f590546ea43b743c6012ad5387e05448_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f590546ea43b743c6012ad5387e05448_JaffaCakes118
Size

88KB
MD5

f590546ea43b743c6012ad5387e05448
SHA1

aff095802fa488f5061f37bd20c50674f0897b49
SHA256

bd1433381e622e5ec830fcd494533e698b3d80aff01dc2bdc794401d535892b8
SHA512

bd49578bc22940cd47d10e60348be72e50d5f7914df4020d97bb9486452c0e451ec65c56992285f6f996252ed03281183307e7db270d0f4f9ec80506f6429663
SSDEEP

1536:wQfA6fi6CAKp2O8p2pa+j78ymZZuiOtx:wQ46i6HvEaryeOtx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f590546ea43b743c6012ad5387e05448_JaffaCakes118

Files

f590546ea43b743c6012ad5387e05448_JaffaCakes118
.exe windows:4 windows x86 arch:x86

60e46f1a50cc862a6a9e92e2216bed5d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

kernel32

LCMapStringA
FlushFileBuffers
FreeEnvironmentStringsA
UnhandledExceptionFilter
DeleteFileA
GetTempFileNameA
GetTempPathA
GetWindowsDirectoryA
TerminateProcess
GetProcAddress
MultiByteToWideChar
LCMapStringW
GetFileAttributesA
CloseHandle
WriteFile
CreateFileA
WinExec
Sleep
GetPrivateProfileIntA
GetPrivateProfileStringA
GetModuleFileNameA
GetSystemDirectoryA
SetUnhandledExceptionFilter
SetFilePointer
ReadFile
GetFileType
GetStdHandle
GetStringTypeA
SetStdHandle
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
LoadLibraryA
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
HeapSize
GetOEMCP
SetEnvironmentVariableA
CompareStringW
WideCharToMultiByte
CompareStringA
SetEndOfFile
GetACP
GetCPInfo
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapAlloc
HeapFree
GetLastError
GetTimeZoneInformation
GetSystemTime
GetLocalTime
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RaiseException
GetCurrentProcess
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
FreeEnvironmentStringsW

user32

wsprintfA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegCloseKey

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 281KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

60e46f1a50cc862a6a9e92e2216bed5d

Headers

File Characteristics

Imports

wininet

urlmon

kernel32

user32

advapi32

shell32

ole32

Sections

.text Size: 52KB - Virtual size: 50KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 20KB - Virtual size: 281KB

.sxdata Size: 4KB - Virtual size: 124B

.text
Size: 52KB - Virtual size: 50KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 20KB - Virtual size: 281KB

.sxdata
Size: 4KB - Virtual size: 124B