ff09ff1168bd7445cd548d0969fef231_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ff09ff1168bd7445cd548d0969fef231_JaffaCakes118
Size

499KB
MD5

ff09ff1168bd7445cd548d0969fef231
SHA1

1b259082326df9231110dcbadb554b9ec91f0f2d
SHA256

b9d189fc92cdcdabf64faafa45f5f5a7e0f72559e3fdbc1017a33a841f4849bd
SHA512

ba71b3b616117f0d89c0095eb5064a199f92d18a80af67b20a4296513bc8c9d63eb30136aec8ca89cf1c9ab3cab256d404528d647feb6c6cf9dbb9fa0a4a6e54
SSDEEP

12288:x9Y/3ZMN7qqgSjda8buxD1gYoxxpJBho767:Q/J+1Rjo8qb+bfBho76

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ff09ff1168bd7445cd548d0969fef231_JaffaCakes118

Files

ff09ff1168bd7445cd548d0969fef231_JaffaCakes118
.exe windows:4 windows x86 arch:x86

342f9df03a356cac13b2718d1ab2a0df

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\od

Imports

wininet

UpdateUrlCacheContentPath
InternetQueryFortezzaStatus
FtpGetFileEx
DeleteUrlCacheEntryA
FtpFindFirstFileW
InternetCreateUrlW

user32

DdeQueryConvInfo
OemToCharBuffW
RegisterClassA
RegisterClassExA
WinHelpA
DlgDirListA
CheckMenuRadioItem
DialogBoxIndirectParamA
PeekMessageW
TranslateMDISysAccel

comctl32

InitCommonControlsEx

kernel32

HeapAlloc
TlsFree
CompareStringA
GetCommandLineA
GetSystemTime
SetConsoleWindowInfo
HeapDestroy
LockResource
ReadFile
VirtualQuery
GetStartupInfoA
LoadLibraryA
InterlockedDecrement
GetCurrentProcess
SetVolumeLabelW
GetOEMCP
DeleteAtom
GetEnvironmentStringsA
CompareStringW
GetLocalTime
SetStdHandle
GetStringTypeA
EnterCriticalSection
InterlockedIncrement
GetCurrentProcessId
GetModuleFileNameA
GetThreadTimes
GetStringTypeW
CreateMutexA
GetStdHandle
GetPrivateProfileSectionNamesA
GetAtomNameA
RtlUnwind
GlobalFix
FlushFileBuffers
FindResourceExA
ExitProcess
UnhandledExceptionFilter
GetTimeZoneInformation
GlobalSize
GetProcAddress
VirtualFree
GetTickCount
GetLastError
HeapCreate
TlsAlloc
FreeEnvironmentStringsA
GetEnvironmentStringsW
LeaveCriticalSection
GetFileType
TlsSetValue
InitializeCriticalSection
LCMapStringA
CloseHandle
DeleteCriticalSection
InterlockedExchange
GetCPInfo
HeapReAlloc
GetEnvironmentStrings
SetLastError
IsBadWritePtr
QueryPerformanceCounter
EnumCalendarInfoA
TerminateProcess
TlsGetValue
MultiByteToWideChar
SetFilePointer
SetHandleCount
GetCurrentThread
GetSystemTimeAsFileTime
FreeEnvironmentStringsW
GetACP
GetVersion
GetFullPathNameA
OpenMutexA
FreeResource
OpenFile
HeapFree
WideCharToMultiByte
GetCurrentThreadId
VirtualAlloc
LCMapStringW
EnumCalendarInfoExW
SetEnvironmentVariableA
GetModuleHandleA
WriteFile

Sections

.text
Size: 344KB - Virtual size: 343KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

342f9df03a356cac13b2718d1ab2a0df

Headers

File Characteristics

PDB Paths

Imports

wininet

user32

comctl32

kernel32

Sections

.text Size: 344KB - Virtual size: 343KB

.rdata Size: 33KB - Virtual size: 37KB

.data Size: 104KB - Virtual size: 104KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 344KB - Virtual size: 343KB

.rdata
Size: 33KB - Virtual size: 37KB

.data
Size: 104KB - Virtual size: 104KB

.rsrc
Size: 17KB - Virtual size: 16KB