63313ed18014a47ec0c3ed6d326204c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

63313ed18014a47ec0c3ed6d326204c1_JaffaCakes118
Size

192KB
MD5

63313ed18014a47ec0c3ed6d326204c1
SHA1

c58e9f15d48992249e385f7abcbcea57c7d6354b
SHA256

974b76d36286aa371afc25413abc9574483ab581e1fb0ddc1fb0c8e40e8a0eef
SHA512

9846e640763d152e2997fc771bea7ff1ee9a5c245117a3ad53e82b7237b54c359b46781c7b541fc75d305d4e9e6d8ad8f89b20b23ea5cdd60bbe8eb88273a44f
SSDEEP

3072:YZUgN2kC8fzSeVy/poRPzotmI9arZ75/R/m5jmChunJI+Qwi6CxjXv1hv2+i1Yg7:ENNZVHCmI9arZL/8hiWOi6cj32+kYgr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63313ed18014a47ec0c3ed6d326204c1_JaffaCakes118

Files

63313ed18014a47ec0c3ed6d326204c1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b8a9fdb960f6a10057d221852f6722bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCombineUrlW
InternetGoOnlineA
FtpCreateDirectoryA
FindCloseUrlCache
InternetInitializeAutoProxyDll
FtpFindFirstFileA
GetUrlCacheConfigInfoW
InternetCloseHandle
FtpCommandA
InternetShowSecurityInfoByURLA
SetUrlCacheHeaderData
HttpQueryInfoW
FindFirstUrlCacheContainerA
InternetLockRequestFile
HttpSendRequestA
InternetQueryDataAvailable
GetUrlCacheEntryInfoW
FreeUrlCacheSpaceW
FtpOpenFileA
InternetFindNextFileA
InternetQueryFortezzaStatus

gdi32

SetROP2
CopyMetaFileA
CreateEnhMetaFileA
ResizePalette
ModifyWorldTransform
SetWindowExtEx
GetLayout
GetStockObject
GetFontData
PtInRegion
GetFontLanguageInfo
CreateColorSpaceW
GetCharABCWidthsFloatW
GetStretchBltMode
UpdateColors
RemoveFontResourceW
SetPixelV
SetBrushOrgEx
GetEnhMetaFileHeader
MoveToEx
TextOutW
CancelDC

advapi32

RegQueryValueExW
RegQueryValueA
GetUserNameA
CryptGetProvParam
RegCreateKeyExA
LookupAccountNameW
CryptDeriveKey
RegSaveKeyA
RegReplaceKeyA
RegEnumKeyW
LogonUserW
DuplicateTokenEx
RegQueryInfoKeyW
InitializeSecurityDescriptor
LookupAccountSidW
StartServiceA
CreateServiceA
CryptAcquireContextW

shell32

ShellExecuteW

kernel32

GetCurrentProcessId
GetProcAddress
RtlUnwind
GetThreadSelectorEntry
GetDriveTypeA
GetCurrentThreadId
LoadLibraryA
GetProcAddress
QueryPerformanceCounter
lstrcpyn
GetTempFileNameA
GetSystemTimeAsFileTime
VirtualQuery
GetCurrentProcess
HeapAlloc
HeapFree
GetModuleHandleA
InterlockedExchange
GetTickCount
ExitProcess
GetEnvironmentVariableA
TerminateProcess
HeapReAlloc
VirtualAlloc
GetModuleFileNameA
GetCurrentThread
SetConsoleWindowInfo

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8a9fdb960f6a10057d221852f6722bd

Headers

File Characteristics

Imports

wininet

gdi32

advapi32

shell32

kernel32

Sections

.text Size: 86KB - Virtual size: 86KB

.data Size: 100KB - Virtual size: 100KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 86KB - Virtual size: 86KB

.data
Size: 100KB - Virtual size: 100KB

.rsrc
Size: 4KB - Virtual size: 4KB