59ec305baee736ff39a1c3f9e06f9c3b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

59ec305baee736ff39a1c3f9e06f9c3b_JaffaCakes118
Size

94KB
MD5

59ec305baee736ff39a1c3f9e06f9c3b
SHA1

f0ad6990c4c315242e23dd5153805880f97e1147
SHA256

b5b6cd5d1d95bfa8d43c633b53e074aae5d924c36265c748534c14958afe761b
SHA512

a6116935f00966fa799f81ba285ff4d3288a284a56e2dd55090990646f6720aa0056d0c8de67d492b7c0f97bfd1a2ce61fc17910c523892bb8b16ed4bdaf6bf7
SSDEEP

1536:p/aH7vNS5mILruRm8xRfU4KuLILbn2mhYSddPJrx/V6WFM/Wqe3o2a/gppEDYdSw:p/XzLruRjxUuL2b2mKSddPJrtVDFM/Wl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
59ec305baee736ff39a1c3f9e06f9c3b_JaffaCakes118

Files

59ec305baee736ff39a1c3f9e06f9c3b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9176f88329f0a7c341253c830226442c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

shlwapi

SHGetValueA
SHSetValueA
PathFileExistsA
SHDeleteValueA
SHDeleteKeyA
PathAppendA

wininet

InternetReadFile
InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA

kernel32

LoadLibraryA
GetStartupInfoA
GetModuleHandleA
GetProcAddress
GetCurrentProcessId
FreeLibrary
GetVersionExA
ResumeThread
SetPriorityClass
GetCurrentProcess
GetCurrentThread
SetThreadPriority
CreateProcessA
CloseHandle
WriteFile
lstrlenA
GetModuleFileNameA
CreateFileA
GetTempPathA
RemoveDirectoryA
DeleteFileA
Sleep
CreateDirectoryA
GetLastError
CreateMutexA
SetLastError
GetComputerNameA
SystemTimeToFileTime
GetSystemTimeAsFileTime
WaitForSingleObject
OpenMutexA

user32

DefWindowProcA
RegisterClassExA
CreateWindowExA
SetTimer
GetMessageA
SetMessageExtraInfo
TranslateMessage
DispatchMessageA
KillTimer
GetMessageExtraInfo
PostQuitMessage
wsprintfA
MessageBoxA
RegisterWindowMessageA

advapi32

SetSecurityDescriptorDacl
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumValueA
RegOpenKeyA
RegQueryValueExA
InitializeSecurityDescriptor

ole32

CoInitializeEx

msvcrt

free
_controlfp
_except_handler3
strlen
__CxxFrameHandler
strcpy
memset
exit
_close
sprintf
strcat
strcmp
_sopen
_filelength
memcpy
strncmp
rand
strtok
strncat
strncpy
strstr
_CxxThrowException
_itoa
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type

mfc42

ord2818
ord858
ord6307
ord535
ord939
ord1187
ord353
ord6385
ord1979
ord665
ord356
ord2770
ord2781
ord3178
ord3181
ord785
ord4168
ord521
ord4167
ord940
ord800
ord537
ord540
ord518
ord668

shell32

SHGetSpecialFolderPathA
ShellExecuteA

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9176f88329f0a7c341253c830226442c

Headers

File Characteristics

Imports

shlwapi

wininet

kernel32

user32

advapi32

ole32

msvcrt

mfc42

shell32

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 39KB - Virtual size: 39KB

.rsrc Size: 1024B - Virtual size: 624B

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 39KB - Virtual size: 39KB

.rsrc
Size: 1024B - Virtual size: 624B