f563eac0623e73d504672696643902b2_JaffaCakes118

General

Target

f563eac0623e73d504672696643902b2_JaffaCakes118
Size

408KB
MD5

f563eac0623e73d504672696643902b2
SHA1

3bec5b28b9b5c1f3d8f6ddaad58417d85bd05338
SHA256

49fb758b532bca9dedc1b22587786de9074e381bc9b9c03c8ac3b7d4396d416b
SHA512

832087be002307be539a781a3005192b93b131120369e57df11ca7bc37324e375fce1de23a50dd8b5fa58a93efee916304a21898e4cb0706c5a2b52aec6fe5ae
SSDEEP

6144:/LMF8wku9U/EGQfwao4GZxDvT68r+4ClJgLH4diJEKHwtOthoObqxdUskvp0XSit:/LYkCloYGZxLTdiytEP+uUskvyXO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f563eac0623e73d504672696643902b2_JaffaCakes118

Files

f563eac0623e73d504672696643902b2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c0e806c214a89a43874cc17323595a87

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

DeleteUrlCacheContainerW
GopherGetAttributeA
FindFirstUrlCacheGroup
CommitUrlCacheEntryA
ReadUrlCacheEntryStream
InternetSetOptionExA
FtpPutFileEx

comdlg32

ChooseFontA
PrintDlgA
GetFileTitleW
GetSaveFileNameA

kernel32

TerminateProcess
GetModuleHandleA
VirtualFree
FreeEnvironmentStringsA
DeleteCriticalSection
InitializeCriticalSection
IsValidLocale
IsValidCodePage
GetEnvironmentStringsW
GetTimeFormatA
TlsSetValue
WideCharToMultiByte
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
GetCurrentThreadId
TlsFree
LoadLibraryA
GetStringTypeA
MultiByteToWideChar
HeapSize
HeapFree
GetLocaleInfoA
LCMapStringW
InterlockedExchange
SetHandleCount
GetTimeZoneInformation
GetStartupInfoA
GetModuleFileNameA
RtlUnwind
HeapDestroy
GetCPInfo
ExitProcess
GetStringTypeW
GetLocaleInfoW
GetUserDefaultLCID
GetSystemInfo
GetCurrentProcess
HeapAlloc
TlsGetValue
HeapReAlloc
EnterCriticalSection
GetProcAddress
GetFileType
WriteFile
EnumSystemLocalesA
GetStdHandle
HeapCreate
LCMapStringA
GetCommandLineA
TlsAlloc
CompareStringA
IsBadWritePtr
GetOEMCP
LeaveCriticalSection
GetACP
CompareStringW
UnhandledExceptionFilter
GetEnvironmentStrings
VirtualProtect
GetCurrentProcessId
GetLastError
GetTickCount
FreeEnvironmentStringsW
GetVersionExA
SetEnvironmentVariableA
SetLastError
GetCurrentThread
GetDateFormatA
VirtualQuery

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 277KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0e806c214a89a43874cc17323595a87

Headers

File Characteristics

Imports

wininet

comdlg32

kernel32

Sections

.text Size: 119KB - Virtual size: 118KB

.rdata Size: 7KB - Virtual size: 18KB

.data Size: 277KB - Virtual size: 276KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 119KB - Virtual size: 118KB

.rdata
Size: 7KB - Virtual size: 18KB

.data
Size: 277KB - Virtual size: 276KB

.rsrc
Size: 4KB - Virtual size: 4KB