cf66b17c2bf2b2cb0d1e94e04ebd4a18_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cf66b17c2bf2b2cb0d1e94e04ebd4a18_JaffaCakes118
Size

88KB
MD5

cf66b17c2bf2b2cb0d1e94e04ebd4a18
SHA1

b5d13886d19648c73589e83990a0f6624cb27488
SHA256

c3fb9f37e4e3d13ab03305c676b907f4dcd77d517b2e2ff8826b45e0e6a6cc88
SHA512

e02958118a91f611c75791604955b81606bc9b4677d9695cbc4d9bd396aaf94bf2bc5054e16aac93f3aa40c116983646d99ac51134f2d1b819d16faca8c75e3b
SSDEEP

1536:eOiDhC3cJtiE1f1PRj4bGlCHtKUsm6IxG9XzwtItTkRYm:6C3YtLF1JmwC4SBG9jwtI+Ym

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cf66b17c2bf2b2cb0d1e94e04ebd4a18_JaffaCakes118

Files

cf66b17c2bf2b2cb0d1e94e04ebd4a18_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2136d2655a92b4b80910846ca6b28e1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
ExitProcess
GetCurrentProcessId
GetFileTime
GetModuleFileNameW
CreateDirectoryW
CopyFileW
ResetEvent
VirtualFree
VirtualProtect
VirtualAlloc
GetCurrentThread
GetTickCount
WriteConsoleA
LocalAlloc
GetOEMCP
GetACP
CompareStringW
CompareStringA
GetCPInfo
ReadFile
SetEndOfFile
LoadLibraryA
GetProcAddress
CreateFileA
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
GetModuleFileNameA
RtlUnwind
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetTimeZoneInformation
GetSystemTime
GetLocalTime
TerminateProcess
GetCurrentProcess
HeapFree
HeapAlloc
WideCharToMultiByte
GetModuleHandleA
GetStartupInfoW
GetVersion
GetLastError
CloseHandle
WriteFile
SetFilePointer
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
MultiByteToWideChar
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetEnvironmentStrings
GetCommandLineW
GetCommandLineA
SetEnvironmentVariableA

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

wininet

InternetCloseHandle
HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetGetLastResponseInfoW
HttpQueryInfoW
InternetQueryDataAvailable
InternetSetOptionExW
InternetCanonicalizeUrlW
InternetOpenUrlW
InternetOpenW

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2136d2655a92b4b80910846ca6b28e1f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

winspool.drv

wininet

Sections

.text Size: 64KB - Virtual size: 62KB

.data Size: 12KB - Virtual size: 1.3MB

.tls Size: 4KB - Virtual size: 60B

.rsrc Size: 4KB - Virtual size: 800B

.text
Size: 64KB - Virtual size: 62KB

.data
Size: 12KB - Virtual size: 1.3MB

.tls
Size: 4KB - Virtual size: 60B

.rsrc
Size: 4KB - Virtual size: 800B