1c6f6a206307a60c416364e930609a60_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1c6f6a206307a60c416364e930609a60_JaffaCakes118
Size

415KB
MD5

1c6f6a206307a60c416364e930609a60
SHA1

432ea36a5b4464f21293bbbf02573d773b615e69
SHA256

fc9c36b7e70fb54dff2d7f317d65b7ba7ce32492763eed0aa5ec8c921a206e2b
SHA512

f02152397b5d1344023666a1bbeaf04e9b9ff2cec179461a9ff4bcf83e80585ee53cd7afeff9d5e17de23c62aeb7d1421078439ac1e2b91fef618e882cf9756f
SSDEEP

12288:0kazczy48W0H3a+FDOltOlfr65LHpOtDsl1T7YW:tWpfaNyGUtDslVY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c6f6a206307a60c416364e930609a60_JaffaCakes118

Files

1c6f6a206307a60c416364e930609a60_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a8146f44bed761f44faff3fe8249f715

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAddAtomA
GetLocaleInfoA
WaitNamedPipeW
OpenMutexW
GetCurrentThread
CreateThread
HeapAlloc
SetUnhandledExceptionFilter
IsValidLocale
HeapCreate
LeaveCriticalSection
VirtualFree
LoadLibraryExW
FoldStringA
UnhandledExceptionFilter
IsValidCodePage
TlsGetValue
GetEnvironmentStringsW
GetFileType
ConvertDefaultLocale
InterlockedDecrement
EnterCriticalSection
GetLastError
EnumSystemLocalesA
EnumCalendarInfoExW
GetOEMCP
LCMapStringW
GetEnvironmentStrings
GetProcAddress
DeleteFileW
GetDateFormatA
SetHandleCount
ContinueDebugEvent
DeleteCriticalSection
CreateDirectoryW
GetProcessHeap
VirtualQuery
GetVersionExA
SetEnvironmentVariableA
HeapSize
GetEnvironmentVariableA
GetStartupInfoW
LCMapStringA
GetCommandLineW
HeapReAlloc
GetUserDefaultLCID
ExitProcess
FillConsoleOutputAttribute
WriteFile
VirtualAlloc
SetLastError
QueryPerformanceCounter
GetCurrentProcess
GetStringTypeW
GetModuleHandleA
FreeLibrary
GetStdHandle
GetStringTypeA
GetCurrentThreadId
InitializeCriticalSection
TlsAlloc
CompareStringW
GetACP
GetCurrentProcessId
TlsSetValue
GetTimeFormatA
CompareStringA
lstrcmp
GetTickCount
GetModuleFileNameW
GetPrivateProfileSectionA
FreeEnvironmentStringsW
InterlockedIncrement
HeapDestroy
RtlUnwind
FreeEnvironmentStringsA
GetSystemTimeAsFileTime
InterlockedExchange
GetTimeZoneInformation
GetCommandLineA
MultiByteToWideChar
GetCPInfo
TlsFree
GetLocaleInfoW
GetStartupInfoA
HeapFree
TerminateProcess
LoadLibraryA
UnlockFileEx
SetConsoleCtrlHandler
WideCharToMultiByte
SetStdHandle
GetModuleFileNameA
IsDebuggerPresent
DeleteFileA
Sleep
CopyFileA

shell32

CommandLineToArgvW
SHBrowseForFolderW
ShellAboutW
ExtractIconEx
SheSetCurDrive
ExtractIconA
DragQueryFileAorW
DuplicateIcon
ShellExecuteExW
SHFileOperationA
SHGetDiskFreeSpaceA
SHGetFileInfo
SHBrowseForFolderA
DragFinish
SHGetPathFromIDList
RealShellExecuteExA
FindExecutableA
SheChangeDirExW
DragQueryFileW
InternalExtractIconListA
DragAcceptFiles
ExtractAssociatedIconExA

advapi32

CryptHashSessionKey

wininet

GetUrlCacheHeaderData
InternetWriteFileExA
InternetAutodialHangup
InternetCanonicalizeUrlW
InternetErrorDlg
HttpQueryInfoA
FindNextUrlCacheEntryA
HttpEndRequestA
FtpPutFileA
GetUrlCacheConfigInfoW
InternetGoOnline
InternetSecurityProtocolToStringA
InternetGetCertByURLA
FtpGetCurrentDirectoryW
InternetAttemptConnect

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8146f44bed761f44faff3fe8249f715

Headers

File Characteristics

Imports

kernel32

shell32

advapi32

wininet

Sections

.text Size: 128KB - Virtual size: 128KB

.data Size: 278KB - Virtual size: 290KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 128KB - Virtual size: 128KB

.data
Size: 278KB - Virtual size: 290KB

.rsrc
Size: 7KB - Virtual size: 6KB