23007cc3670e8f686d538f2447650a37_JaffaCakes118

General

Target

23007cc3670e8f686d538f2447650a37_JaffaCakes118
Size

403KB
MD5

23007cc3670e8f686d538f2447650a37
SHA1

9bdd3c695a5e36f7ca656d45a6cee104a02aa987
SHA256

ccf755db91f64e728b7fd58289b59e5f8361566487ba7ce734ace4404aeded23
SHA512

3bfadf1d2667826a681a14c3bc910b33eb60744e461cdcc8b486e8a7ad98bf4357516c43bfd88e2e5b932d20de60f6e2e4fbee305755f1e618bd217fa435a288
SSDEEP

12288:VANM6vOC5NKYoQEZEKJ2fogKfw3HNtP6cuyJ5:MTKYorZhJCoFw3HN4cuyJ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23007cc3670e8f686d538f2447650a37_JaffaCakes118

Files

23007cc3670e8f686d538f2447650a37_JaffaCakes118
.exe windows:4 windows x86 arch:x86

99523682ffffc325ceb1d77cceacb959

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

PtVisible
OffsetClipRgn
DeleteMetaFile
GdiPlayJournal
GetTextExtentExPointW
GetObjectA
DeleteObject
SetMetaRgn
SetLayout
GetROP2
GetGraphicsMode
SetStretchBltMode

wininet

HttpSendRequestExW
GopherGetAttributeW
InternetSetDialStateA
FindNextUrlCacheEntryExW
IsHostInProxyBypassList
GopherCreateLocatorW
FtpCreateDirectoryA
InternetAlgIdToStringA
InternetCanonicalizeUrlA
FtpGetFileEx
InternetTimeToSystemTimeW
InternetWriteFileExW
FtpCommandA
HttpSendRequestA

shell32

DuplicateIcon
SHFileOperationA
SHGetMalloc
ShellExecuteEx
DoEnvironmentSubstW
SHGetDiskFreeSpaceA
SHLoadInProc
SHGetSpecialFolderPathW
DragQueryFile
SHGetFileInfoA
SHGetInstanceExplorer
SHQueryRecycleBinA
SHGetDataFromIDListA
SHEmptyRecycleBinA
RealShellExecuteW
FindExecutableW
SHGetDataFromIDListW
SHGetFileInfo

comdlg32

PageSetupDlgW
PrintDlgW
ReplaceTextA
GetFileTitleA
PrintDlgA
ReplaceTextW

kernel32

GetVersionExW
HeapAlloc
RtlUnwind
GetCurrentThreadId
InterlockedExchange
GetModuleHandleA
EnumCalendarInfoA
GetCurrentProcess
VirtualAlloc
LoadLibraryA
GetSystemTimeAsFileTime
GetProcAddress
VirtualQuery
InitializeCriticalSection
EnumSystemCodePagesA
CommConfigDialogW
VirtualProtect
GetTickCount
CreateWaitableTimerW
ExitProcess
GetStringTypeA
HeapReAlloc
GetCurrentProcessId
TerminateProcess
GetModuleFileNameA
HeapFree
CreatePipe
QueryPerformanceCounter

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99523682ffffc325ceb1d77cceacb959

Headers

File Characteristics

Imports

gdi32

wininet

shell32

comdlg32

kernel32

Sections

.text Size: 128KB - Virtual size: 128KB

.data Size: 264KB - Virtual size: 264KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 128KB - Virtual size: 128KB

.data
Size: 264KB - Virtual size: 264KB

.rsrc
Size: 9KB - Virtual size: 8KB