336971000320c08b8c0257aa87ab41b8_JaffaCakes118

General

Target

336971000320c08b8c0257aa87ab41b8_JaffaCakes118
Size

188KB
MD5

336971000320c08b8c0257aa87ab41b8
SHA1

8b12f34dc9d1d7c7dae06441e51051bf48779ba1
SHA256

b5cd6ae7acd3c0db6f2e6c5e29cc726d7256961751cb0e8586e71fe124439a96
SHA512

1244e6fb85a39bd8fd073a524ffc263b3e865cd4566652f567da59c1f8dbe2357ba30e781f943c76bd1f13bf09e7bb6f171c0c32875c25edfe6c82c0611ebc0e
SSDEEP

3072:KpGo8kjKPfwYphqBQwe598ohPp6IKGpStOPD139znfT/2XUKty7ayr74bCZMJaR:5OOwIhqBQQohhZz139zfT/2XPqBv4bgR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
336971000320c08b8c0257aa87ab41b8_JaffaCakes118

Files

336971000320c08b8c0257aa87ab41b8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

255cc0e880fdfaf8640a0379d50f0094

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
WaitForSingleObject
GetCurrentProcess
LoadLibraryW
GetCurrentThreadId
WriteConsoleA
LCMapStringA
SetEnvironmentVariableA
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetCPInfo
GetStringTypeW
GetStringTypeA
SetEndOfFile
LoadLibraryA
GetProcAddress
CreateFileA
FlushFileBuffers
SetStdHandle
IsBadWritePtr
HeapReAlloc
VirtualAlloc
HeapAlloc
GetModuleFileNameA
WriteFile
RtlUnwind
VirtualFree
HeapCreate
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetVersion
ExitProcess
HeapFree
GetLastError
CloseHandle
ReadFile
TerminateProcess
SetFilePointer
WideCharToMultiByte
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
LCMapStringW

shlwapi

PathIsURLW
PathIsRootW
PathStripToRootW
PathCanonicalizeW
SHCreateStreamOnFileW
StrDupW
StrToIntW
StrCmpIW

wininet

InternetQueryDataAvailable
InternetCanonicalizeUrlW
HttpQueryInfoW
InternetOpenUrlW
InternetOpenW
InternetSetStatusCallbackW
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestW
InternetConnectW
HttpOpenRequestW
InternetCloseHandle
InternetCrackUrlW

Sections

.text
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

255cc0e880fdfaf8640a0379d50f0094

Headers

File Characteristics

Imports

kernel32

shlwapi

wininet

Sections

.text Size: 76KB - Virtual size: 72KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 100KB - Virtual size: 437KB

.rsrc Size: 4KB - Virtual size: 948B

.text
Size: 76KB - Virtual size: 72KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 100KB - Virtual size: 437KB

.rsrc
Size: 4KB - Virtual size: 948B