49c017c49c47cb04410bdfd0ddfebede_JaffaCakes118

General

Target

49c017c49c47cb04410bdfd0ddfebede_JaffaCakes118
Size

403KB
MD5

49c017c49c47cb04410bdfd0ddfebede
SHA1

7a97d32993174a6a308959f8beff7dd8b383e370
SHA256

0d83294f506bdc95943fc7fe5a207d05a820927fde97b1e941a97eec52ff5886
SHA512

db17f7c13f3351d0558ef3232940f1bb219925e6807e5c742438a6ba5f722d52da5702a84ff3e7dc28ffeb1ae17781ca9d5522d8800b09d4dedc1df7267372e3
SSDEEP

12288:cRoXE56st1xsV+3PIJguy/K5yeJ+KxwI93U1MNGNHVM6:cJ/2gZeJ+K+I97GNHu6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49c017c49c47cb04410bdfd0ddfebede_JaffaCakes118

Files

49c017c49c47cb04410bdfd0ddfebede_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3ea2ccd11130e27dbc41ce374b105fac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleCount
GetStdHandle
GetStartupInfoW
GetModuleFileNameW
RtlUnwind
FreeEnvironmentStringsW
GetLastError
GetCurrentProcess
GetProcAddress
VirtualAlloc
GetVersion
TlsGetValue
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
TlsSetValue
IsBadWritePtr
InterlockedExchange
GetModuleFileNameA
MultiByteToWideChar
GetModuleHandleA
ExitProcess
TlsAlloc
GetStartupInfoA
DeleteCriticalSection
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
VirtualFree
InitializeCriticalSection
GetCommandLineW
QueryPerformanceCounter
EnterCriticalSection
LeaveCriticalSection
GetEnvironmentStrings
VirtualQuery
GetCurrentThreadId
HeapDestroy
HeapAlloc
WriteFile
HeapFree
GetThreadSelectorEntry
TerminateProcess
GetCurrentProcessId
GetFileType
SetLastError
GetCommandLineA
GetTempPathW
GetCurrentThread
HeapCreate
TlsFree
GetEnvironmentStringsW

advapi32

CryptVerifySignatureW
RegQueryValueExW

wininet

InternetGetLastResponseInfoA
FindNextUrlCacheEntryExA
InternetCrackUrlW
GopherGetAttributeA
FtpSetCurrentDirectoryA
FtpFindFirstFileA
IsUrlCacheEntryExpiredW

Sections

.text
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 272KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ea2ccd11130e27dbc41ce374b105fac

Headers

File Characteristics

Imports

kernel32

advapi32

wininet

Sections

.text Size: 118KB - Virtual size: 117KB

.data Size: 272KB - Virtual size: 288KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 118KB - Virtual size: 117KB

.data
Size: 272KB - Virtual size: 288KB

.rsrc
Size: 12KB - Virtual size: 11KB