d4b8f0c9152557384218748b01132c92_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d4b8f0c9152557384218748b01132c92_JaffaCakes118
Size

82KB
MD5

d4b8f0c9152557384218748b01132c92
SHA1

5c1a0e430468766605e9f62c4bcf26d2418570e3
SHA256

a2c37edb41917a3e51c0efb5cd643c97986df3654e5780a752ef601bea14316a
SHA512

fb0d05200252416cc4c1e14f7b07bfcfe37f7c3c162f6da8e7ffb080c54c48ce6448138ace9fddaaeb301902c65258a5d1c98ce9b9d81e734d9c665b19aa56ae
SSDEEP

1536:VlJNCeycS1IeaB4D4CM+gLcHjkAVrqbN3aXOSQMIklnTtjvI5lj+aOGiX2CXW/Rs:jbCeycS19gGguYXbN3Ql5Q7j7Z/XC2U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4b8f0c9152557384218748b01132c92_JaffaCakes118

Files

d4b8f0c9152557384218748b01132c92_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3b32cfffc5806cf06b529b0870deec09

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetGetCertByURL
InternetSetPerSiteCookieDecisionW
InternetHangUp
GopherGetAttributeW
SetUrlCacheGroupAttributeA
FindNextUrlCacheEntryA
SetUrlCacheEntryGroupA
GopherOpenFileA
FtpCreateDirectoryA
InternetReadFileExW
LoadUrlCacheContent
InternetShowSecurityInfoByURL
ParseX509EncodedCertificateForListBoxEntry
DeleteUrlCacheContainerA

kernel32

BuildCommDCBAndTimeoutsA
GetCommandLineA
GetWindowsDirectoryA
SetConsoleCtrlHandler
GetCalendarInfoA
VirtualAlloc
ResumeThread
SetTimeZoneInformation
GetConsoleDisplayMode
GetConsoleAliasA
GetConsoleOutputCP
LoadLibraryA
SetThreadContext
LocalShrink
EnumUILanguagesW
GetModuleHandleA
GetCurrentConsoleFont
LoadLibraryW

user32

VkKeyScanExW
SetDebugErrorLevel
InitializeLpkHooks
keybd_event
SetMenu
EqualRect
ShowStartGlass
wvsprintfA
DestroyAcceleratorTable
OpenInputDesktop
DisableProcessWindowsGhosting
IsWinEventHookInstalled
CheckDlgButton
MonitorFromRect
IsDialogMessageW
MessageBoxTimeoutA
PostThreadMessageA

msvcirt

?get@istream@@QAEAAV1@AAVstreambuf@@D@Z
??0strstream@@QAE@ABV0@@Z
??0ifstream@@QAE@XZ
?setf@ios@@QAEJJ@Z
??0filebuf@@QAE@XZ
?open@fstream@@QAEXPBDHH@Z
?put@ostream@@QAEAAV1@E@Z
??0ios@@QAE@PAVstreambuf@@@Z
?eback@streambuf@@IBEPADXZ
?getline@istream@@QAEAAV1@PADHD@Z
??6ostream@@QAEAAV0@J@Z
??6ostream@@QAEAAV0@K@Z
?sync@filebuf@@UAEHXZ
??4iostream@@IAEAAV0@PAVstreambuf@@@Z
?unlock@streambuf@@QAEXXZ
??0istream@@IAE@XZ
??_Gstreambuf@@UAEPAXI@Z

ir50_qcx

CompressFramesInfo
CompressBegin
AllocInstanceData
CompressEnd
DllMain
CompressQuery
SetScalability
Compress
SetCPUID
FreeInstanceData

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b32cfffc5806cf06b529b0870deec09

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

msvcirt

ir50_qcx

Sections

.text Size: 36KB - Virtual size: 36KB

.data Size: 26KB - Virtual size: 31KB

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 512B - Virtual size: 260B

.text
Size: 36KB - Virtual size: 36KB

.data
Size: 26KB - Virtual size: 31KB

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 512B - Virtual size: 260B