4496fa267f805f5a1b5d0f554ef6dcb2_JaffaCakes118

General

Target

4496fa267f805f5a1b5d0f554ef6dcb2_JaffaCakes118
Size

165KB
MD5

4496fa267f805f5a1b5d0f554ef6dcb2
SHA1

6dd19e095084ad57a7037de94ec8ea9f3cbc34b4
SHA256

ceb2b9cae95c78ddded22be873d3e3103084f13f55b558798ef3eb668f2d2538
SHA512

9ea8057c4580a0eada846a43aa52c7683e39f70a46cfba4da64f927a9dc5bcf638102816b1ccfc9497e2f922d221aa896b954eb56fb7527e6447d80e0f12b804
SSDEEP

3072:Vv1BfqAfRI5+7ZRbBNPgHZwUvVRnNUsChbc+KQamQcE59IvhdcJtQ6aO+wtOYhQ2:Vvzf/a5qbD4HP/yJbc+Rjw9O6QNO6SlM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4496fa267f805f5a1b5d0f554ef6dcb2_JaffaCakes118

Files

4496fa267f805f5a1b5d0f554ef6dcb2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

316a8ead928bb50a58582878fb5aed82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateProcessW
CloseHandle
DeleteFileW
GetCurrentThreadId
GetTickCount
GetLastError
SetEvent
WaitForSingleObject
GetCurrentProcess
LoadLibraryA
SystemTimeToFileTime
GetLocalTime
GetProfileStringW
VirtualFree
GetSystemTime
VirtualAlloc
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetCPInfo
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
SetEndOfFile
CreateFileA
FlushFileBuffers
SetStdHandle
IsBadWritePtr
HeapReAlloc
HeapAlloc
WideCharToMultiByte
GetModuleFileNameA
GetTimeZoneInformation
GetModuleHandleA
GetStartupInfoW
GetVersion
ExitProcess
HeapFree
ReadFile
TerminateProcess
SetFilePointer
GetProcAddress
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
RtlUnwind
WriteFile
SetEnvironmentVariableA

winspool.drv

DocumentPropertiesW
ClosePrinter
EnumPrintersA
OpenPrinterW

wininet

InternetOpenUrlA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenA
InternetQueryDataAvailable
InternetQueryOptionA
InternetCanonicalizeUrlA
InternetCrackUrlA
InternetCloseHandle
InternetGetLastResponseInfoA

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

316a8ead928bb50a58582878fb5aed82

Headers

File Characteristics

Imports

kernel32

winspool.drv

wininet

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 76KB - Virtual size: 72KB

.data Size: 28KB - Virtual size: 107KB

.rsrc Size: 4KB - Virtual size: 816B

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 76KB - Virtual size: 72KB

.data
Size: 28KB - Virtual size: 107KB

.rsrc
Size: 4KB - Virtual size: 816B