d404064ee2c49178c70c01468942925e_JaffaCakes118

General

Target

d404064ee2c49178c70c01468942925e_JaffaCakes118
Size

66KB
MD5

d404064ee2c49178c70c01468942925e
SHA1

8c844dbed1953edff2cdadd7296f96dc112bfaff
SHA256

1b350e1f172038f111fa1b7f68e35fe253deee8f43bf7815ded5ab37dbb19d5e
SHA512

0e9643fcd03fe4cc088f957b3ec3e50657d2e0cd750245d83e9b57e005b7fae4c35ca8bc3f2612bb6a2e4c3c90d1536399526c56a3fd2e899456e21fb9936e89
SSDEEP

1536:anzqXH8whTahQ6F5nuAFxrcdjpskxX5cxKD:ME8WSQ6Xnxkjjx2xU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d404064ee2c49178c70c01468942925e_JaffaCakes118

Files

d404064ee2c49178c70c01468942925e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

deffc5014f455a964b27e5b0aad6a16c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

_snprintf
RtlImageDirectoryEntryToData
ZwMakeTemporaryObject
ZwOpenSection
ZwCreateEvent
ZwCreateSection
strchr
ZwOpenMutant
RtlImageNtHeader
RtlRandom
_stricmp
memset

kernel32

DeleteFileA
GetLocaleInfoA
ExitProcess
WinExec
VirtualAlloc
GetTickCount
VirtualFree
Sleep
CreateFileA
WriteFile
CopyFileA
LoadLibraryExA
GetProcAddress
LoadLibraryA
CreateThread
SetFilePointer
FlushFileBuffers
CloseHandle
GetModuleHandleA
MoveFileExA
GetFileSize
ReadFile
GetTempPathA
GetFileAttributesA
SetFileAttributesA
SetLastError
GetLastError
GetCurrentProcess
WaitForSingleObject
GetModuleFileNameA

advapi32

SetFileSecurityA
StartServiceA
QueryServiceStatusEx
ControlService
OpenSCManagerA
OpenServiceA

wininet

InternetGetLastResponseInfoA
InternetReadFile
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA
InternetCloseHandle
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA

imagehlp

MapFileAndCheckSumA

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.unc
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

deffc5014f455a964b27e5b0aad6a16c

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

advapi32

wininet

imagehlp

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 292B

.unc Size: 58KB - Virtual size: 60KB

.rsrc Size: 512B - Virtual size: 464B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 292B

.unc
Size: 58KB - Virtual size: 60KB

.rsrc
Size: 512B - Virtual size: 464B