43c2ebb26d00dbd4397bc430d2c0cd40_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

43c2ebb26d00dbd4397bc430d2c0cd40_JaffaCakes118
Size

516KB
MD5

43c2ebb26d00dbd4397bc430d2c0cd40
SHA1

cdbc6e692ea66857a92e083960a572802e456164
SHA256

6272501f5bed619744a694d4af9547447a29d197147893dbc79facba974cedba
SHA512

5a5f4dc95c388a9bd6ef49a8bd1b7b4841d217d971d302a8fc65a886d1f3613431db0112a82ee76ab8c67422070168f065f0a568839cfb174701f9f6c32def22
SSDEEP

12288:bd7UPFhTTNc2FN9EQH/CJdryZBhViV9/s8:FIFhu0tCPrkBhV85

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43c2ebb26d00dbd4397bc430d2c0cd40_JaffaCakes118

Files

43c2ebb26d00dbd4397bc430d2c0cd40_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ee0cf4a102247b3f2a94c2e5941d56bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\stitjcamr.pdb

Imports

user32

RegisterClassExA
GetIconInfo
ReleaseCapture
UnhookWinEvent
RegisterClassA
DlgDirSelectExA
EnableMenuItem
SystemParametersInfoW
IsDialogMessageA
DdeCmpStringHandles
CreateIconFromResourceEx
CallMsgFilterA
GetScrollPos

wininet

InternetWriteFileExA
InternetOpenW
InternetCanonicalizeUrlA
InternetShowSecurityInfoByURLA
GopherGetLocatorTypeW
InternetSetFilePointer
InternetQueryFortezzaStatus

kernel32

GetTimeFormatA
OpenMutexA
InterlockedExchange
EnterCriticalSection
InitializeCriticalSection
HeapFree
GetACP
GetLastError
GetSystemTimeAsFileTime
CompareStringW
SetHandleCount
HeapReAlloc
TlsAlloc
RtlUnwind
GetStartupInfoA
UnhandledExceptionFilter
SetFilePointer
GetLocaleInfoW
DeleteCriticalSection
LeaveCriticalSection
GetEnvironmentStringsW
TerminateProcess
ExitProcess
VirtualAlloc
GetModuleFileNameW
FreeEnvironmentStringsA
GetFileType
IsValidLocale
LoadLibraryA
WriteFile
VirtualFree
TlsFree
GetCurrentProcessId
TlsGetValue
GetStartupInfoW
VirtualProtect
GetModuleFileNameA
LCMapStringW
HeapDestroy
SetEnvironmentVariableA
GetVersionExA
FreeEnvironmentStringsW
GetModuleHandleA
IsValidCodePage
GetStdHandle
GetCommandLineW
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
GetCurrentProcess
TlsSetValue
VirtualQuery
GetEnvironmentStrings
GetStringTypeW
EnumSystemLocalesA
ReadFile
SetStdHandle
FlushFileBuffers
GetCPInfo
SetLastError
GetCurrentThread
HeapSize
WideCharToMultiByte
GetTickCount
QueryPerformanceCounter
CompareStringA
GetSystemInfo
GetUserDefaultLCID
GetDateFormatA
HeapCreate
GetCommandLineA
GetCurrentThreadId
GetProfileIntA
GetTimeZoneInformation
GetProcAddress
HeapAlloc
GetOEMCP
CloseHandle
GetStringTypeA
CreateMutexA
IsBadWritePtr

comctl32

InitCommonControlsEx

Sections

.text
Size: 383KB - Virtual size: 382KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee0cf4a102247b3f2a94c2e5941d56bd

Headers

File Characteristics

PDB Paths

Imports

user32

wininet

kernel32

comctl32

Sections

.text Size: 383KB - Virtual size: 382KB

.rdata Size: 17KB - Virtual size: 26KB

.data Size: 105KB - Virtual size: 104KB

.rsrc Size: 10KB - Virtual size: 9KB

.text
Size: 383KB - Virtual size: 382KB

.rdata
Size: 17KB - Virtual size: 26KB

.data
Size: 105KB - Virtual size: 104KB

.rsrc
Size: 10KB - Virtual size: 9KB