70426d7c1c8e027192a7026c719b8e0c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

70426d7c1c8e027192a7026c719b8e0c_JaffaCakes118
Size

594KB
MD5

70426d7c1c8e027192a7026c719b8e0c
SHA1

1b329dfab6b9d438bed5280c8c8817cb86aaf446
SHA256

56f399d36a1f7ec0638889cee67f75d8b895f04b8d45f968fb0b72a54572de16
SHA512

b8369d1fc28a9b4ec7a853047454b560bf9992d716052eb49051ed2227290659ab383cd3f2251b9fce6e37183cd3e0cbefa5b0baa3784c9c4d68e9ca682fee11
SSDEEP

12288:3jCTgCp8wcUblStPiPbRiWoVmuOusoEjoEQvIT/fHXxZHf:3jeprFbI5iPcWo4uO2aojIj/xZ/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70426d7c1c8e027192a7026c719b8e0c_JaffaCakes118

Files

70426d7c1c8e027192a7026c719b8e0c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b92764e4790e517d621f6ab5dacbb53a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

DragQueryFile
DoEnvironmentSubstA

wininet

HttpOpenRequestA
FtpRemoveDirectoryW
HttpSendRequestExW
InternetFortezzaCommand
FindFirstUrlCacheContainerW
InternetQueryFortezzaStatus

kernel32

GetStartupInfoA
CreateMutexA
InitializeCriticalSection
GetModuleFileNameW
GetModuleFileNameA
GetEnvironmentStringsW
SetLastError
HeapAlloc
MultiByteToWideChar
GetCommandLineA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetCPInfo
DeleteCriticalSection
TerminateProcess
TlsSetValue
InterlockedExchange
IsValidLocale
VirtualAlloc
GetFileType
GetStringTypeW
HeapReAlloc
GetACP
GetStringTypeA
GetModuleHandleA
GetSystemTimeAsFileTime
CompareStringW
GetDateFormatA
HeapSize
SetStdHandle
GetCommandLineW
HeapFree
GetCurrentThread
VirtualFree
WriteFile
SetHandleCount
ExitProcess
HeapCreate
GetSystemInfo
GetCurrentThreadId
GetTickCount
VirtualProtect
RtlUnwind
TlsGetValue
FreeEnvironmentStringsA
ReadFile
WideCharToMultiByte
GetLastError
GetVersionExA
LeaveCriticalSection
IsBadWritePtr
GetTimeFormatA
UnhandledExceptionFilter
VirtualQuery
SetEnvironmentVariableA
TlsFree
GetLocaleInfoW
GetStdHandle
HeapDestroy
CloseHandle
EnumSystemLocalesA
GetEnvironmentVariableW
GetProcAddress
GetOEMCP
LoadLibraryA
GetCurrentProcess
QueryPerformanceCounter
LCMapStringA
GetCurrentProcessId
CompareStringA
SetFilePointer
IsValidCodePage
GetEnvironmentStrings
LCMapStringW
FreeEnvironmentStringsW
EnterCriticalSection
GetStartupInfoW
OpenMutexA
GetTimeZoneInformation
TlsAlloc

comctl32

InitCommonControlsEx

comdlg32

PageSetupDlgA

user32

DlgDirListComboBoxA
SystemParametersInfoW
RegisterClassExA
RegisterClassA
GetTitleBarInfo

advapi32

RegFlushKey

Sections

.text
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b92764e4790e517d621f6ab5dacbb53a

Headers

File Characteristics

Imports

shell32

wininet

kernel32

comctl32

comdlg32

user32

advapi32

Sections

.text Size: 258KB - Virtual size: 258KB

.rdata Size: 8KB - Virtual size: 18KB

.data Size: 317KB - Virtual size: 317KB

.rsrc Size: 9KB - Virtual size: 8KB

.text
Size: 258KB - Virtual size: 258KB

.rdata
Size: 8KB - Virtual size: 18KB

.data
Size: 317KB - Virtual size: 317KB

.rsrc
Size: 9KB - Virtual size: 8KB