6136468fae15d1e82308eada77dd0cf1_JaffaCakes118

General

Target

6136468fae15d1e82308eada77dd0cf1_JaffaCakes118
Size

436KB
MD5

6136468fae15d1e82308eada77dd0cf1
SHA1

8b9d51cd9e74a5e0edb6b658220fd8c93dfaa7af
SHA256

3c572f04dfc5c231aabbe28eb79cf887e4f73f70916d183d5720b95e29af15cf
SHA512

4770ffab9972624bfb21ba792c8a6add89860119aaa3678b9d74eb87b8fbdeb1a718b827d6bd779db89462ce53b7864021c4b30b31a93ea804dfc8c93dc48866
SSDEEP

12288:GeD251CgJWAQmLoFPb3gz7f4L0Hu8TVLjt:JD2bCqWAQmRuUR3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6136468fae15d1e82308eada77dd0cf1_JaffaCakes118

Files

6136468fae15d1e82308eada77dd0cf1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

880cf11ec5a6d3853e7c8463038fce81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
FindNextFileA
UnlockFileEx
OutputDebugStringA
RtlUnwind
GetVersionExA
WaitNamedPipeW
GetCurrentProcess
GetProcAddress
VirtualAlloc
WaitCommEvent
GlobalGetAtomNameW
HeapReAlloc
GetModuleFileNameW
EnumCalendarInfoW
lstrcpyn
CreateSemaphoreW
InterlockedExchange
GetModuleFileNameA
TerminateProcess
GetModuleHandleA
ExitProcess
LoadLibraryExA
EnumTimeFormatsA
lstrcmpi
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetCompressedFileSizeA
TlsSetValue
WriteConsoleInputW
QueryPerformanceCounter
HeapCreate
WriteConsoleOutputCharacterW
CopyFileExA
VirtualQuery
GetCurrentThreadId
SetConsoleTextAttribute
HeapAlloc
WriteProfileSectionW
HeapFree
ContinueDebugEvent

wininet

InternetSetOptionA
RegisterUrlCacheNotification
FindCloseUrlCache
CommitUrlCacheEntryW
IsHostInProxyBypassList
InternetCheckConnectionA
InternetSetDialState
InternetTimeFromSystemTimeW
IncrementUrlCacheHeaderData
InternetAttemptConnect

advapi32

CryptCreateHash
RegCloseKey
CryptGetHashParam
RegReplaceKeyA
LookupPrivilegeValueW
CryptHashData
LookupAccountSidW
RegConnectRegistryW
DuplicateToken

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

880cf11ec5a6d3853e7c8463038fce81

Headers

File Characteristics

Imports

kernel32

wininet

advapi32

Sections

.text Size: 160KB - Virtual size: 160KB

.data Size: 266KB - Virtual size: 265KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 160KB - Virtual size: 160KB

.data
Size: 266KB - Virtual size: 265KB

.rsrc
Size: 9KB - Virtual size: 8KB