4c9c8410c6883a90c1894a31b2f7c513_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4c9c8410c6883a90c1894a31b2f7c513_JaffaCakes118
Size

484KB
MD5

4c9c8410c6883a90c1894a31b2f7c513
SHA1

5c39ea2f77ea374946ce200e38af62d5c8c88094
SHA256

387b6acfb9f56c46bb68e9b4f3d4eb6f07c900bac234c0814078e97628e55dec
SHA512

41acd1868fbe4b6ac1221534a9181d67eb8b9d2a30005ac554ec7c161e0fc6b01a3ee5fb54fffca0660d25dc0cd7568e4b98891e699fa8522cbdabb710ac9272
SSDEEP

12288:/RUHlDvQYhlqcG1fnlnFeExYm6/3E2RjU1i5br6kQO3:CNLlKdnMYb6PE2UgbnD3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4c9c8410c6883a90c1894a31b2f7c513_JaffaCakes118

Files

4c9c8410c6883a90c1894a31b2f7c513_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3d8d62590094f55f448895c98d97864c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bozl\czoeonfd\eiydnsva.pdb

Imports

comctl32

InitCommonControlsEx

wininet

InternetSetOptionExA
InternetTimeToSystemTime
FtpOpenFileW
InternetSetFilePointer
DeleteUrlCacheContainerW
UnlockUrlCacheEntryStream
FindNextUrlCacheEntryA
InternetQueryFortezzaStatus

gdi32

GetMetaRgn
SetFontEnumeration
DeleteColorSpace
ColorCorrectPalette
SetDeviceGammaRamp
GetRandomRgn

comdlg32

ReplaceTextW
LoadAlterBitmap
PageSetupDlgW

shell32

FindExecutableA
RealShellExecuteA
DragQueryFileAorW

kernel32

IsValidCodePage
SetEnvironmentVariableA
GlobalFindAtomW
GetCurrentProcess
VirtualFree
GetModuleHandleA
SetHandleCount
MoveFileExA
FreeEnvironmentStringsA
LoadLibraryA
EnterCriticalSection
VirtualQuery
LCMapStringW
HeapDestroy
LeaveCriticalSection
IsBadWritePtr
HeapCreate
CompareStringA
CompareStringW
GetOEMCP
GetTickCount
IsValidLocale
WriteFile
CreateMutexA
HeapSize
TerminateProcess
CloseHandle
lstrlenW
GetLocaleInfoW
FindNextChangeNotification
RtlUnwind
UnhandledExceptionFilter
MoveFileExW
EnumSystemLocalesA
SetLastError
GetUserDefaultLCID
GetStartupInfoA
HeapAlloc
MultiByteToWideChar
GetCurrentProcessId
GetPrivateProfileStructA
QueryPerformanceCounter
GetACP
VirtualProtect
InterlockedExchange
TlsAlloc
SetFilePointer
GetCurrentThreadId
GetModuleFileNameW
GetDateFormatA
GetStartupInfoW
SetStdHandle
GetLocaleInfoA
FreeEnvironmentStringsW
GetCommandLineA
GetFileType
OpenSemaphoreA
ReadConsoleOutputW
GetTimeFormatA
TlsFree
WideCharToMultiByte
FlushFileBuffers
TlsGetValue
GetProcAddress
GetProfileSectionA
LCMapStringA
GetCurrentThread
GetStringTypeA
GetTimeZoneInformation
lstrlenA
InitializeCriticalSection
VirtualAlloc
GetEnvironmentStrings
HeapReAlloc
GetLastError
TlsSetValue
SetThreadAffinityMask
VirtualQueryEx
GetCPInfo
GetSystemTimeAsFileTime
ReadConsoleW
GetSystemInfo
OpenMutexA
GetConsoleOutputCP
ExitProcess
GetModuleFileNameA
GetEnvironmentStringsW
GetVolumeInformationA
ReadFile
HeapFree
GetStringTypeW
DeleteCriticalSection
GetCommandLineW
GetStdHandle
GetVersionExA

user32

SetWindowLongA
IsIconic
TranslateAcceleratorA
GetKeyboardLayoutNameA
RegisterClassExA
RegisterClassA

Sections

.text
Size: 350KB - Virtual size: 350KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d8d62590094f55f448895c98d97864c

Headers

File Characteristics

PDB Paths

Imports

comctl32

wininet

gdi32

comdlg32

shell32

kernel32

user32

Sections

.text Size: 350KB - Virtual size: 350KB

.rdata Size: 24KB - Virtual size: 41KB

.data Size: 103KB - Virtual size: 103KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 350KB - Virtual size: 350KB

.rdata
Size: 24KB - Virtual size: 41KB

.data
Size: 103KB - Virtual size: 103KB

.rsrc
Size: 5KB - Virtual size: 4KB