41aea01ed6d67056cd7907dd367db9f2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41aea01ed6d67056cd7907dd367db9f2_JaffaCakes118
Size

70KB
MD5

41aea01ed6d67056cd7907dd367db9f2
SHA1

83132ea94770e642178e27f72c2d37e5f66a5599
SHA256

671c6fc57c01a88763289074816751c30bb362006614036ad1b9046d93d3ec26
SHA512

d00989b473ce1f2ba65877b7887e7f39f81c6251215fcf538c70d8f4c00892efe86166c498b17245bf35dcede9eda3e22026196df1730063d184259991d725c0
SSDEEP

1536:9ECDhKSa9BgUNckFppdO1yuNQWRKbdqIUIRA1F0nles:9NlSHsy2rqq50nles

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41aea01ed6d67056cd7907dd367db9f2_JaffaCakes118

Files

41aea01ed6d67056cd7907dd367db9f2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4ca4ef26d3be928cc5c85a014d055e15

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA
InternetReadFile
InternetCloseHandle
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetOpenUrlA
HttpQueryInfoA

kernel32

LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
GetCurrentProcessId
Sleep
GetModuleFileNameA
InterlockedIncrement
InterlockedDecrement
GetTempPathA
ReleaseMutex
WaitForSingleObject
OutputDebugStringA
GetLastError
GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryA
CreateThread
CreateMutexA
LCMapStringW
GetTickCount
QueryPerformanceCounter
ReadFile
SetEndOfFile
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
SetFilePointer
CreateFileA
FlushFileBuffers
SetStdHandle
IsBadCodePtr
IsBadReadPtr
VirtualQuery
InterlockedExchange
FreeEnvironmentStringsW
VirtualAlloc
HeapSize
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
OpenMutexA
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
HeapReAlloc
WriteFile
GetCurrentProcess
TerminateProcess
ExitProcess
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
GetSystemTimeAsFileTime
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersionExA
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
CloseHandle

user32

RegisterClassExA
DefWindowProcA
PostQuitMessage
SetFocus
GetMessageA
TranslateMessage
DispatchMessageA
CreateWindowExA
SetTimer
GetWindowThreadProcessId
AttachThreadInput
GetActiveWindow
GetFocus
SetWindowPos
SetActiveWindow
SetForegroundWindow
LoadCursorA
LoadIconA
GetForegroundWindow

advapi32

RegOpenKeyExA
RegQueryValueExA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitializeEx
OleRun

oleaut32

VariantClear
SysFreeString
SysStringByteLen
SysAllocStringByteLen
GetErrorInfo
SysAllocString

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ca4ef26d3be928cc5c85a014d055e15

Headers

File Characteristics

Imports

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 776B

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 776B