47f5395ab23dda86d27528f3be63d666_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

47f5395ab23dda86d27528f3be63d666_JaffaCakes118
Size

561KB
MD5

47f5395ab23dda86d27528f3be63d666
SHA1

35646ff03776d0ff514841a9b056ee78078f289d
SHA256

ce9f2150a8d10298eb99ebb093ccbbac65cc43b019c1c5c5494384fd99a7a9bd
SHA512

c6b783ca66d45077cb7d2fe7ca0e14c27d155689185755f892b4e7980c2948cdf1e3348be1fa1c914b4f2417ffa9cca5a0e634d1b9f902126e19b1f02b34b514
SSDEEP

12288:VfokwsXDLrrFtjJ4w4QpdH9QBMMnMMMMM9yVDEyv0LdcU+pJriu8OaCX:RowXHrrz9OBMMnMMMMM8nUSJWu8iX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47f5395ab23dda86d27528f3be63d666_JaffaCakes118

Files

47f5395ab23dda86d27528f3be63d666_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ebd37bc82e13c9f2a4890f9e21825c44

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlAdjustPrivilege
RtlAddAccessAllowedObjectAce
NtAllocateVirtualMemory
NtQueryDirectoryFile

urlmon

CompatFlagsFromClsid
FindMimeFromData
CoGetClassObjectFromURL
CoInternetCombineUrl
URLDownloadToCacheFileW
CreateAsyncBindCtx

wininet

InternetCrackUrlW
InternetGetConnectedStateExW
InternetCombineUrlW

ddraw

DirectDrawCreate

rtutils

TraceDumpExA

shlwapi

PathFileExistsW
StrRChrW
StrCmpIW
PathAppendW
StrCSpnIW
StrCmpW
PathFindFileNameW
PathFindExtensionW
wnsprintfW
StrCmpNW
StrStrIW
StrStrW
StrCmpNIW
SHRegGetValueW
StrSpnW

rpcrt4

NdrDllCanUnloadNow
NdrOleAllocate
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_QueryInterface
CStdStubBuffer_Invoke
CStdStubBuffer_AddRef
NdrCStdStubBuffer_Release
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_CountRefs
CStdStubBuffer_Disconnect
NdrDllGetClassObject
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Connect

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ebd37bc82e13c9f2a4890f9e21825c44

Headers

File Characteristics

Imports

ntdll

urlmon

wininet

ddraw

rtutils

shlwapi

rpcrt4

Sections

.text Size: 49KB - Virtual size: 48KB

.data Size: 266KB - Virtual size: 1.1MB

.rsrc Size: 29KB - Virtual size: 28KB

.rdata Size: 213KB - Virtual size: 212KB

.reloc Size: 512B - Virtual size: 48B

.idata Size: 2KB - Virtual size: 1KB

.text
Size: 49KB - Virtual size: 48KB

.data
Size: 266KB - Virtual size: 1.1MB

.rsrc
Size: 29KB - Virtual size: 28KB

.rdata
Size: 213KB - Virtual size: 212KB

.reloc
Size: 512B - Virtual size: 48B

.idata
Size: 2KB - Virtual size: 1KB