45676606b0a1378953554a09ef3debe2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

45676606b0a1378953554a09ef3debe2_JaffaCakes118
Size

763KB
MD5

45676606b0a1378953554a09ef3debe2
SHA1

594302b967221fa99166c931482099475b492a62
SHA256

af5ba3762fecee5a02ea2da2c24cca07f20c226548382c56ab5ab2ab26616526
SHA512

b3c6db04dfa62285d005e324feb59f9e948f7955271f173814f5e2bd2256769a704d6206e280109251b3b45adda28ee62b4055535638031faf2830fe295c27d6
SSDEEP

12288:7luwAWpWa4qjpIN6BumqRJL7TgRv4bwkWctMBtsIks6Ri9XBfiEJKBvSd:7wtq+N6BumqRJL3gRwbG3BtTks6Ri9xb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45676606b0a1378953554a09ef3debe2_JaffaCakes118

Files

45676606b0a1378953554a09ef3debe2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

17c05ae9f598bb42f896b8e5237ff1cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FtpSetCurrentDirectoryW

rpcrt4

UuidToStringA
NdrClientCall2
RpcStringBindingComposeW
RpcImpersonateClient

ws2_32

WSAGetLastError

ole32

OleDuplicateData

kernel32

ResetEvent
lstrcpyA
CreateEventW
LoadResource
GetShortPathNameW
SetFilePointer
GetProcessHeap
ReadFile
SizeofResource
GetThreadLocale
FlushFileBuffers
LockResource
CopyFileW
MoveFileW
GetUserDefaultLCID
GlobalUnlock
WideCharToMultiByte
CloseHandle
MulDiv
GetModuleFileNameW
lstrlenA
HeapFree
GlobalFree
DeleteFileW
Sleep
HeapAlloc
GlobalAlloc
GetLastError
WriteFile
GetFileAttributesA
lstrlenW
FormatMessageW
LoadLibraryA
CreateProcessW
WaitForSingleObject
GlobalSize
VirtualAlloc
FindFirstFileW
FindClose
FindResourceW
GetStringTypeExW
GetSystemInfo
GetVersionExW
FindNextFileW
GetFullPathNameW
GetFileAttributesW
HeapReAlloc
SetLastError
GlobalLock

comdlg32

GetOpenFileNameA
PrintDlgA

user32

EnumThreadWindows
EqualRect
LoadIconW
DestroyMenu
DeleteMenu
InflateRect
CallWindowProcW
ShowWindow
SystemParametersInfoA
PostQuitMessage
SetDlgItemInt
EndDialog
GetLastActivePopup
GetClassInfoExW
WaitForInputIdle

shell32

ExtractIconW
Shell_NotifyIconW

msvcrt

__set_app_type

Sections

.data
Size: 415KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

17c05ae9f598bb42f896b8e5237ff1cb

Headers

DLL Characteristics

File Characteristics

Imports

wininet

rpcrt4

ws2_32

ole32

kernel32

comdlg32

user32

shell32

msvcrt

Sections

.data Size: 415KB - Virtual size: 2.0MB

.rsrc Size: 164KB - Virtual size: 164KB

.text Size: 107KB - Virtual size: 106KB

.reloc Size: 512B - Virtual size: 24B

.rdata Size: 74KB - Virtual size: 74KB

.data
Size: 415KB - Virtual size: 2.0MB

.rsrc
Size: 164KB - Virtual size: 164KB

.text
Size: 107KB - Virtual size: 106KB

.reloc
Size: 512B - Virtual size: 24B

.rdata
Size: 74KB - Virtual size: 74KB