8ebc5a1c805fa334a869bd4df2f97d72_JaffaCakes118

General

Target

8ebc5a1c805fa334a869bd4df2f97d72_JaffaCakes118
Size

396KB
MD5

8ebc5a1c805fa334a869bd4df2f97d72
SHA1

4bf8b96d0d436fe3239604fdf4ce99e7eb1276a3
SHA256

da9cb34fddedcbaeca5b914582f3710537950603716a388e780a09179ccddf86
SHA512

fd3c08b4042bdbf576b3ae2a26e3cb63fd83e8be7f50b18f7e8344e45d53152408159cbed7a317bbee6493197956570bc9120fc29708598f38a92b5eadfaefa6
SSDEEP

6144:dMVdoRNkXFjO+fN02r1YEiRwSfCRtKgvw8KV3gaReDxDAdIYYYBOfQaJ6Ps:dn+q+v1FiRJfCDJY7pga4AyYBw4a

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ebc5a1c805fa334a869bd4df2f97d72_JaffaCakes118

Files

8ebc5a1c805fa334a869bd4df2f97d72_JaffaCakes118
.exe windows:4 windows x86 arch:x86

897fce18c858eb47d39755df5f7d23df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsFree
TlsSetValue
LCMapStringA
GetCPInfo
GetProcAddress
GetLastError
HeapReAlloc
WriteFile
GetCurrentThread
SetLastError
GetCurrentProcessId
HeapAlloc
DeleteCriticalSection
HeapCreate
TlsAlloc
GetModuleHandleA
GlobalUnfix
SetPriorityClass
GetCommandLineA
InterlockedExchange
IsBadWritePtr
VirtualFree
GetEnvironmentStringsW
UnhandledExceptionFilter
GetACP
SetWaitableTimer
MultiByteToWideChar
VirtualUnlock
GetStdHandle
ExitProcess
GetTickCount
UnmapViewOfFile
WideCharToMultiByte
HeapFree
GetStartupInfoA
GetModuleFileNameA
TlsGetValue
LoadLibraryA
QueryPerformanceCounter
GetOEMCP
VirtualAlloc
EnumTimeFormatsW
GetEnvironmentStrings
VirtualQuery
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
RtlUnwind
GetStringTypeA
HeapDestroy
LCMapStringW
SetHandleCount
GetPrivateProfileSectionA
EnterCriticalSection
GetFileType
GetSystemTimeAsFileTime
GetStringTypeW
FreeEnvironmentStringsW
InterlockedExchangeAdd
GetVersion
InitializeCriticalSection
FreeEnvironmentStringsA
ReadConsoleInputA
LeaveCriticalSection

wininet

InternetCrackUrlW
FtpSetCurrentDirectoryW
GetUrlCacheConfigInfoW
InternetSetOptionExW
InternetShowSecurityInfoByURLW
InternetSecurityProtocolToStringA
InternetOpenUrlW
InternetReadFile
FtpGetFileW
InternetCanonicalizeUrlW
InternetSetCookieA
InternetGetCookieA
FtpCommandA
SetUrlCacheHeaderData
FtpGetFileSize
GopherCreateLocatorA
FindFirstUrlCacheContainerA
FtpFindFirstFileA
DeleteUrlCacheEntry
InternetGetConnectedStateExW
InternetGetCertByURLA
HttpEndRequestW

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 269KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

897fce18c858eb47d39755df5f7d23df

Headers

File Characteristics

Imports

kernel32

wininet

Sections

.text Size: 125KB - Virtual size: 124KB

.data Size: 269KB - Virtual size: 276KB

.rsrc Size: 512B - Virtual size: 320B

.text
Size: 125KB - Virtual size: 124KB

.data
Size: 269KB - Virtual size: 276KB

.rsrc
Size: 512B - Virtual size: 320B