3f8b7301f9b43d0b6fa93704ac6cc723_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f8b7301f9b43d0b6fa93704ac6cc723_JaffaCakes118
Size

62KB
MD5

3f8b7301f9b43d0b6fa93704ac6cc723
SHA1

ddc03003863e0d5ba86d2485d7f1dbddc5ce8f70
SHA256

b229035a1be3c8e1da0b76abbeca94e7c4955452b7b9819e59bf90e5d9cea7c6
SHA512

ba9bca2501735241c1641d8885d3d7bb798b211ec341f0525bebfd174e279d9a980b9a7901a172bceb95fd306e9153b5464577d565eee782a7b2c554e0f75689
SSDEEP

768:daVROsthIgZ+L1V6ICE1OMy8P7yB9kHHkr4qYh9/0bBu/JpZOlOiIZ4vK:deRO+G9OoP7yB9kn1h98kJp8lOiImy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f8b7301f9b43d0b6fa93704ac6cc723_JaffaCakes118

Files

3f8b7301f9b43d0b6fa93704ac6cc723_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b233f26b0d24a8835f93c33c0498632e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\Sources\Personal\download\Release\download.pdb

Imports

kernel32

LocalFree
FormatMessageA
GetModuleHandleA
GetLastError
WriteFile
GetModuleFileNameA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
SetLastError
CompareFileTime
DeleteFileA
CloseHandle
CreateFileA
MultiByteToWideChar
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SetFilePointer
LoadLibraryA
FlushFileBuffers
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
IsBadWritePtr
VirtualFree
HeapCreate
GetSystemTimeAsFileTime
GetCurrentProcessId
SetStdHandle
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcess
TerminateProcess
GetProcAddress
GetStartupInfoA
GetFileType
GetStdHandle
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
ExitProcess
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetCommandLineA
GetOEMCP
GetCPInfo
SetUnhandledExceptionFilter
SetHandleCount

shlwapi

PathFindFileNameA
PathFindExtensionA
PathAppendA

wininet

HttpSendRequestA
HttpQueryInfoA
HttpEndRequestA
InternetReadFile
InternetGetLastResponseInfoA
HttpOpenRequestA
FtpOpenFileA
InternetQueryOptionA
InternetSetOptionA
FtpFindFirstFileA
InternetConnectA
InternetOpenA
InternetCrackUrlA
InternetCloseHandle
InternetFindNextFileA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

XOR
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b233f26b0d24a8835f93c33c0498632e

Headers

File Characteristics

PDB Paths

Imports

kernel32

shlwapi

wininet

version

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 2KB

XOR Size: 2KB - Virtual size: 2KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 2KB

XOR
Size: 2KB - Virtual size: 2KB