3600eb49a35962f5402962e716ea56b5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3600eb49a35962f5402962e716ea56b5_JaffaCakes118
Size

264KB
MD5

3600eb49a35962f5402962e716ea56b5
SHA1

fe3a76d66c38c647f480cd1ba59a761203fe9b7a
SHA256

ba5d54eae31fdfc57cd86c05f79e56a3f2865a29ef4dc9f31d8092e3438aa895
SHA512

7ca53f507179a7ddec363e26d0d8563065ade73b57cf5a40ab4a4563cacc206e4b9ced1efffeb75a7c7b1384958349f7a1442f0d2701c94278f94978d552eaec
SSDEEP

6144:C7W84Cbu6Wd0ZMLaZl59k3BwDr6wf7FYXkRU:ao6Wdr+Z/W3BwDWwRh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3600eb49a35962f5402962e716ea56b5_JaffaCakes118

Files

3600eb49a35962f5402962e716ea56b5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f2b45e8c9724d845d4017e7f2a000982

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLocaleInfoA
FreeLibrary
SetHandleCount
EnterCriticalSection
RtlUnwind
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetCurrentProcess
GetTimeZoneInformation
VirtualAlloc
Sleep
SetConsoleCtrlHandler
HeapReAlloc
GetStdHandle
LocalFree
GetStartupInfoW
GetDateFormatA
SetUnhandledExceptionFilter
GetModuleFileNameA
GetLastError
HeapSize
ExitProcess
GetModuleHandleW
HeapDestroy
IsDebuggerPresent
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetCurrentThread
LCMapStringA
QueryPerformanceCounter
GetLocaleInfoW
TlsSetValue
GetEnvironmentStringsW
TlsGetValue
WriteFile
GetCommandLineW
HeapAlloc
GetStringTypeW
HeapFree
DuplicateHandle
TlsAlloc
GetCurrentProcessId
CompareStringW
InterlockedDecrement
HeapCreate
VirtualFree
IsValidLocale
GetCPInfo
GetOEMCP
InterlockedIncrement
GetFileType
MultiByteToWideChar
UnhandledExceptionFilter
GetFileSize
EnumSystemLocalesA
GetModuleHandleA
GetDiskFreeSpaceExA
GetModuleFileNameW
CompareStringA
GetPrivateProfileSectionNamesW
TlsFree
WaitForDebugEvent
SetStdHandle
GetACP
IsValidCodePage
GetProcAddress
GetStartupInfoA
GetStringTypeA
FreeEnvironmentStringsW
SetEnvironmentVariableA
InterlockedExchange
LCMapStringW
TerminateProcess
GetTimeFormatA
VirtualQuery
LeaveCriticalSection
WideCharToMultiByte
GetConsoleCP
SetLastError
GetCurrentThreadId

comdlg32

PageSetupDlgW
ChooseColorW
PrintDlgW
FindTextA
ChooseFontA
LoadAlterBitmap
ChooseColorA
GetOpenFileNameA
GetFileTitleW
PageSetupDlgA
GetSaveFileNameW

wininet

ShowX509EncodedCertificate
InternetConnectW
InternetShowSecurityInfoByURLA
InternetQueryOptionA
InternetSetOptionExW
CommitUrlCacheEntryW
InternetCloseHandle
UrlZonesDetach
FtpSetCurrentDirectoryA
GetUrlCacheEntryInfoExA
FindNextUrlCacheGroup
InternetTimeToSystemTime
FtpGetFileSize
FtpPutFileW
FtpGetFileA
InternetGoOnlineA
InternetCombineUrlA

Sections

.text
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2b45e8c9724d845d4017e7f2a000982

Headers

File Characteristics

Imports

kernel32

comdlg32

wininet

Sections

.text Size: 109KB - Virtual size: 109KB

.data Size: 138KB - Virtual size: 155KB

.rsrc Size: 15KB - Virtual size: 14KB

.text
Size: 109KB - Virtual size: 109KB

.data
Size: 138KB - Virtual size: 155KB

.rsrc
Size: 15KB - Virtual size: 14KB