249e0b63e4581d8fa34bcce88162e2a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

249e0b63e4581d8fa34bcce88162e2a9_JaffaCakes118
Size

417KB
MD5

249e0b63e4581d8fa34bcce88162e2a9
SHA1

85b36918ae7a9000a3362bb00fd8371436742f0c
SHA256

c60a7f1ce2201f8056a3ae2419d875ea26a7fb0a1a2856945d821e71010caa9b
SHA512

78f7ff796d2beb4532119f62c6d427186f277b4abd1699ef9b96d975d4bb1ba9013c1ac11a95ea1d8655d9a03a8bd67f74354efb1bde227aa0335c6950192098
SSDEEP

6144:yB+T71btjQ+MA0Wh2NK0S7sROj5LnnGdha23WZ8hw+O3pGv8QhhNJkLA:yBkR8jA0Ww801o1YFpw9p+8Qhv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
249e0b63e4581d8fa34bcce88162e2a9_JaffaCakes118

Files

249e0b63e4581d8fa34bcce88162e2a9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

885302a04b76f11f2248360e98e004ce

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CancelDC
GetTextAlign
OffsetClipRgn
SelectClipRgn
SetFontEnumeration

wininet

CreateUrlCacheGroup
FtpCommandA
GetUrlCacheEntryInfoExW
FtpSetCurrentDirectoryW
SetUrlCacheGroupAttributeA
InternetUnlockRequestFile
FindNextUrlCacheContainerA
FindNextUrlCacheEntryExA
FtpGetFileW
InternetOpenA
InternetTimeFromSystemTimeA

comdlg32

ReplaceTextA
ChooseFontA
GetOpenFileNameW
GetSaveFileNameW
LoadAlterBitmap
ChooseColorA
FindTextW
ChooseColorW
GetFileTitleA
PageSetupDlgW
PageSetupDlgA
ReplaceTextW
FindTextA
PrintDlgA
PrintDlgW

user32

ToAsciiEx
DlgDirSelectExA
SetWinEventHook
GrayStringA
LoadCursorFromFileW
EnumWindowStationsA

kernel32

IsValidCodePage
SetConsoleCtrlHandler
GetCurrentThreadId
GetTimeZoneInformation
InterlockedDecrement
GetPrivateProfileStringA
HeapCreate
GetCPInfo
HeapFree
CompareStringW
GetCurrentThread
UnhandledExceptionFilter
GetCurrentProcess
GetStartupInfoW
FreeEnvironmentStringsW
FindFirstFileExA
FreeLibrary
GetModuleFileNameW
GetEnvironmentStrings
TlsSetValue
GetModuleFileNameA
GetFileType
GetTickCount
GetStringTypeA
VirtualFree
DeleteCriticalSection
GetDateFormatA
CompareStringA
RtlUnwind
EnterCriticalSection
GetModuleHandleA
VirtualFreeEx
LCMapStringW
ConnectNamedPipe
GetEnvironmentStringsW
LoadLibraryA
HeapAlloc
GetLocaleInfoA
InterlockedIncrement
GetTimeFormatA
LCMapStringA
FreeEnvironmentStringsA
SetLastError
EnumResourceNamesA
EnumSystemLocalesA
TlsAlloc
GetCurrentProcessId
InterlockedExchange
ContinueDebugEvent
SetThreadContext
GetProcAddress
TerminateProcess
IsValidLocale
LocalFree
IsDebuggerPresent
GetCommandLineW
VirtualAlloc
TlsFree
HeapDestroy
ExitProcess
GetProcessHeap
MultiByteToWideChar
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCommandLineA
GetStringTypeW
GetStartupInfoA
GetVersionExA
GetProcessShutdownParameters
TlsGetValue
GetOEMCP
SetUnhandledExceptionFilter
VirtualQuery
QueryPerformanceCounter
GetStdHandle
Sleep
HeapSize
GetLastError
InitializeCriticalSection
WideCharToMultiByte
OpenProcess
lstrcatW
GetACP
WriteConsoleOutputA
WriteFile
ReadConsoleOutputW
HeapReAlloc
SetEnvironmentVariableA
FindResourceExA
SetHandleCount
GetSystemDirectoryW
GetLocaleInfoW
GetUserDefaultLCID

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 278KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

885302a04b76f11f2248360e98e004ce

Headers

File Characteristics

Imports

gdi32

wininet

comdlg32

user32

kernel32

Sections

.text Size: 128KB - Virtual size: 128KB

.data Size: 278KB - Virtual size: 299KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 128KB - Virtual size: 128KB

.data
Size: 278KB - Virtual size: 299KB

.rsrc
Size: 10KB - Virtual size: 9KB