3c2bb154ae6c7265c197864b5cc85ed6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3c2bb154ae6c7265c197864b5cc85ed6_JaffaCakes118
Size

554KB
MD5

3c2bb154ae6c7265c197864b5cc85ed6
SHA1

2e126a60f7071d6686bf3d76b28bb6b3cffd6013
SHA256

7b051c51848a66350c89e388783c5ebe6f6c0b50660d163829285429795ee74c
SHA512

a408ee32bc970719553a8aa43fda1f3f41b7d0703440491e812adcc8dda831818f5d35a07d2679827c4b3d24ee031d6d404f87d32d85023bd40f0c9c5efc2be2
SSDEEP

12288:hqpimSwB0+eV3M4jcdCnp03KuVf9iMoCayMQlHQTs:UpidX+uM4jcdKtuVf0MopyMRTs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c2bb154ae6c7265c197864b5cc85ed6_JaffaCakes118

Files

3c2bb154ae6c7265c197864b5cc85ed6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6dfd58254b41a79a74d6904c40bde75b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\dteees

Imports

wininet

CreateUrlCacheEntryW
HttpQueryInfoA
InternetReadFileExW
InternetGetConnectedState
UnlockUrlCacheEntryStream
InternetCanonicalizeUrlW

user32

RegisterClassA
RegisterClassExA
EnumDesktopWindows
MessageBoxIndirectW
GetClassInfoA
UnregisterClassW
SetWindowsHookW
LoadImageA
CloseWindowStation
IsCharAlphaNumericW
ShowScrollBar
IsCharAlphaNumericA
DefWindowProcA
EndDialog

comctl32

InitCommonControlsEx

kernel32

LeaveCriticalSection
IsDebuggerPresent
DeleteCriticalSection
CompareStringW
ReadFile
GetStartupInfoW
EnterCriticalSection
SetEnvironmentVariableA
GetProcessHeap
GetProcAddress
GetEnvironmentStringsW
GetVersionExA
InterlockedExchange
IsValidCodePage
WriteConsoleW
IsValidLocale
GetFileType
OpenMutexA
SetStdHandle
HeapDestroy
GetCPInfo
GetStdHandle
HeapAlloc
WriteFile
GetStringTypeW
GetOEMCP
GetLastError
MultiByteToWideChar
GetDateFormatA
VirtualQuery
SetHandleCount
CompareFileTime
GetWindowsDirectoryW
VirtualFree
FreeEnvironmentStringsW
GetCurrentProcess
GetConsoleOutputCP
GetConsoleCP
GetCurrentThread
LoadLibraryA
InitializeCriticalSection
GetStringTypeA
TlsSetValue
TerminateProcess
InterlockedIncrement
CreateMutexA
GetCommandLineW
SetFilePointer
Sleep
SetConsoleActiveScreenBuffer
LCMapStringW
GetStartupInfoA
WriteConsoleA
GetTickCount
QueryPerformanceCounter
GetConsoleMode
HeapReAlloc
GetCurrentProcessId
HeapFree
VirtualAlloc
CompareStringA
TlsFree
SetLastError
GetCommandLineA
GetModuleFileNameW
HeapCreate
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
GetEnvironmentStrings
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetACP
GetModuleHandleA
GetTimeFormatA
GetLocaleInfoA
TlsGetValue
GetTimeZoneInformation
RemoveDirectoryW
LCMapStringA
CloseHandle
HeapSize
WideCharToMultiByte
GetCurrentThreadId
TlsAlloc
RtlUnwind
FreeLibrary
FlushFileBuffers
GetUserDefaultLCID
InterlockedDecrement
GetLocaleInfoW
UnhandledExceptionFilter
GetModuleFileNameA
ExitProcess
CreateFileA
EnumSystemLocalesA

gdi32

GetCharacterPlacementW

Sections

.text
Size: 383KB - Virtual size: 383KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6dfd58254b41a79a74d6904c40bde75b

Headers

File Characteristics

PDB Paths

Imports

wininet

user32

comctl32

kernel32

gdi32

Sections

.text Size: 383KB - Virtual size: 383KB

.rdata Size: 46KB - Virtual size: 72KB

.data Size: 109KB - Virtual size: 109KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 383KB - Virtual size: 383KB

.rdata
Size: 46KB - Virtual size: 72KB

.data
Size: 109KB - Virtual size: 109KB

.rsrc
Size: 14KB - Virtual size: 14KB