a7f2e944e2be9ab1fc272a022c92a89a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a7f2e944e2be9ab1fc272a022c92a89a_JaffaCakes118
Size

384KB
MD5

a7f2e944e2be9ab1fc272a022c92a89a
SHA1

f7fa0f5c8fda3d69a29f9f4e31e5f740f1e983a4
SHA256

0dc6304877e0c9369e30930fb2c932d7e3b437e6b77e779ee8fdd848a1993705
SHA512

6616d15c8435ad4d948c3da08a50065d04c25efb7b8b31c9dcbe9b946f64cb3706ef53076fa4dd5fb7985522265d8b3acecd2bf36c01f49537de33f69d988c89
SSDEEP

6144:vmvtrM0auchxeG1n6C7S4Y+Tu7CKUHgme9krbzsPYvADMGc5zNL8:uZ4o+6C7S0uB1grbaWwMbxo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a7f2e944e2be9ab1fc272a022c92a89a_JaffaCakes118

Files

a7f2e944e2be9ab1fc272a022c92a89a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d051c17cae464813172e88a5ac7407e0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtect
VirtualFree
IsBadReadPtr
HeapFree
GetProcessHeap
FreeLibrary
HeapAlloc
GetComputerNameA
Sleep
GetTempPathA
GetModuleFileNameA
CloseHandle
CreateFileA
VirtualAlloc
GetCurrentProcess
GetSystemTime
FindNextFileA
FindFirstFileA
ExitProcess
lstrcmpA
Module32Next
Module32First
Process32Next
Process32First
GetModuleHandleA
CreateToolhelp32Snapshot
LoadLibraryA
GetProcAddress
GetShortPathNameA
lstrcatA
GetEnvironmentVariableA
lstrlenA
GetFileAttributesA
lstrcpyA
SetEndOfFile
CreateFileW
GetLocaleInfoW
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsValidLocale
EnumSystemLocalesA
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapReAlloc
DeleteFileA
GetCommandLineA
GetVersionExA
GetStartupInfoA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapSize
SetHandleCount
GetStdHandle
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
ReadFile
SetFilePointer
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID

advapi32

RegOpenKeyA
RegQueryValueA
OpenProcessToken
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetUserNameA

shlwapi

PathRemoveArgsA
PathUnquoteSpacesA

userenv

GetUserProfileDirectoryA

wininet

FtpSetCurrentDirectoryA
InternetCloseHandle
InternetConnectA
InternetOpenA
FtpPutFileA

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 188KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d051c17cae464813172e88a5ac7407e0

Headers

File Characteristics

Imports

kernel32

advapi32

shlwapi

userenv

wininet

Sections

.text Size: 132KB - Virtual size: 129KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 188KB - Virtual size: 217KB

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 132KB - Virtual size: 129KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 188KB - Virtual size: 217KB

.rsrc
Size: 12KB - Virtual size: 8KB