689746ee392c0ca45cbb113342ab7862_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

689746ee392c0ca45cbb113342ab7862_JaffaCakes118
Size

109KB
MD5

689746ee392c0ca45cbb113342ab7862
SHA1

2e521bce7aa61facad6088a7d74a0556d030b343
SHA256

b07e58c500b6fe85aeaa48450df29f08127f7a739eca327317a03e6356dea508
SHA512

8e28951c9b6738133f11c6dff4a515986fa81694705645a6fd856147f4888225df99d03726836b0adff698de41618a779190b1d3d63024ef9868c41104f22e5e
SSDEEP

768:VKRP3JB1UuOzztW6a90ilYWuYJ8MavWxsQDzxkO5zSv6lVrBDxUqvj0H5ksCZU9v:MhUlRQYWuYWtvWxsq1kEBVlxn+5kFp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
689746ee392c0ca45cbb113342ab7862_JaffaCakes118

Files

689746ee392c0ca45cbb113342ab7862_JaffaCakes118
.exe windows:5 windows x86 arch:x86

98ad49ba3185b05589b70de012129031

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\Gelu\Documents\Visual Studio 2008\Projects\win32\Release\win32.pdb

Imports

wininet

InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

CreateFileA
FlushFileBuffers
GetLocaleInfoA
CreateToolhelp32Snapshot
Module32First
CloseHandle
GetModuleFileNameA
GetWindowsDirectoryA
CopyFileA
CreateProcessA
OpenProcess
ReadProcessMemory
Sleep
GetStringTypeW
Module32Next
DeleteCriticalSection
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
RaiseException
GetLastError
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA

user32

FindWindowA
GetWindowThreadProcessId

advapi32

RegSetValueExA
RegOpenKeyExA
RegCloseKey

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

98ad49ba3185b05589b70de012129031

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

version

kernel32

user32

advapi32

Sections

.text Size: 39KB - Virtual size: 39KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 48KB - Virtual size: 48KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 39KB - Virtual size: 39KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 48KB - Virtual size: 48KB

.reloc
Size: 5KB - Virtual size: 5KB