b4484f57490617bfb83cd06a6d70c1a7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b4484f57490617bfb83cd06a6d70c1a7_JaffaCakes118
Size

88KB
MD5

b4484f57490617bfb83cd06a6d70c1a7
SHA1

c365049a3ce9820d8a109a47dcef6a5cdcc1ffaf
SHA256

2ea11517288fe41651791060c97ee2f4040d8132ae3b0c4bd262286ed6ed71f2
SHA512

c558dec377d018102844493db3435c0c44d87c2727c90aba87f2c05574887374503c49c6085f20734bcdb6b5525e8fbc0c2dfb8ebf20068e77dbc66f3add1fe2
SSDEEP

768:6dlpRS8D0hfPw8lmQkuzbV1GaYSePfswJfa/fPrhXMRGiLPhPPHj1Na73/TtyV6O:6HW8iLmGfAvfa/fPrhXVi9PH/At2uAc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b4484f57490617bfb83cd06a6d70c1a7_JaffaCakes118

Files

b4484f57490617bfb83cd06a6d70c1a7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6adfb1e89007a78f75ae8c1c90aa6f20

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

r:\projects\market\ew\Release\ew.pdb

Imports

wininet

FtpFindFirstFileA
InternetCloseHandle
FtpPutFileA
InternetOpenA
InternetConnectA

kernel32

GetLastError
FindClose
DeleteFileA
CloseHandle
GetProcAddress
LoadLibraryA
GetSystemWindowsDirectoryA
CopyFileA
GetModuleFileNameA
FindNextFileA
Sleep
FindFirstFileA
WriteFile
HeapFree
FreeLibraryAndExitThread
CreateFileA
GetFileSize
ReadFile
SetFilePointer
GetProcessHeap
CreateMutexA
HeapAlloc
CreateThread
ExpandEnvironmentStringsA
ExitProcess
SetStdHandle
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
RtlUnwind
RaiseException
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetCPInfo
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6adfb1e89007a78f75ae8c1c90aa6f20

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB