843a5226c60ab1071209222cc2aeb1af_JaffaCakes118

General

Target

843a5226c60ab1071209222cc2aeb1af_JaffaCakes118
Size

48KB
MD5

843a5226c60ab1071209222cc2aeb1af
SHA1

d25692c4f95c8b7a0b3b62c986d0a8035650b5bb
SHA256

eb02b907f4bba0b5a13f36b1f6fe9b5aac23fccb8fa37aa437d8c4b9e3ce25d9
SHA512

624d9a8f85da875fc9bd65558d88f2ab67e5851222e942c2a37ac367ac6a74095ce6d07e521007de9c592972d0e2799b7f5d9ad332e205373e24acb3f75432f7
SSDEEP

768:Dkb7fZzZfXmQAQsLfeYjJZYqNDmEObWh7rJcTZ2yuB30Hi:DQZ1uQAQ6fe2ZYqxaA7rJcor30Hi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
843a5226c60ab1071209222cc2aeb1af_JaffaCakes118

Files

843a5226c60ab1071209222cc2aeb1af_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c3d34617646a432df41fa6c92d4dabc3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\My\Projects\XFilter\XUpdate3\Release\XUpdate.pdb

Imports

kernel32

lstrlenA
CreateFileA
WriteFile
CreateProcessA
GetSystemDirectoryA
CloseHandle
RemoveDirectoryA
DeleteFileA
CreateDirectoryA
GetWindowsDirectoryA
GetVersionExA
GetLocaleInfoA
GetACP
GetLastError
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualProtect
GetCPInfo
GetOEMCP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
LoadLibraryA
IsBadCodePtr
RtlUnwind
RaiseException
ExitProcess
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc
HeapFree
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
GetProcAddress
TerminateProcess
GetCurrentProcess
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
IsBadReadPtr
LCMapStringW

advapi32

RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegDeleteValueA
RegQueryValueExA

shell32

ShellExecuteA

wininet

InternetConnectA
InternetCloseHandle
HttpOpenRequestA
InternetOpenA
HttpQueryInfoA
InternetQueryDataAvailable
InternetReadFile
InternetCrackUrlA
HttpSendRequestA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c3d34617646a432df41fa6c92d4dabc3

Headers

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

wininet

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 2KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 2KB