6fa40df23eed0e606089a8a79dd0b8d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6fa40df23eed0e606089a8a79dd0b8d9_JaffaCakes118
Size

488KB
MD5

6fa40df23eed0e606089a8a79dd0b8d9
SHA1

674a73ffc36f68527c91c34ee8b31846ab123880
SHA256

3ddbe39a5f5322ef04a578ee584d90c85dd968772eafc35f660a388d20427301
SHA512

1240e1f7aaa1c43c573e9f1e0133d13c04114664a74b9c3955c7a49822e4c046baeca527a690215986be51b7569806f2bfc7f8b1bc6c03bb28348a27c9742789
SSDEEP

12288:3gdWO94C8OA33bMFgzT3Gko6svdAhvhwRtx3VY:3gQFHgFgzno6svSnwbFV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6fa40df23eed0e606089a8a79dd0b8d9_JaffaCakes118

Files

6fa40df23eed0e606089a8a79dd0b8d9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

eb41a8d41381352f6c9b8095ae0c3175

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\tmbjtiyu\eejzftirh.pdb

Imports

wininet

InternetTimeToSystemTimeW

comctl32

InitCommonControlsEx

user32

WinHelpA
SetDlgItemTextA
GetClipboardData
SetDeskWallpaper
SystemParametersInfoA
UnregisterHotKey
SendMessageTimeoutW
TrackPopupMenu
CloseWindowStation
ChangeDisplaySettingsA
SetMenuItemInfoA
MessageBoxA
RegisterClassExA
InternalGetWindowText
ReleaseCapture
SetSystemCursor
RegisterClassA
NotifyWinEvent
GetParent
ScrollWindowEx
DdeCreateStringHandleW
GetDoubleClickTime
EnableScrollBar
AppendMenuW
IsWindow
EditWndProc
CreateDialogIndirectParamW

kernel32

TlsSetValue
InterlockedExchange
GetTimeFormatA
ExitProcess
GetEnvironmentStringsW
SetLastError
HeapCreate
ReadFile
VirtualQuery
CompareStringA
SetFilePointer
LoadLibraryA
EnumSystemLocalesA
GetACP
IsValidCodePage
SetStdHandle
TlsGetValue
TerminateProcess
WideCharToMultiByte
GetCPInfo
GetEnvironmentStrings
CompareStringW
VirtualFree
GetCurrentThread
HeapReAlloc
GetSystemInfo
GetTickCount
GetDateFormatA
GetCurrentProcessId
GetUserDefaultLCID
CreateFileA
GetVersionExA
LeaveCriticalSection
GetOEMCP
InitializeCriticalSection
GetFileType
IsValidLocale
GetCurrentProcess
GetStringTypeW
VirtualAlloc
GetSystemTimeAsFileTime
HeapAlloc
RtlUnwind
GetLocaleInfoW
GetCurrentThreadId
GetProcAddress
IsBadWritePtr
GetStringTypeA
WriteFile
GetStdHandle
GetModuleHandleA
CreateMutexA
CloseHandle
DeleteCriticalSection
GetLastError
LCMapStringW
HeapDestroy
SetHandleCount
VirtualAllocEx
MultiByteToWideChar
EnterCriticalSection
GetTimeZoneInformation
FreeEnvironmentStringsW
GetLocaleInfoA
TlsFree
GetCommandLineA
GetModuleFileNameA
QueryPerformanceCounter
UnhandledExceptionFilter
SetEnvironmentVariableA
OpenMutexA
VirtualProtect
GetStartupInfoA
HeapSize
lstrcmpiA
FlushFileBuffers
TlsAlloc
LCMapStringA
FreeEnvironmentStringsA
HeapFree

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb41a8d41381352f6c9b8095ae0c3175

Headers

File Characteristics

PDB Paths

Imports

wininet

comctl32

user32

kernel32

Sections

.text Size: 332KB - Virtual size: 331KB

.rdata Size: 37KB - Virtual size: 48KB

.data Size: 104KB - Virtual size: 104KB

.rsrc Size: 13KB - Virtual size: 13KB

.text
Size: 332KB - Virtual size: 331KB

.rdata
Size: 37KB - Virtual size: 48KB

.data
Size: 104KB - Virtual size: 104KB

.rsrc
Size: 13KB - Virtual size: 13KB