDB Paths

Imports

wininet

ws2_32

kernel32

advapi32

ole32

oleaut32

msvcr80d

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB