c13ebe75815a1555e2e68960b6d242e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c13ebe75815a1555e2e68960b6d242e7_JaffaCakes118
Size

506KB
MD5

c13ebe75815a1555e2e68960b6d242e7
SHA1

ff9672e995c134c46e8546c158124533340f1700
SHA256

2e1130a07059a835b996cb79d2c92037877e8bdf0a5babd800e220cfb683c104
SHA512

47b0ed241b349a893d3cefae94427bbc910e092db8d911634fb1e0c99f6831d9d1099a4467216c21616c053276c99ece961f9b2c8c84d0a106d322295a005a39
SSDEEP

12288:AaEGflQhZK2RF0zaZZ6RQQD8pfw41FA/IUhAuTmFeSj:AaEGflUZK2royZ+8pfwAA/PaFFj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c13ebe75815a1555e2e68960b6d242e7_JaffaCakes118

Files

c13ebe75815a1555e2e68960b6d242e7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

848f00b9f69ea0310bae1dfb6260261b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\duoie\feh\sems\ztle\oecrdysb.pdb

Imports

wininet

InternetInitializeAutoProxyDll
HttpEndRequestA
InternetErrorDlg

kernel32

TlsGetValue
DeleteCriticalSection
TlsAlloc
SetEnvironmentVariableA
VirtualAlloc
HeapCreate
HeapFree
TerminateProcess
QueryPerformanceCounter
GetLongPathNameW
LCMapStringA
CompareStringA
LCMapStringW
GetModuleHandleA
LoadResource
SetStdHandle
GetModuleFileNameA
VirtualQuery
InterlockedExchange
GetCurrentThread
GetCurrentProcessId
InitializeCriticalSection
VirtualFree
UnhandledExceptionFilter
GetCPInfo
GetTickCount
FlushFileBuffers
TryEnterCriticalSection
GetProcAddress
GetStringTypeW
GetStdHandle
EnterCriticalSection
GetSystemTimeAsFileTime
GetWindowsDirectoryA
GetOEMCP
LocalReAlloc
WideCharToMultiByte
CreateMutexA
GetEnvironmentStringsW
GetFileType
LeaveCriticalSection
OpenMutexA
HeapDestroy
TlsFree
GetVersion
FreeEnvironmentStringsA
GetLocalTime
GetStringTypeA
CompareStringW
TlsSetValue
RtlUnwind
CloseHandle
FreeEnvironmentStringsW
LoadLibraryA
ExitProcess
InterlockedDecrement
MultiByteToWideChar
GetEnvironmentStrings
HeapAlloc
SetHandleCount
ReadFile
GetTimeZoneInformation
HeapLock
GetCommandLineA
WriteFile
GetStartupInfoA
SetLocalTime
GetSystemTime
GetACP
GetCurrentThreadId
IsBadWritePtr
GetLastError
SetFilePointer
GetCurrentProcess
SetLastError
InterlockedIncrement
HeapReAlloc

user32

AppendMenuW
ScrollDC
MessageBoxA
IsCharAlphaNumericA
CharNextW
GetClassInfoExW
SetCursor
SetWindowLongA
IsZoomed
EnumThreadWindows
RegisterClassExA
GetMenuItemInfoA
ReplyMessage
DefWindowProcW
DestroyWindow
WINNLSGetIMEHotkey
UnregisterDeviceNotification
RegisterClassA
CreateWindowExW
ShowWindow
BeginPaint
ChangeDisplaySettingsW

comctl32

ImageList_GetImageCount
DrawStatusText
ImageList_SetImageCount
ImageList_DragMove
InitCommonControlsEx

Sections

.text
Size: 317KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

848f00b9f69ea0310bae1dfb6260261b

Headers

File Characteristics

PDB Paths

Imports

wininet

kernel32

user32

comctl32

Sections

.text Size: 317KB - Virtual size: 317KB

.rdata Size: 41KB - Virtual size: 54KB

.data Size: 101KB - Virtual size: 101KB

.rsrc Size: 44KB - Virtual size: 44KB

.text
Size: 317KB - Virtual size: 317KB

.rdata
Size: 41KB - Virtual size: 54KB

.data
Size: 101KB - Virtual size: 101KB

.rsrc
Size: 44KB - Virtual size: 44KB