ad4c1c7d124408ebba1a685d17b46136_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ad4c1c7d124408ebba1a685d17b46136_JaffaCakes118
Size

465KB
MD5

ad4c1c7d124408ebba1a685d17b46136
SHA1

82ec7c9ac709e1f50c5be131e92b6ce9460bec8b
SHA256

7e6b93742ff3b874f5e2b5a5526f4679c149ac6569e6bf70fa5344c6d329b97a
SHA512

195970564daa64b3a8ec8ca3a6e109c093cd97c0bfddd74ea023067198221cd2fecd96be026052c3e6038a617f37bd18c913ec0906c6ecfd741edcaaa8037ef5
SSDEEP

12288:mzZl5ciVv/yT9lNYYYaOKNJ3318RBaQkmn1cyNtJK3EOZKDrMHKF:m9zbYYaDNl1krn11D8UOZKoM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad4c1c7d124408ebba1a685d17b46136_JaffaCakes118

Files

ad4c1c7d124408ebba1a685d17b46136_JaffaCakes118
.exe windows:4 windows x86 arch:x86

38f385d6463d641e3298ebad9082d6aa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
CompareStringA
GetSystemTimeAsFileTime
SetEnvironmentVariableA
GetStringTypeW
EnumSystemLocalesA
TlsFree
VirtualQuery
WriteFile
GetOEMCP
FreeEnvironmentStringsA
SetFileTime
MultiByteToWideChar
HeapReAlloc
InterlockedExchange
LocalFree
GetModuleHandleA
GetSystemTimeAdjustment
GetTimeZoneInformation
IsBadWritePtr
GetLastError
SetHandleCount
CompareStringW
GetCurrentProcessId
TlsGetValue
HeapSize
GetTempFileNameA
VirtualProtect
TerminateProcess
InitializeCriticalSection
CreateDirectoryW
GetPrivateProfileSectionNamesA
VirtualAlloc
GetStdHandle
TlsSetValue
ExitProcess
SetLastError
HeapFree
VirtualFree
lstrcat
EnterCriticalSection
GetUserDefaultLCID
HeapAlloc
CreateToolhelp32Snapshot
GetCurrentThreadId
EnumResourceTypesW
RtlUnwind
GetCommandLineA
QueryPerformanceCounter
DeleteCriticalSection
GetTimeFormatA
GetACP
WideCharToMultiByte
HeapDestroy
GetTickCount
LoadLibraryA
LCMapStringW
LeaveCriticalSection
UnhandledExceptionFilter
GetEnvironmentStrings
FreeEnvironmentStringsW
GetStartupInfoA
HeapCreate
IsValidLocale
SetConsoleTextAttribute
GetDateFormatA
GetStringTypeA
GetLocaleInfoA
IsValidCodePage
GetCPInfo
GlobalSize
CreateEventA
GetEnvironmentStringsW
LCMapStringA
GetCurrentThread
GetCurrentProcess
EnumDateFormatsW
GetModuleFileNameA
GetLocaleInfoW
GetVersionExA
MoveFileExA
GetSystemInfo
GetFileType
GetFileTime
TlsAlloc
GetTempPathW

user32

RegisterHotKey
DdeGetLastError
RemovePropW
PeekMessageW
DeleteMenu
GetWindowModuleFileNameA
UnhookWindowsHookEx
SendMessageA
AdjustWindowRect
WinHelpA
DdeKeepStringHandle
SetUserObjectInformationA
FlashWindow
EndDialog
GetTabbedTextExtentW
TrackPopupMenu
IsDlgButtonChecked
RegisterWindowMessageA
GetFocus
CloseDesktop
EnumDisplayMonitors
IsDialogMessageA

wininet

InternetAlgIdToStringA
InternetReadFile
InternetCombineUrlA
InternetDialW
DeleteUrlCacheContainerW
FtpOpenFileW
FreeUrlCacheSpaceA
FindNextUrlCacheEntryW
DeleteUrlCacheContainerA

shell32

SHGetInstanceExplorer
InternalExtractIconListW
SHBrowseForFolder
RealShellExecuteW

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 321KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38f385d6463d641e3298ebad9082d6aa

Headers

File Characteristics

Imports

kernel32

user32

wininet

shell32

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 8KB - Virtual size: 15KB

.data Size: 321KB - Virtual size: 321KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 8KB - Virtual size: 15KB

.data
Size: 321KB - Virtual size: 321KB

.rsrc
Size: 5KB - Virtual size: 4KB