d18a551353ff197b67c361dec11bdbce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d18a551353ff197b67c361dec11bdbce_JaffaCakes118
Size

55KB
MD5

d18a551353ff197b67c361dec11bdbce
SHA1

c8d3e381da1d7bd78041b2e0bfd45982cb317fbd
SHA256

e32e9cc6e7b0b07e4f2a5b04067d09dd728b2bb98a08a2fff96ac4683156a750
SHA512

06dbebdea15527fbb25e832c48cbdaa840af3809bb72442dd3d5fb0de1aaa93e6d196e6d3a3c4628dc748e702661231ff96f699f926a229cd03a70dd7f3d54bf
SSDEEP

1536:pBi2HrQFOogi3JO+3ij8UDVRklEIRTNDTQ:1ssop3+Ylz0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d18a551353ff197b67c361dec11bdbce_JaffaCakes118

Files

d18a551353ff197b67c361dec11bdbce_JaffaCakes118
.exe windows:4 windows x86 arch:x86

36ff1133f8ba98b7c79af46d95adbb1e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Ewuh\Acuga\Bulo\Sorecix\Taxurozy\Irawykuxek\Uwybu.pdb

Imports

kernel32

GetDiskFreeSpaceA
CreateProcessA
GetEnvironmentVariableA
GetShortPathNameA
RemoveDirectoryA
GetCurrentThread
GetVersionExW
TerminateProcess
CreatePipe
PeekNamedPipe
GetExitCodeProcess
GetEnvironmentVariableW
WinExec
SetUnhandledExceptionFilter
SetErrorMode
DuplicateHandle
GetModuleFileNameA
OpenMutexA
CreateMutexW
CreateMutexA
SetEvent
WaitForSingleObject
GetCurrentProcess
GetTempPathW
LoadLibraryW
RemoveDirectoryW
MoveFileW
FindNextFileW
FindFirstFileW
TlsGetValue
TlsAlloc
GetModuleHandleW
GetCurrentThreadId
GetCommandLineW
MoveFileA
VirtualProtect
GetLocaleInfoA
FlushFileBuffers
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetSystemTimeAsFileTime
GetModuleHandleA
GetCommandLineA
GetVersionExA
ExitProcess
GetProcAddress
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
CloseHandle
CreateFileA
HeapAlloc
LoadLibraryA
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
IsBadWritePtr
RtlUnwind
InterlockedExchange
VirtualQuery
SetEndOfFile
ReadFile
SetFilePointer
SetStdHandle
HeapSize
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemInfo

wininet

InternetConnectW
InternetOpenW
HttpOpenRequestW
HttpSendRequestW
HttpEndRequestW
InternetWriteFile
InternetTimeToSystemTime
InternetCloseHandle

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36ff1133f8ba98b7c79af46d95adbb1e

Headers

File Characteristics

PDB Paths

Imports

kernel32

wininet

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 11KB - Virtual size: 62KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 11KB - Virtual size: 62KB

.rsrc
Size: 1KB - Virtual size: 1KB