83d391c4f33b41bd1467526a6e04a37c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

83d391c4f33b41bd1467526a6e04a37c_JaffaCakes118
Size

431KB
MD5

83d391c4f33b41bd1467526a6e04a37c
SHA1

1e29d2eca9a31b8ab99f8d0277f55646b11dad9f
SHA256

5e1a8b4e3bae815516c6923f55e3580bce6eff675718ea43424d6080e386eb58
SHA512

fd085e1e00cac41d4fc2220b348a6aacbc8d1c966e1dbccaa6e31826960054f611112fc8d510ea91693569e7ca580955eb362f84bcbc2b0e8a31cb8163c71a29
SSDEEP

12288:5/hP4bSEq9bYAmTQh9GmxNGYllIk0PZi:5GbZaQuNlmj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83d391c4f33b41bd1467526a6e04a37c_JaffaCakes118

Files

83d391c4f33b41bd1467526a6e04a37c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

939127e33c249c9a709ff69ccb2bf633

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

RetrieveUrlCacheEntryFileA
HttpAddRequestHeadersA
GetUrlCacheHeaderData
GetUrlCacheConfigInfoW
InternetReadFileExW
GopherOpenFileW
FtpGetFileSize
FindFirstUrlCacheEntryExW
InternetCheckConnectionA

comdlg32

PrintDlgA
ChooseFontA
GetSaveFileNameW

kernel32

InterlockedDecrement
GetStartupInfoW
VirtualQuery
WideCharToMultiByte
InterlockedExchange
GetCommandLineA
EnumSystemLocalesA
GetModuleHandleA
FreeEnvironmentStringsA
GetOEMCP
FindFirstFileExA
SetEnvironmentVariableA
GetCurrentProcessId
HeapDestroy
HeapCreate
TlsGetValue
HeapReAlloc
TlsAlloc
GetCurrentProcess
InterlockedIncrement
DeleteCriticalSection
RtlMoveMemory
FreeEnvironmentStringsW
GetStdHandle
SetConsoleCtrlHandler
GetUserDefaultLCID
GetVersionExA
GetStringTypeW
GetCurrentThread
IsValidLocale
TerminateProcess
GetCurrentThreadId
GetACP
CompareStringA
RtlUnwind
ConvertDefaultLocale
GetStringTypeA
ExitProcess
GetStringTypeExW
UnhandledExceptionFilter
FindAtomA
GetCommandLineW
GetEnvironmentStrings
GetEnvironmentStringsW
CompareStringW
HeapFree
HeapSize
VirtualAlloc
GetCPInfo
HeapAlloc
InitializeCriticalSection
LCMapStringA
GetTimeFormatA
WriteFile
Sleep
SetLastError
SetConsoleTitleA
SleepEx
GlobalDeleteAtom
SetUnhandledExceptionFilter
GetFileType
LeaveCriticalSection
SetHandleCount
GetProcAddress
GetSystemTimeAsFileTime
LCMapStringW
GetLastError
EnterCriticalSection
GetFileAttributesA
GetTimeZoneInformation
TlsFree
QueryPerformanceCounter
GetModuleFileNameW
LocalFree
GetModuleFileNameA
IsDebuggerPresent
GetLocaleInfoA
LoadLibraryA
WriteConsoleA
MultiByteToWideChar
GetUserDefaultLangID
CreateDirectoryExW
IsValidCodePage
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetLocaleInfoW
GetProcessHeap
GetTickCount
VirtualFree
GetStartupInfoA
TlsSetValue
SetConsoleScreenBufferSize
WaitNamedPipeA
DeleteFileA
FreeLibrary
GetDateFormatA

advapi32

InitializeSecurityDescriptor
CryptHashData
RegSetValueW
CryptEnumProvidersA
LogonUserA
CryptGetDefaultProviderA
RegRestoreKeyA
CryptSetKeyParam
CryptGetKeyParam
CreateServiceW
LookupAccountNameW
CryptDuplicateKey
CryptAcquireContextW
RegSetValueA
CryptGenKey
RegDeleteKeyW

gdi32

IntersectClipRect
PathToRegion

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

939127e33c249c9a709ff69ccb2bf633

Headers

File Characteristics

Imports

wininet

comdlg32

kernel32

advapi32

gdi32

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 9KB - Virtual size: 39KB

.data Size: 284KB - Virtual size: 283KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 9KB - Virtual size: 39KB

.data
Size: 284KB - Virtual size: 283KB

.rsrc
Size: 1KB - Virtual size: 1KB