479a119e2c4812c2ad5737f6d7b7cd56_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

479a119e2c4812c2ad5737f6d7b7cd56_JaffaCakes118
Size

280KB
MD5

479a119e2c4812c2ad5737f6d7b7cd56
SHA1

67a89249d49455ba613d98a87f106dc701b3f0ad
SHA256

d2a32ceeb5f1821847795a5f30d7c67e7dae6fe27b21b82df5e4659357f796fb
SHA512

aee941a338e25ef05405597ae5bf28c2992717826df214c59863f81bd045d935d18e6dc3948f9539974dde3e8d7c8d47c7e5a7b9b20842174c209ed76012814f
SSDEEP

3072:3uG02pNilsHUOdJB4oQLbVFjNJNAljr4K61nMZfRN:+GnpNOcUOP6tFjO8WPN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
479a119e2c4812c2ad5737f6d7b7cd56_JaffaCakes118

Files

479a119e2c4812c2ad5737f6d7b7cd56_JaffaCakes118
.exe windows:4 windows x86 arch:x86

614fdceecb55f0f19cc0fbbc2b758841

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
FindFirstFileA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetModuleFileNameA
CloseHandle
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
SetStdHandle
HeapReAlloc
VirtualAlloc
HeapAlloc
GetOEMCP
GetLastError
DeleteFileA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
DebugBreak
GetStdHandle
WriteFile
InterlockedDecrement
OutputDebugStringA
LoadLibraryA
InterlockedIncrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
HeapFree
VirtualFree
RtlUnwind
SetFilePointer
SetConsoleCtrlHandler
IsBadWritePtr
IsBadReadPtr
HeapValidate
GetCPInfo
GetACP
FlushFileBuffers

user32

DialogBoxParamA
EndDialog
ShowWindow
MessageBoxA
LoadIconA

shell32

Shell_NotifyIconA

urlmon

URLDownloadToFileA

Sections

.text
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

614fdceecb55f0f19cc0fbbc2b758841

Headers

File Characteristics

Imports

kernel32

user32

shell32

urlmon

Sections

.text Size: 124KB - Virtual size: 122KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 13KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 128KB - Virtual size: 126KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 124KB - Virtual size: 122KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 13KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 128KB - Virtual size: 126KB

.reloc
Size: 4KB - Virtual size: 3KB