3008377ba79a051b30360db339fbfa93_JaffaCakes118

General

Target

3008377ba79a051b30360db339fbfa93_JaffaCakes118
Size

372KB
MD5

3008377ba79a051b30360db339fbfa93
SHA1

102fecb83325e8549302d89834315f499a4860cd
SHA256

e4302b490d5ffc2edf2b721387ab54ca01d3d6574113ecbb51901060c0f196de
SHA512

8510333e7bc5e61813d93703f098b64f466268720fc6d0fff139f0a3a541819641b790b1aa906302b28b7c6086d6122c9d522683521d124039542e3d80d4b8de
SSDEEP

6144:h7ct9lasEkkcAkaExRVjhkZaK/GNnFDB40//jx9aR2myNZXdInvT2tp4xb8t0D8g:h7cgEPhhgxsFBHl9aRCNZXdWK44tSyg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3008377ba79a051b30360db339fbfa93_JaffaCakes118

Files

3008377ba79a051b30360db339fbfa93_JaffaCakes118
.exe windows:4 windows x86 arch:x86

deae6c7065efe34cb419a0410f859d55

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
GlobalGetAtomNameA
SetComputerNameA
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcess
HeapAlloc
LoadLibraryA
DeleteFiber
ExitProcess
VirtualAlloc
OpenFile
GetExitCodeProcess
GetSystemTimeAsFileTime
InterlockedExchange
GetTickCount
GetCurrentProcessId
GetModuleHandleA
HeapFree
GetProcAddress
RtlUnwind
TerminateProcess
GetModuleFileNameA
HeapReAlloc
GetTimeFormatA

comdlg32

ChooseColorA
ChooseFontW
GetSaveFileNameA
ChooseColorW

shell32

SHGetPathFromIDListW
SHBrowseForFolderA
DragQueryPoint
SHGetFileInfoA
SHGetDiskFreeSpaceA
FreeIconList
RealShellExecuteW
CommandLineToArgvW
DragFinish
SheSetCurDrive
SheChangeDirExW
ExtractAssociatedIconExA
SHLoadInProc
SHAddToRecentDocs
SHQueryRecycleBinW
InternalExtractIconListW
SHGetMalloc

wininet

FtpSetCurrentDirectoryA
FindFirstUrlCacheContainerW
InternetSetDialStateW
CreateUrlCacheContainerA
GopherFindFirstFileW
InternetAlgIdToStringA
FindFirstUrlCacheEntryA
HttpQueryInfoW
InternetTimeToSystemTime

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

deae6c7065efe34cb419a0410f859d55

Headers

File Characteristics

Imports

kernel32

comdlg32

shell32

wininet

Sections

.text Size: 97KB - Virtual size: 97KB

.data Size: 262KB - Virtual size: 261KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 97KB - Virtual size: 97KB

.data
Size: 262KB - Virtual size: 261KB

.rsrc
Size: 11KB - Virtual size: 11KB