40b9e3576d0abf6ddd3c8327edb57475_JaffaCakes118

General

Target

40b9e3576d0abf6ddd3c8327edb57475_JaffaCakes118
Size

27KB
MD5

40b9e3576d0abf6ddd3c8327edb57475
SHA1

66cdc53360717c0baacce418e7e9f793c4f205d1
SHA256

bbc325c807faecd2d541ed3805c15324a06cb2076b8b1e907862dd18e3b9074d
SHA512

e9cd9d3cb16516f6607ada8ab6cf466feac0a6550648452fcdcf3840cd719d5c51d1ff8b7ca8dc410f30cec9c2e8ae5d09113b3d1fc8c86344dc35871731b491
SSDEEP

768:kmSUGl8BT/YPxIdHqxIdnqWNlN3YLTpeDE:kxVlATYPCQaIkw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40b9e3576d0abf6ddd3c8327edb57475_JaffaCakes118

Files

40b9e3576d0abf6ddd3c8327edb57475_JaffaCakes118
.exe windows:9 windows x64 arch:x64

eb2981d15f960ad59328ed9b9f4fcda7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wininet

InternetConnectA
InternetReadFile
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
HttpQueryInfoA

urlmon

URLDownloadToFileW

kernel32

DeleteFileW
GetFileSize
SetFilePointer
VirtualFree
ReadFile
GetModuleFileNameW
CreateFileW
GetProcAddress
VirtualAlloc
VirtualProtect
CloseHandle
lstrlenA
GetTickCount
ExitThread
IsDebuggerPresent
OutputDebugStringA
GetComputerNameW
Sleep
lstrlenW
lstrcmpiA
GetModuleHandleA
lstrcatW
GetVersionExA
CopyFileW
ReleaseSemaphore
lstrcmpiW
lstrcatA
MultiByteToWideChar
CreateThread
OpenProcess
VirtualFreeEx
VirtualAllocEx
Wow64SetThreadContext
GetCurrentProcessId
WriteProcessMemory
Wow64GetThreadContext
WaitForSingleObject
TerminateThread
CreateSemaphoreW
CreateMutexA
OpenSemaphoreW

user32

wsprintfA
wsprintfW

advapi32

RegCloseKey
RegCreateKeyW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
GetUserNameW
RegOpenKeyExW

shell32

ShellExecuteW
ShellExecuteA
SHGetFolderPathW

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb2981d15f960ad59328ed9b9f4fcda7

Headers

DLL Characteristics

File Characteristics

Imports

wininet

urlmon

kernel32

user32

advapi32

shell32

Sections

.text Size: 25KB - Virtual size: 25KB

.pdata Size: 512B - Virtual size: 312B

.reloc Size: 512B - Virtual size: 48B

.text
Size: 25KB - Virtual size: 25KB

.pdata
Size: 512B - Virtual size: 312B

.reloc
Size: 512B - Virtual size: 48B