d62b44faf97409d3b315e44cca756136_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d62b44faf97409d3b315e44cca756136_JaffaCakes118
Size

527KB
MD5

d62b44faf97409d3b315e44cca756136
SHA1

4af76edcd1843fa682c2faa3345aa72f327c4291
SHA256

f91bc3af7f08394a494d9dce7f285ddc6fe0d9ffb3effb9da30b7c0ca8ee3151
SHA512

82de71a23c59de0d44878164850ee4439b49912c368b67ef549600e5416d38cea973015805211fd0683a3e2fe77c4d2611f72d2364c5f7321e66a60ffc899d42
SSDEEP

12288:E/dU1yH81pHZi8niquwDvryC/pLOk+ZGyCEf205:E/dU16WxZiljwrFR+0HGp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d62b44faf97409d3b315e44cca756136_JaffaCakes118

Files

d62b44faf97409d3b315e44cca756136_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2a82cbc668be13090e5bd16ff4f8fdab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comdlg32

LoadAlterBitmap
GetSaveFileNameW
PrintDlgA

kernel32

GetDateFormatA
HeapFree
CompareStringA
GetOEMCP
GetVersionExA
FreeEnvironmentStringsA
SetConsoleCtrlHandler
SetVolumeLabelW
GetTimeZoneInformation
EnumSystemLocalesA
LCMapStringW
FreeLibrary
CreateMutexA
GetModuleHandleA
HeapDestroy
WriteConsoleA
OpenMutexA
InterlockedExchange
LCMapStringA
GetCurrentThread
GetUserDefaultLCID
GetStdHandle
WriteConsoleW
TlsAlloc
InterlockedDecrement
IsDebuggerPresent
GetModuleFileNameA
GetProcessHeap
TerminateProcess
ExitProcess
FlushFileBuffers
QueryPerformanceCounter
VirtualQuery
HeapSize
InterlockedIncrement
GetCurrentThreadId
DeleteCriticalSection
ConvertDefaultLocale
CloseHandle
GetEnvironmentStringsW
SetStdHandle
SetHandleCount
GetStringTypeA
SetFilePointer
LocalSize
VirtualAlloc
GetStartupInfoA
GetLocaleInfoA
GetACP
SetEnvironmentVariableA
GetCurrentProcess
TlsFree
GetCommandLineA
GetSystemTimeAsFileTime
MoveFileExA
GetTickCount
GetCPInfo
GetConsoleMode
WriteFile
FreeEnvironmentStringsW
HeapReAlloc
Sleep
CreateFileA
GetStringTypeW
GetConsoleCP
GetLastError
IsValidLocale
IsValidCodePage
GetCurrentProcessId
VirtualFree
CompareStringW
GlobalGetAtomNameW
LeaveCriticalSection
RtlUnwind
GetFileType
HeapCreate
GetLocaleInfoW
GetEnvironmentStrings
LoadLibraryA
UnhandledExceptionFilter
HeapAlloc
ReadFile
GetConsoleOutputCP
SetLastError
SetUnhandledExceptionFilter
GetTimeFormatA
TlsGetValue
WideCharToMultiByte
InitializeCriticalSection
EnterCriticalSection
TlsSetValue
GetProcAddress
MultiByteToWideChar

gdi32

LineTo
SetTextAlign
LineDDA
SetROP2
UpdateColors
Polygon

comctl32

InitCommonControlsEx

shell32

CommandLineToArgvW
ExtractIconW
SHGetSettings
ShellHookProc

wininet

FtpGetFileEx
FindNextUrlCacheEntryExA
FtpGetCurrentDirectoryA

user32

SetUserObjectInformationW
wsprintfA
CallMsgFilterA
RegisterClassA
RegisterClassExA
CreateIconFromResourceEx

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a82cbc668be13090e5bd16ff4f8fdab

Headers

File Characteristics

Imports

comdlg32

kernel32

gdi32

comctl32

shell32

wininet

user32

Sections

.text Size: 200KB - Virtual size: 199KB

.rdata Size: 9KB - Virtual size: 21KB

.data Size: 315KB - Virtual size: 315KB

.rsrc Size: 1024B - Virtual size: 964B

.text
Size: 200KB - Virtual size: 199KB

.rdata
Size: 9KB - Virtual size: 21KB

.data
Size: 315KB - Virtual size: 315KB

.rsrc
Size: 1024B - Virtual size: 964B