664266760942d2e15455a86dd15000f8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

664266760942d2e15455a86dd15000f8_JaffaCakes118
Size

168KB
MD5

664266760942d2e15455a86dd15000f8
SHA1

9db960cedb5446dd0c56674822f0f6d5b155aa4e
SHA256

34ba4c96f3edb9789b3a6462da35ecd26f769abef95c90beb4c47b110613a41a
SHA512

5098b3842dfb5dbdb1b91779e4aa23a0949a88a84ee76a4ed4cc4a258f4837e7a7fbb08edf8ddba490809ff718fd4ce51ebb18b8f89b5a1cfed25eb91b0033fc
SSDEEP

3072:pvdgWw7QF01YTQgd/D2OAiZD3ebeDzGyXmZ0bcVJk+tLN56OuEFZ+K:plx01SJvlebGz7WAcVX1uEFZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
664266760942d2e15455a86dd15000f8_JaffaCakes118

Files

664266760942d2e15455a86dd15000f8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cfab04bf0052da08b292b9f77ae4dfb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreatePipe
SetUnhandledExceptionFilter
SetErrorMode
DuplicateHandle
OpenMutexW
CreateMutexW
ReleaseMutex
GetTimeFormatW
InterlockedExchange
GetVolumeInformationW
GetCurrentProcessId
GetFileTime
FindCloseChangeNotification
FindNextChangeNotification
HeapCreate
HeapFree
HeapAlloc
GetProfileStringW
GetVersionExW
GetLocalTime
GetStringTypeA
LCMapStringW
LCMapStringA
WideCharToMultiByte
LoadLibraryA
GetProcAddress
GetModuleFileNameA
WriteFile
RtlUnwind
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetCommandLineA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableW
GetShortPathNameW
PeekNamedPipe
VirtualProtect
GetCurrentThread
FreeEnvironmentStringsW
MultiByteToWideChar
FreeEnvironmentStringsA
GetStringTypeW
GetModuleFileNameW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapReAlloc
VirtualAlloc
VirtualFree
HeapDestroy
ExitProcess
GetVersion
GetStartupInfoW
GetModuleHandleA

user32

GetClassNameW
DispatchMessageW
CheckMenuRadioItem
GetCursorPos
GetMessageW
CallWindowProcW
GetClassInfoExW
AppendMenuW
TrackPopupMenu
GetFocus
RegisterClassExW
SetFocus
TranslateMessage
IsWindowEnabled
CheckMenuItem
DeferWindowPos

gdi32

SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
OffsetViewportOrgEx

winspool.drv

DocumentPropertiesW
ClosePrinter
EnumPrintersW
OpenPrinterW

wininet

InternetOpenUrlW
InternetConnectW
InternetCrackUrlW
InternetCanonicalizeUrlW
InternetSetOptionExW
InternetQueryDataAvailable
HttpQueryInfoW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetWriteFile
InternetReadFile
HttpSendRequestW
InternetCloseHandle
HttpOpenRequestW
InternetOpenW

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cfab04bf0052da08b292b9f77ae4dfb8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

wininet

Sections

.text Size: 136KB - Virtual size: 133KB

.data Size: 20KB - Virtual size: 351KB

.rsrc Size: 8KB - Virtual size: 6KB

.text
Size: 136KB - Virtual size: 133KB

.data
Size: 20KB - Virtual size: 351KB

.rsrc
Size: 8KB - Virtual size: 6KB