41d94f3de1bc3a78a6c28ddafad9e078_JaffaCakes118

General

Target

41d94f3de1bc3a78a6c28ddafad9e078_JaffaCakes118
Size

427KB
MD5

41d94f3de1bc3a78a6c28ddafad9e078
SHA1

66d2fdd40ee435770fcf6e6b27f22e114583eca5
SHA256

66b5ee1673aa53d9b5df48329476d7dd9e278f9ff2eed49140c39a3734b5d4e6
SHA512

b95ce3f9687a7f814b4fcb5a0480e329a738559fb34a904024d8e847d1b30f90df4248bfd7991ca090f897935189aa7124c41d4eed651e66699d2622436680c8
SSDEEP

12288:7lc7QXEFNRWClxFfKpPVAqAZgKAlb6nRkSaBwijR:74QU9WChIVJailiBijR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41d94f3de1bc3a78a6c28ddafad9e078_JaffaCakes118

Files

41d94f3de1bc3a78a6c28ddafad9e078_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5976376a5bed58efd6edf2ab6fa1bfa4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
VirtualQuery
GetProfileStringW
EnumResourceTypesW
RtlUnwind
GetPrivateProfileIntA
QueryPerformanceCounter
GetCurrentProcess
GetProcAddress
VirtualAlloc
GetCurrentThreadId
GetConsoleTitleW
HeapReAlloc
HeapAlloc
VirtualAllocEx
VirtualFreeEx
HeapFree
InterlockedExchange
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
ExitProcess
lstrlenA
GetSystemDirectoryW
GetProfileSectionA
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetAtomNameA

wininet

InternetGetConnectedState
SetUrlCacheHeaderData
InternetSetOptionExA
InternetQueryFortezzaStatus
InternetCanonicalizeUrlW
FtpPutFileW
InternetOpenW
InternetSetCookieW
FtpDeleteFileW
InternetCreateUrlW
FtpSetCurrentDirectoryW
InternetConfirmZoneCrossingA
InternetGetCertByURLA
InternetOpenUrlA
InternetShowSecurityInfoByURL
DeleteUrlCacheGroup
InternetReadFileExA

advapi32

InitiateSystemShutdownA
LookupPrivilegeNameA
RegFlushKey
CryptEnumProviderTypesW
LookupSecurityDescriptorPartsW
CryptAcquireContextA
RegQueryMultipleValuesA
ReportEventW
RegQueryValueW
RegCloseKey
CryptVerifySignatureA
CryptHashSessionKey

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5976376a5bed58efd6edf2ab6fa1bfa4

Headers

File Characteristics

Imports

kernel32

wininet

advapi32

Sections

.text Size: 151KB - Virtual size: 150KB

.data Size: 266KB - Virtual size: 265KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 151KB - Virtual size: 150KB

.data
Size: 266KB - Virtual size: 265KB

.rsrc
Size: 9KB - Virtual size: 9KB