4bf743faa32ce444184de5e7ecac3131_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4bf743faa32ce444184de5e7ecac3131_JaffaCakes118
Size

291KB
MD5

4bf743faa32ce444184de5e7ecac3131
SHA1

754e4edb4bd4b24963e9c23830784923c87d27da
SHA256

a1937ef34264ea5328e58bae410016527c5ebf8e9a61cb32225bcb18f797ef12
SHA512

a631500d52d8b0035ea4edaff7c0436360775c535aaf564700af60b62aac4e074dc666c169208032ac6362c8f09bd95dd8478c945926396f6bc55bca6f1a6940
SSDEEP

6144:DpJWouzMWBvJBF+wA/60GTn1UIWRJGHSy7:DpJRYfa60G6HGHSy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bf743faa32ce444184de5e7ecac3131_JaffaCakes118

Files

4bf743faa32ce444184de5e7ecac3131_JaffaCakes118
.exe windows:4 windows x86 arch:x86

be1eaadb5cd5a0eec97cf8cf2387a6e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\fteov\eakstas\gcto\rfovzjw\zbrsr.PDB

Imports

comctl32

InitCommonControlsEx

wininet

FtpGetFileSize
FindNextUrlCacheGroup
InternetGetConnectedStateExA
FtpFindFirstFileA
InternetTimeFromSystemTimeW
GetUrlCacheGroupAttributeW
RetrieveUrlCacheEntryStreamA
InternetFindNextFileW

advapi32

CryptGetUserKey
RegSetValueW
CryptEnumProviderTypesW
CryptSetProvParam
RegReplaceKeyA
RegConnectRegistryW

user32

MsgWaitForMultipleObjectsEx
DdeReconnect
MessageBoxW
HideCaret
EditWndProc
GetMonitorInfoA
CreateWindowExA
GetClassInfoW
SetSystemCursor
DdeFreeStringHandle
RegisterClassA
OpenWindowStationA
GetComboBoxInfo
SetKeyboardState
GetClipboardSequenceNumber
GetClassWord
DrawTextA
SetMenuItemInfoW
GetSysColorBrush
RegisterClassExA
ShowWindow

kernel32

InitializeCriticalSection
ConnectNamedPipe
HeapDestroy
VirtualQuery
MultiByteToWideChar
TerminateProcess
FreeEnvironmentStringsW
ReadFile
TlsGetValue
DeleteCriticalSection
QueryPerformanceCounter
UnhandledExceptionFilter
ReadFileEx
GetStdHandle
GetStringTypeW
GetProcAddress
GetStartupInfoA
LeaveCriticalSection
GetStringTypeA
CompareStringW
WriteFile
GetLastError
GetSystemTime
InterlockedDecrement
GetACP
TlsSetValue
ExitProcess
LCMapStringA
GetTickCount
SetStdHandle
GetCurrentProcess
GetEnvironmentStringsW
HeapReAlloc
HeapCreate
SetFilePointer
GetEnvironmentStrings
GetCommandLineA
CloseHandle
LoadLibraryA
GetCurrentThread
InterlockedExchange
TlsAlloc
GetLocalTime
OpenMutexA
IsBadWritePtr
FreeEnvironmentStringsA
RtlUnwind
HeapAlloc
SetHandleCount
GetTimeZoneInformation
GetModuleFileNameA
TlsFree
CompareStringA
SetLastError
HeapFree
CreateMutexA
InterlockedIncrement
GetSystemTimeAsFileTime
WideCharToMultiByte
GetCurrentThreadId
GetCurrentProcessId
GetVersion
GetFileType
GetOEMCP
EnterCriticalSection
LCMapStringW
GetModuleHandleA
VirtualAlloc
FlushFileBuffers
VirtualFree
SetEnvironmentVariableA
GetCPInfo

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be1eaadb5cd5a0eec97cf8cf2387a6e8

Headers

File Characteristics

PDB Paths

Imports

comctl32

wininet

advapi32

user32

kernel32

Sections

.text Size: 167KB - Virtual size: 167KB

.rdata Size: 20KB - Virtual size: 40KB

.data Size: 86KB - Virtual size: 86KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 167KB - Virtual size: 167KB

.rdata
Size: 20KB - Virtual size: 40KB

.data
Size: 86KB - Virtual size: 86KB

.rsrc
Size: 16KB - Virtual size: 16KB