ded7c9faf4834eefed26c8af0b7321b9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ded7c9faf4834eefed26c8af0b7321b9_JaffaCakes118
Size

389KB
MD5

ded7c9faf4834eefed26c8af0b7321b9
SHA1

5c2e8f282eece16409da2fec94faba0999436c35
SHA256

9f74e1bb4d750ab4272fcf245179202f04d5f625dce1c8099517bbe67c110c93
SHA512

1ed8ae3e004a4108a03a94c5e8a947be9bba891d9b149332905b498ae461bca88a81d730e9d57e0d85eb5d59eb5cfb2292bce0fff4e1e57620c956798923ae2d
SSDEEP

6144:xmIQiLauv843V0UaJMR3Xev5bigdGQh8oWgghHISNjRDazMH4hP4sIGcCpb1hp8U:hDa7iXeUPPokwMHGcCVp8qn+Sg7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ded7c9faf4834eefed26c8af0b7321b9_JaffaCakes118

Files

ded7c9faf4834eefed26c8af0b7321b9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d41d510dc539d44439d1c49397b285ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
TlsGetValue
InitializeCriticalSection
RtlUnwind
FileTimeToLocalFileTime
TlsFree
SetHandleCount
ReadConsoleW
GetModuleFileNameA
UnhandledExceptionFilter
GetEnvironmentStringsW
SystemTimeToTzSpecificLocalTime
GetCommandLineA
VirtualQuery
GetCurrentThread
TlsSetValue
VirtualFree
GetCurrentThreadId
GetTickCount
FreeEnvironmentStringsW
DeleteCriticalSection
LeaveCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
GetModuleHandleA
GetSystemTimeAsFileTime
GetStdHandle
WriteFile
InterlockedExchange
SetConsoleMode
HeapFree
GetFileType
GetCurrentProcessId
GetCommandLineW
GetVersion
SetLastError
HeapReAlloc
HeapAlloc
IsBadWritePtr
GetStartupInfoA
GetCurrentProcess
EnumSystemCodePagesA
HeapDestroy
QueryPerformanceCounter
GetModuleFileNameW
MultiByteToWideChar
GetProcAddress
TerminateProcess
EnterCriticalSection
ExitProcess
HeapCreate
VirtualAlloc
TlsAlloc
GetStartupInfoW
GetLastError

comdlg32

GetOpenFileNameA
ReplaceTextA
ChooseColorA
FindTextA

shell32

FreeIconList
ShellExecuteEx
DragQueryFileAorW

advapi32

InitializeSecurityDescriptor
AbortSystemShutdownA
CryptEnumProviderTypesW

user32

CharToOemW
TranslateAcceleratorA
CreateDialogParamA
MapVirtualKeyExW

wininet

InternetWriteFileExA
IsUrlCacheEntryExpiredW
GopherCreateLocatorW
InternetCombineUrlW

Sections

.text
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d41d510dc539d44439d1c49397b285ed

Headers

File Characteristics

Imports

kernel32

comdlg32

shell32

advapi32

user32

wininet

Sections

.text Size: 101KB - Virtual size: 100KB

.rdata Size: 3KB - Virtual size: 8KB

.data Size: 279KB - Virtual size: 279KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 101KB - Virtual size: 100KB

.rdata
Size: 3KB - Virtual size: 8KB

.data
Size: 279KB - Virtual size: 279KB

.rsrc
Size: 4KB - Virtual size: 3KB