d4a7a242159dd585d4e3be987f88f9a3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4a7a242159dd585d4e3be987f88f9a3_JaffaCakes118
Size

501KB
MD5

d4a7a242159dd585d4e3be987f88f9a3
SHA1

92a64af3aed5b27a1f6dc96a956a835a2802e7c5
SHA256

18147687e067be599192011a830e9b8c40b2b1a4146a55eda1511f80c0662687
SHA512

5f3c91c1de5f36c1a0405ec708123f581e5935a477cb5d4f5dd4f1a69d3b140555b7c563698f7797a909ac597d8b0d2ef67416520008c5801c216eb755963f7f
SSDEEP

12288:y2OGGalU5AcB5oY814LzeE+KzkDlLb2Mz:DNGau29seXb2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4a7a242159dd585d4e3be987f88f9a3_JaffaCakes118

Files

d4a7a242159dd585d4e3be987f88f9a3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

563d31b4220790dd5862bd6c182edd61

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateWaitableTimerW
HeapCreate
SetComputerNameA
VirtualAllocEx
WideCharToMultiByte
VirtualQuery
GetLastError
ExitProcess
MultiByteToWideChar
GetProcAddress
GetLocaleInfoW
TlsSetValue
GetCurrentProcessId
HeapSize
GetSystemTimeAsFileTime
CloseHandle
IsValidCodePage
WriteConsoleW
OpenMutexA
LCMapStringA
GetStringTypeW
GetStdHandle
lstrcat
GetUserDefaultLCID
CreateMutexA
GetLocaleInfoA
FreeEnvironmentStringsA
HeapFree
FreeLibrary
GetCPInfo
SetUnhandledExceptionFilter
UnmapViewOfFile
HeapValidate
TerminateProcess
SetFilePointer
CompareStringW
InterlockedExchange
InterlockedIncrement
FileTimeToDosDateTime
GetProcessHeap
UnhandledExceptionFilter
VirtualFree
GetEnvironmentStrings
QueryPerformanceCounter
GetConsoleOutputCP
lstrcmp
GetEnvironmentStringsW
WriteFile
GetStartupInfoW
GetTimeFormatA
LoadLibraryA
CreateFileA
HeapDestroy
EnumResourceTypesW
SetLastError
GetOEMCP
GetConsoleCP
OpenFileMappingA
DeleteCriticalSection
SetConsoleCtrlHandler
CompareStringA
SetConsoleMode
GetTickCount
IsValidLocale
GetTimeZoneInformation
InitializeCriticalSection
Sleep
IsDebuggerPresent
GetModuleFileNameA
WaitCommEvent
GetFileType
LCMapStringW
TlsFree
GetStartupInfoA
GetCommandLineW
RtlUnwind
GetCurrentThreadId
TlsGetValue
FlushFileBuffers
SetEnvironmentVariableA
SetHandleCount
GetCurrentThread
GetConsoleMode
GetModuleHandleA
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
ReadFile
SetStdHandle
GetCurrentProcess
GetModuleFileNameW
InterlockedDecrement
VirtualAlloc
GetACP
GlobalSize
EnumSystemLocalesA
SetCurrentDirectoryA
TlsAlloc
GetDateFormatA
WriteConsoleA
GetDiskFreeSpaceA
WaitNamedPipeW
GetStringTypeA
HeapAlloc
FreeEnvironmentStringsW
GetCommandLineA
HeapReAlloc

comctl32

InitCommonControlsEx

wininet

HttpSendRequestExW
InternetCanonicalizeUrlW
InternetOpenUrlA
FtpRemoveDirectoryW
InternetGetConnectedStateEx
InternetSetOptionA

user32

SendMessageTimeoutA
ChangeDisplaySettingsW
SetParent
GetFocus
SetLastErrorEx
CharLowerA
ExcludeUpdateRgn
RegisterClassExA
SetCaretPos
RegisterClassA
CloseClipboard

Sections

.text
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

563d31b4220790dd5862bd6c182edd61

Headers

File Characteristics

Imports

kernel32

comctl32

wininet

user32

Sections

.text Size: 166KB - Virtual size: 166KB

.rdata Size: 10KB - Virtual size: 29KB

.data Size: 313KB - Virtual size: 313KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 166KB - Virtual size: 166KB

.rdata
Size: 10KB - Virtual size: 29KB

.data
Size: 313KB - Virtual size: 313KB

.rsrc
Size: 10KB - Virtual size: 10KB