3d974f7203506ae83f1cd750afab3056_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d974f7203506ae83f1cd750afab3056_JaffaCakes118
Size

378KB
MD5

3d974f7203506ae83f1cd750afab3056
SHA1

10eace25031456834e6496b45c53e6b39bca3bf6
SHA256

5af6179d25c484b313aaec4a5b3034c4ede32ada719f07a7777d6d7e8209451b
SHA512

a1772b211f378d189cab7a1ad0776a79d896e04429712ec78cc0923d3df5036e8231ffeaa209c780afa431192f2c55c677c3af81587638d11e30ebb07b1849a9
SSDEEP

6144:pA8lXyaGVG+6CaXTMMWZ/UIbGtyaEzo7pXAVRjaPuIS35y4Yw2/0R9nFfxUBug03:pACXydVSKMWZ/U6GUHo71Wj+unh3R9Fy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d974f7203506ae83f1cd750afab3056_JaffaCakes118

Files

3d974f7203506ae83f1cd750afab3056_JaffaCakes118
.exe windows:4 windows x86 arch:x86

feb6862cbb37e7ca883a7c07e9405685

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

CryptSetKeyParam
RegOpenKeyExA
CryptSignHashW
CryptSetProviderExW

shell32

ExtractAssociatedIconExA
RealShellExecuteExW
SHChangeNotify
DragQueryFileW

user32

RegisterClassExA
SetCursorPos
DefMDIChildProcW
DestroyWindow
IsDlgButtonChecked
PostMessageW
EqualRect
GetUpdateRgn
EnableScrollBar
InSendMessageEx
AppendMenuW
IsDialogMessage
ToAscii
OpenDesktopW
DdeCreateDataHandle
SetPropA
SetForegroundWindow
CreatePopupMenu
SwapMouseButton

comdlg32

PrintDlgW
ReplaceTextW
GetSaveFileNameW
GetOpenFileNameW
GetOpenFileNameA
PageSetupDlgW
ReplaceTextA

kernel32

InterlockedDecrement
LoadLibraryA
GlobalUnlock
CreateRemoteThread
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
GetProcessHeap
GetTickCount
GetPrivateProfileIntA
LoadLibraryExA
LocalFileTimeToFileTime
GetModuleFileNameA
GetProcAddress
GetProfileStringA
RtlUnwind
GetMailslotInfo
lstrcatW
PulseEvent
TerminateThread
GetCurrentProcess
VirtualAlloc
GetStringTypeW
HeapReAlloc
SetConsoleActiveScreenBuffer
GetModuleHandleA
FormatMessageA
GetCurrentProcessId
GlobalUnfix
GetCurrentThreadId
WritePrivateProfileStructA
EnumDateFormatsA
GetFullPathNameA
HeapFree
VirtualQuery
ExitProcess
QueryPerformanceCounter
TerminateProcess
CreateDirectoryExW
FillConsoleOutputAttribute
HeapAlloc
GetComputerNameA
FindNextChangeNotification
InterlockedExchange

wininet

InternetCloseHandle
IsUrlCacheEntryExpiredA
FindNextUrlCacheEntryW
CreateUrlCacheContainerA
ShowCertificate
InternetShowSecurityInfoByURLW
FtpCommandW
FtpSetCurrentDirectoryA
RetrieveUrlCacheEntryFileA
FtpDeleteFileA
InternetQueryFortezzaStatus
InternetSecurityProtocolToStringW
FindNextUrlCacheEntryA
GopherCreateLocatorW
SetUrlCacheGroupAttributeW
FindNextUrlCacheContainerA
GetUrlCacheEntryInfoW
InternetUnlockRequestFile
InternetCrackUrlW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

feb6862cbb37e7ca883a7c07e9405685

Headers

File Characteristics

Imports

advapi32

shell32

user32

comdlg32

kernel32

wininet

Sections

.text Size: 102KB - Virtual size: 102KB

.data Size: 263KB - Virtual size: 262KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 102KB - Virtual size: 102KB

.data
Size: 263KB - Virtual size: 262KB

.rsrc
Size: 12KB - Virtual size: 11KB