4b3f0ac5305a2e7122853e9f8fcc76d7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4b3f0ac5305a2e7122853e9f8fcc76d7_JaffaCakes118
Size

247KB
MD5

4b3f0ac5305a2e7122853e9f8fcc76d7
SHA1

6a9cbbba8808114efb63c921d67338bbaf69d001
SHA256

eab64965c59e8ae5962a0bd71315bda3cd591452e79f9cefb7ee9ddf0f1b7da9
SHA512

3b15b6fd960005a69b94b3142b1ddd23eb5e5d7ce596fa7d22b86a35b080cc572d0aba8b3133b24c8a3f0712aa6f3d485100fbb8a7cef70078cc10c17b9a64ee
SSDEEP

3072:GFjCjAlU+B8mH3zEM9mke/P/DQNhIqcGFRvlbgbrY5LRjNOXsuIPz5ZOdpu:KCjAWk8mfgkQ/cN+lGJbggXNOcuUGd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b3f0ac5305a2e7122853e9f8fcc76d7_JaffaCakes118

Files

4b3f0ac5305a2e7122853e9f8fcc76d7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e7d7f64fa4a6e0e9935d5a1909013a1b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpOpenRequestW
InternetAlgIdToStringA
InternetCheckConnectionW
InternetGetCookieA
InternetInitializeAutoProxyDll
GopherCreateLocatorW
ResumeSuspendedDownload
InternetErrorDlg

advapi32

CryptEnumProviderTypesW
RegSetValueExW
CryptEncrypt
CryptGetProvParam
RegLoadKeyW
CryptGenKey
RevertToSelf
CryptCreateHash
CryptDecrypt
RegConnectRegistryW
RegCreateKeyExA
RegQueryValueExW
DuplicateTokenEx
CryptEnumProvidersA
LookupPrivilegeNameA
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyW
LookupPrivilegeNameW
LookupAccountSidW
RegQueryValueW

kernel32

GetVersionExA
EnterCriticalSection
GetTimeZoneInformation
IsBadWritePtr
EnumCalendarInfoExW
GetCurrentProcess
GlobalFindAtomW
EnumSystemLocalesA
GetLocaleInfoA
HeapReAlloc
GetCPInfo
GetCompressedFileSizeW
TlsAlloc
FreeEnvironmentStringsA
SetHandleCount
GetCommandLineA
HeapCreate
LCMapStringW
SetLastError
GetCurrentThreadId
GetFileType
GetStringTypeA
CreateMailslotA
WaitForSingleObject
TlsGetValue
RtlUnwind
VirtualProtect
LCMapStringA
GetCurrentProcessId
GetEnvironmentStringsW
HeapFree
GetCommandLineW
GetConsoleCursorInfo
WideCharToMultiByte
DeleteCriticalSection
GetACP
GetUserDefaultLCID
GetModuleFileNameW
LeaveCriticalSection
LoadLibraryA
GetStdHandle
FreeEnvironmentStringsW
MultiByteToWideChar
IsValidCodePage
GetModuleHandleA
GetDateFormatA
FindResourceExA
GetLastError
SetEnvironmentVariableA
HeapSize
GetStartupInfoW
CreateDirectoryW
WriteConsoleOutputCharacterA
GetProcAddress
GetTimeFormatA
HeapDestroy
GetStringTypeW
GetModuleFileNameA
GetOEMCP
ExpandEnvironmentStringsW
GetEnvironmentStrings
GetTickCount
VirtualAlloc
TlsSetValue
UnhandledExceptionFilter
CompareStringW
GetSystemInfo
SetEndOfFile
TlsFree
CreateWaitableTimerW
GetStartupInfoA
VirtualQuery
GetSystemTimeAsFileTime
TerminateProcess
GetLocaleInfoW
InterlockedExchange
CompareStringA
HeapAlloc
lstrcmp
IsValidLocale
VirtualFree
WriteFile
CreateThread
InitializeCriticalSection
QueryPerformanceCounter
ExitProcess
GetCurrentThread

user32

CallMsgFilterW

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7d7f64fa4a6e0e9935d5a1909013a1b

Headers

File Characteristics

Imports

wininet

advapi32

kernel32

user32

Sections

.text Size: 115KB - Virtual size: 114KB

.rdata Size: 8KB - Virtual size: 31KB

.data Size: 109KB - Virtual size: 109KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 115KB - Virtual size: 114KB

.rdata
Size: 8KB - Virtual size: 31KB

.data
Size: 109KB - Virtual size: 109KB

.rsrc
Size: 13KB - Virtual size: 13KB