fab2484c94f7cc1bf8c9b1b91692e331_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fab2484c94f7cc1bf8c9b1b91692e331_JaffaCakes118
Size

271KB
MD5

fab2484c94f7cc1bf8c9b1b91692e331
SHA1

1460ee3678f0138484dfc47e48a66de897fda663
SHA256

7ffa5716c3b2374eebdb16909e66630a3e4863b5c769711cc7152f5b3cb19859
SHA512

c227e8281c88351d0036e4e3b3a23f06f1db72c2ef5ee1d2f1f8de51fe3600a17cf04885459898f3b91360fca69438de89974788c3c9f619ab93907cd52f7531
SSDEEP

6144:Tzk2bu4u5LF0nrk5H+jUdrcsLyBZ1D69+39GxIk:s5LGrkIjuIB1D69Or

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fab2484c94f7cc1bf8c9b1b91692e331_JaffaCakes118

Files

fab2484c94f7cc1bf8c9b1b91692e331_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c99a4e4ed09e63dac41372f4d5949b95

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetDateFormatA
EnterCriticalSection
LCMapStringW
CompareStringA
RtlUnwind
GetUserDefaultLCID
lstrcpynA
GetCurrentProcess
GetStdHandle
VirtualAlloc
SetConsoleCtrlHandler
IsValidLocale
HeapReAlloc
GetLocaleInfoW
EnumDateFormatsExA
GetLocaleInfoA
GetCPInfo
MultiByteToWideChar
GetModuleFileNameA
GetCurrentThread
GetTimeZoneInformation
ExitProcess
GetEnvironmentStringsW
GetTimeFormatA
HeapDestroy
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeA
GetACP
InterlockedDecrement
QueryPerformanceCounter
VirtualFree
SetUnhandledExceptionFilter
PulseEvent
SetLastError
TlsSetValue
FreeLibrary
HeapAlloc
GetProcessHeap
HeapFree
EnumSystemCodePagesW
SetEnvironmentVariableA
GetCurrentProcessId
GetEnvironmentVariableW
GetVersionExA
GetStringTypeW
TlsFree
InitializeCriticalSection
FreeEnvironmentStringsW
GetFileType
HeapCreate
GetCommandLineA
IsValidCodePage
Sleep
GetCompressedFileSizeW
CompareStringW
GetModuleHandleA
GetVolumeInformationW
WriteFile
GetFileTime
UnlockFileEx
SetHandleCount
TlsAlloc
EnumSystemLocalesA
FreeEnvironmentStringsA
HeapSize
GetProcAddress
GetLastError
GetOEMCP
DeleteCriticalSection
LCMapStringA
InterlockedExchange
InterlockedIncrement
WideCharToMultiByte
GetStartupInfoA
VirtualQuery
UnhandledExceptionFilter
TlsGetValue
FindAtomA
LeaveCriticalSection
GetCurrentThreadId
IsDebuggerPresent
FindNextFileW
TerminateProcess
GetEnvironmentStrings

user32

ClipCursor
DispatchMessageW
InSendMessage
ShowWindowAsync
GetCursorInfo
DrawFrameControl
DdeFreeDataHandle
MessageBoxIndirectA
DdeQueryConvInfo
MenuItemFromPoint
LoadCursorFromFileA
CreateDialogParamW
EnumPropsExW
SendDlgItemMessageA
DrawTextA
IsDlgButtonChecked
IsWindowEnabled
EndTask

wininet

FtpOpenFileW
UrlZonesDetach
InternetDial
FtpGetCurrentDirectoryA
CreateUrlCacheContainerA
GopherCreateLocatorW
InternetSetDialStateA
InternetGetCookieW
InternetAlgIdToStringW
InternetCanonicalizeUrlA
InternetCombineUrlW
RetrieveUrlCacheEntryStreamW
InternetTimeFromSystemTimeA
DeleteUrlCacheEntry
DeleteUrlCacheGroup
FtpPutFileA
HttpOpenRequestA

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c99a4e4ed09e63dac41372f4d5949b95

Headers

File Characteristics

Imports

kernel32

user32

wininet

Sections

.text Size: 125KB - Virtual size: 125KB

.data Size: 138KB - Virtual size: 166KB

.rsrc Size: 6KB - Virtual size: 6KB

.text
Size: 125KB - Virtual size: 125KB

.data
Size: 138KB - Virtual size: 166KB

.rsrc
Size: 6KB - Virtual size: 6KB