6f31d6b47ee6a2ccbcedfbc3c7958eb2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

6f31d6b47ee6a2ccbcedfbc3c7958eb2_JaffaCakes118
Size

132KB
MD5

6f31d6b47ee6a2ccbcedfbc3c7958eb2
SHA1

eb4e0473c32e65a572d36e32c2447457d71ac143
SHA256

b9ea0ff3191b909e9020dd16f167c1c8d2f51b946cfad1ba56304fcec5087e6c
SHA512

458b3f522819d00d1d461346d470400689b6f93051036be305b15a20666e847ad10166285e53b365d423ee8303c12d73b39b48963f9a842649455050246bfed9
SSDEEP

3072:4It80fSYKLYZ2ef8xdKovhKmctqdPo+EG:pZKEzfSvIFUd9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6f31d6b47ee6a2ccbcedfbc3c7958eb2_JaffaCakes118

Files

6f31d6b47ee6a2ccbcedfbc3c7958eb2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

be48d0a361178a88b4c0634e63f32a40

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
CreateFileA
DeviceIoControl
GetModuleHandleA
GetEnvironmentVariableA
GetTempPathA
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
LocalFree
SetEndOfFile
SetStdHandle
IsBadCodePtr
GetTempFileNameA
SearchPathA
Sleep
GetLastError
GetModuleFileNameA
CreateDirectoryA
GetSystemDirectoryA
GetShortPathNameA
GetVolumeInformationA
OpenMutexA
CreateToolhelp32Snapshot
Process32First
Process32Next
OpenProcess
GetFileAttributesA
DeleteFileA
CreateProcessA
WaitForSingleObject
CloseHandle
CopyFileA
SetFileAttributesA
LoadLibraryA
GetProcAddress
GetVersionExA
FreeLibrary
GetWindowsDirectoryA
GetLocalTime
IsBadReadPtr
GetStringTypeW
GetStringTypeA
FlushFileBuffers
SetFilePointer
IsBadWritePtr
VirtualAlloc
WriteFile
VirtualFree
HeapCreate
HeapDestroy
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind
GetTimeZoneInformation
GetSystemTime
RaiseException
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
GetCurrentProcess
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
HeapSize
GetACP
GetOEMCP
SetEnvironmentVariableA

gdi32

GetTextCharsetInfo

advapi32

RegSetValueA
RegQueryValueExA
RegSetKeySecurity
RegQueryValueA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
ControlService
DeleteService
StartServiceA
QueryServiceStatus
CreateServiceA
ChangeServiceConfig2A
RegCreateKeyA
RegSetValueExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
DeregisterEventSource
GetUserNameA
CreateProcessAsUserA
RegGetKeySecurity
RegOpenKeyA
OpenProcessToken
RegOpenKeyExA
RegCloseKey

ole32

CoUninitialize
CoGetClassObject
CoInitialize
StringFromCLSID

oleaut32

VariantClear

wininet

InternetOpenA
InternetCrackUrlA
InternetGetConnectedState
DeleteUrlCacheEntry
InternetConnectA
InternetReadFile
HttpSendRequestA
HttpOpenRequestA
InternetCloseHandle

urlmon

URLDownloadToFileA

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be48d0a361178a88b4c0634e63f32a40

Headers

File Characteristics

Imports

kernel32

gdi32

advapi32

ole32

oleaut32

wininet

urlmon

Sections

.text Size: 96KB - Virtual size: 94KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 16KB - Virtual size: 24KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 96KB - Virtual size: 94KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 16KB - Virtual size: 24KB

.rsrc
Size: 4KB - Virtual size: 1KB