ea0d9c9998b4b5281754c08d08f65ec9_JaffaCakes118

General

Target

ea0d9c9998b4b5281754c08d08f65ec9_JaffaCakes118
Size

115KB
MD5

ea0d9c9998b4b5281754c08d08f65ec9
SHA1

fd1048a6dc42ed5283b98e5683f510187dd11dd2
SHA256

1d0b87fad48adbb81fff6030ddc8c474ccd4a40198eec3fc2a13e3571cfb5d43
SHA512

9173ecc08984f81ee53e405942d8b40d67d8bb233b23690747f8827d56a2f6f7aff0011f94abf36c6a35483805c576b3d4dbe4b6e86fd5d45a40cd840d620708
SSDEEP

3072:Y/FP777777Dau+Talx2vLmRJWRbY2Y3dFNJPmDamJ8/7:zulx2vLmRaY2+npb7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea0d9c9998b4b5281754c08d08f65ec9_JaffaCakes118

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

ea0d9c9998b4b5281754c08d08f65ec9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a64cf4a612fd023173d5009ce41f0b69

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
GetCommandLineW
LocalFree
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
SetFilePointer
GetSystemTime
CreateEventW
CompareFileTime
SystemTimeToFileTime
GetFileSize
GetProcessHeap
HeapFree
HeapAlloc
GetTempPathW
ReadFile
CreateDirectoryW
LockResource
CreateFileW
SizeofResource
SetEvent
ResetEvent
OpenEventW
ReleaseMutex
CloseHandle
CreateProcessW
WaitForSingleObject
GetExitCodeProcess
WaitForMultipleObjects
CreateThread
CreateMutexW
OpenMutexW
GetLastError
FindResourceW
LoadResource
WriteFile
Sleep

shell32

CommandLineToArgvW

wininet

InternetReadFile
InternetCrackUrlW
InternetOpenW
HttpQueryInfoW
InternetConnectW
HttpSendRequestW
InternetSetFilePointer
InternetCloseHandle
HttpOpenRequestW

shlwapi

SHGetValueW
StrRChrW
StrCatW
StrStrW
StrCpyW
PathAppendW

user32

wsprintfW
SendMessageW

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a64cf4a612fd023173d5009ce41f0b69

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

wininet

shlwapi

user32

Sections

.text Size: 12KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 1KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 99KB - Virtual size: 99KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 99KB - Virtual size: 99KB

.reloc
Size: 1KB - Virtual size: 1KB