dd6472e6142e75db933734b059de5fed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd6472e6142e75db933734b059de5fed_JaffaCakes118
Size

729KB
MD5

dd6472e6142e75db933734b059de5fed
SHA1

fa77a6e092bb31d75b7aebd14d7d7cf34ebf6934
SHA256

06a83e5c54abebd5f90a04c09cd3c4fde2ca79528f8500c46835b348548ef6b2
SHA512

e6aed9591bbbe0dc43e007abb2cd1abe5e7b7e4f2a58be0cd6aeb89533f6cfe537b1214acf8841e61a00a34fd4897127099077b77a384b235b965bd7a9dd1cf4
SSDEEP

12288:aTDZJOQ1lRlH4fIkjBFEwFBs8R5HCwXyfNqr2ZNhhysB4BGVpcIgqkyICuhFMUR/:Wb77RlH4f3G8R5HCwXkm2ZHB4B+eN9Ce

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd6472e6142e75db933734b059de5fed_JaffaCakes118

Files

dd6472e6142e75db933734b059de5fed_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f189c76222ddaf32adbcca7f113a7e5b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
ExitProcess
GetCurrentProcess
GetProcAddress
GetModuleHandleA
FindNextFileA
FindFirstFileA
GetSystemTime
lstrcpyA
lstrlenA
GetEnvironmentVariableA
GetShortPathNameA
LoadLibraryA
HeapAlloc
GetComputerNameA
VirtualAlloc
VirtualProtect
VirtualFree
IsBadReadPtr
HeapFree
FreeLibrary
CloseHandle
lstrcmpA
Module32Next
Module32First
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
GetTempPathA
lstrcatA
GetModuleFileNameA
CreateMutexA
GetProcessHeap
GetLastError
SetEndOfFile
GetLocaleInfoW
CreateFileW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
SetStdHandle
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
DeleteFileA
RtlUnwind
HeapValidate
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleFileNameW
GetCommandLineA
GetVersionExA
GetStartupInfoA
LCMapStringA
LCMapStringW
GetCPInfo
ReadFile
SetFilePointer
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
WriteFile
GetConsoleCP
GetConsoleMode
HeapReAlloc
HeapDestroy
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStdHandle
GetFileType
FlushFileBuffers
DebugBreak
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID

advapi32

RegQueryValueA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetUserNameA

shell32

SHGetFolderPathA

shlwapi

PathUnquoteSpacesA
PathRemoveArgsA

wininet

FtpSetCurrentDirectoryA
InternetConnectA
InternetCloseHandle
InternetOpenA
FtpPutFileA

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 296KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f189c76222ddaf32adbcca7f113a7e5b

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

shlwapi

wininet

Sections

.text Size: 328KB - Virtual size: 327KB

.rdata Size: 80KB - Virtual size: 76KB

.data Size: 296KB - Virtual size: 309KB

.rsrc Size: 20KB - Virtual size: 18KB

.text
Size: 328KB - Virtual size: 327KB

.rdata
Size: 80KB - Virtual size: 76KB

.data
Size: 296KB - Virtual size: 309KB

.rsrc
Size: 20KB - Virtual size: 18KB