4b5354294b8279085cc0d5db1c702afe_JaffaCakes118

General

Target

4b5354294b8279085cc0d5db1c702afe_JaffaCakes118
Size

399KB
MD5

4b5354294b8279085cc0d5db1c702afe
SHA1

95a35da93781c7b3b56f3ddf58e497dd67b5078b
SHA256

5118ef7e9ae1c97225f1a545942b9485b6cf7d5b65ff3ec92bd96158ee3eba7f
SHA512

3e80c8e66160c5af005798aefcabc935bc9f0e02a85e3ee03a76ab090e45bb06a5f4c345ac6d6384f7dc130f972d4327eb5efca5528e19088cbc92543567d8e5
SSDEEP

12288:XDZ7o5YnvUoa5kU9Jpmm1pKpgvXSsFnWDqY9lfsa:zGyUoaram1pxznPY9n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4b5354294b8279085cc0d5db1c702afe_JaffaCakes118

Files

4b5354294b8279085cc0d5db1c702afe_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6d3c622925f1959f7682336c72ca2a78

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualQuery
GetPrivateProfileStructW
CreateWaitableTimerW
GetCurrentThreadId
QueryPerformanceCounter
GetCurrentProcess
HeapAlloc
LoadLibraryA
GetLogicalDriveStringsA
ExitProcess
VirtualAlloc
ResumeThread
GetPrivateProfileSectionW
GetSystemTimeAsFileTime
InterlockedExchange
GetTickCount
GetCurrentProcessId
GetModuleHandleA
HeapFree
GetProcAddress
RtlUnwind
TerminateProcess
GetModuleFileNameA
HeapReAlloc
CreateWaitableTimerA

wininet

InternetSetDialStateA
GopherCreateLocatorA
HttpSendRequestA
DeleteUrlCacheEntry
HttpSendRequestW
GopherGetAttributeW
InternetQueryFortezzaStatus
GetUrlCacheConfigInfoW
FtpGetFileEx
InternetFortezzaCommand
DeleteUrlCacheContainerA
InternetGetCertByURLA
DeleteUrlCacheEntryA
InternetFindNextFileW
FindFirstUrlCacheContainerW
FtpPutFileEx

shell32

SHGetSpecialFolderPathA
ExtractIconW
RealShellExecuteA
DoEnvironmentSubstA
SHAppBarMessage
SHAddToRecentDocs
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetFileInfo
SHFileOperationA
ExtractIconExA
SHGetFileInfoA
DragQueryFileAorW
InternalExtractIconListA
DragFinish
DragQueryFileA
ExtractIconA
ShellExecuteExA
DoEnvironmentSubstW

user32

GetKeyboardState
GetWindowModuleFileNameA
DdeConnectList
SetFocus
GetMessageW
ExcludeUpdateRgn
DrawStateW
CharUpperA
CopyIcon
InflateRect
OemKeyScan
SetMenuItemBitmaps
ShowWindowAsync
GetIconInfo
CallWindowProcW
GetShellWindow
MessageBeep
GetWindowInfo
IsClipboardFormatAvailable
RemovePropW

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d3c622925f1959f7682336c72ca2a78

Headers

File Characteristics

Imports

kernel32

wininet

shell32

user32

Sections

.text Size: 125KB - Virtual size: 125KB

.data Size: 265KB - Virtual size: 264KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 125KB - Virtual size: 125KB

.data
Size: 265KB - Virtual size: 264KB

.rsrc
Size: 7KB - Virtual size: 7KB