b8da0d0378e20faf1ee4b8fe9ad47830_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b8da0d0378e20faf1ee4b8fe9ad47830_JaffaCakes118
Size

454KB
MD5

b8da0d0378e20faf1ee4b8fe9ad47830
SHA1

020cd2da1736e6545a4b0403b53a5dd5532eaff2
SHA256

599a16ba9e78e2058cefa980b93eed0c29cff38238f11cc5fc5e71d16096eac3
SHA512

c688db54baeefa46467bd1c905c83bb278aa4190c88f7fd71a59275c6038d6d6b2b4751721c27aaf75d50298c9194da9cfffee5596f76643350d0eaa6f8598cc
SSDEEP

12288:aIwAfPKVawtokJ5sz2JUuX6v+sTnOjR6x7Vx:aIruLtHJE2Jx8/CEx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b8da0d0378e20faf1ee4b8fe9ad47830_JaffaCakes118

Files

b8da0d0378e20faf1ee4b8fe9ad47830_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4e18c9c0eb4cbf84b3e3f919b9c458e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsA
CloseHandle
HeapDestroy
lstrcpyW
RtlUnwind
GetOEMCP
GetTimeFormatW
GetCurrentProcess
GetFileType
VirtualAlloc
InterlockedDecrement
GetVersionExA
HeapReAlloc
GetCurrentThread
lstrcmpW
GetCommandLineW
EnterCriticalSection
VirtualProtect
GetModuleFileNameA
FlushFileBuffers
GetModuleFileNameW
UnhandledExceptionFilter
GetACP
GetLocaleInfoW
TlsGetValue
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetLastError
DeleteCriticalSection
GetSystemInfo
QueryPerformanceCounter
OutputDebugStringA
IsValidCodePage
WideCharToMultiByte
IsBadWritePtr
LeaveCriticalSection
DebugBreak
HeapAlloc
GetEnvironmentStrings
HeapFree
LocalFlags
SetStdHandle
GetCurrentProcessId
TlsAlloc
GetStartupInfoA
TlsFree
LCMapStringA
GetStringTypeW
CompareStringW
GetCPInfo
GetStartupInfoW
EnumSystemLocalesA
SetFilePointer
IsValidLocale
GetVersion
VirtualFree
SetLastError
SetHandleCount
SetEnvironmentVariableA
AddAtomW
FindResourceExW
IsBadReadPtr
TlsSetValue
GetProfileStringA
CompareStringA
GetStringTypeA
GetProcAddress
GetCommandLineA
GetDateFormatA
lstrcpynW
HeapCreate
InterlockedExchange
WriteFile
SetConsoleCtrlHandler
GetEnvironmentStringsW
VirtualQuery
MultiByteToWideChar
LCMapStringW
SetCurrentDirectoryA
HeapValidate
GetCurrentThreadId
GetTimeZoneInformation
ContinueDebugEvent
TerminateProcess
FreeEnvironmentStringsW
GetUserDefaultLCID
GetShortPathNameW
GetModuleHandleA
InterlockedIncrement
GetLocaleInfoA
GetStdHandle
ReadConsoleOutputAttribute
ExitProcess
InitializeCriticalSection
EnumDateFormatsA
GetTimeFormatA

wininet

RetrieveUrlCacheEntryFileA
HttpSendRequestExW
CommitUrlCacheEntryA
IsUrlCacheEntryExpiredA
FtpGetFileSize
GopherGetAttributeW
GopherGetLocatorTypeA
InternetCreateUrlW
InternetGoOnline
InternetLockRequestFile
InternetGetCertByURLA
FtpCommandA
SetUrlCacheGroupAttributeA
InternetQueryOptionW
FtpSetCurrentDirectoryW
InternetErrorDlg
FindNextUrlCacheEntryW
InternetConfirmZoneCrossing
InternetHangUp
FtpGetFileA
InternetDialA
InternetConnectA
InternetAttemptConnect
FindFirstUrlCacheContainerW

shell32

DragQueryFileA
SHGetDataFromIDListW
DoEnvironmentSubstW
DragQueryFileAorW
FreeIconList
SHQueryRecycleBinW
DoEnvironmentSubstA
SHGetMalloc
CheckEscapesW
SHFormatDrive
DragQueryPoint
ShellHookProc
RealShellExecuteW
RealShellExecuteExW
DragFinish
ExtractAssociatedIconExA
ShellExecuteExA
ShellAboutA
ExtractAssociatedIconExW

Sections

.text
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 279KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e18c9c0eb4cbf84b3e3f919b9c458e4

Headers

File Characteristics

Imports

kernel32

wininet

shell32

Sections

.text Size: 157KB - Virtual size: 156KB

.data Size: 279KB - Virtual size: 284KB

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: 157KB - Virtual size: 156KB

.data
Size: 279KB - Virtual size: 284KB

.rsrc
Size: 17KB - Virtual size: 17KB