03ab063b25b6943f48f3d0756d04833e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

03ab063b25b6943f48f3d0756d04833e_JaffaCakes118
Size

303KB
MD5

03ab063b25b6943f48f3d0756d04833e
SHA1

f14f25e39243656f5b426edddafdabbb30062d18
SHA256

19cfa939ffc34d8bbb9c36bd5fd2bda99ed910381d19abf2f8569ba9f71a7b49
SHA512

5956e87890c0304955214cbc2813350ab4b8ecb36f13a5d0e8d3b90c9457b9564f86364ebca9d8d248402274ef1b4f17492bbed57081fbfbbf750cbdf31fcda8
SSDEEP

6144:rb7W9ciXLBVdnH7zX3HjxIufB7op4SL7XXz7Dro6/kYd1qOknCWL48JXjsK:r+9B7dnHDxICoqqH3oXC9YXw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
03ab063b25b6943f48f3d0756d04833e_JaffaCakes118

Files

03ab063b25b6943f48f3d0756d04833e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6752f0dbf7c2652198dd6dbc2337906a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

GetWorldTransform
SetAbortProc

advapi32

CryptGetDefaultProviderA
RegConnectRegistryA
RegLoadKeyA
RegRestoreKeyA
RegCreateKeyA
RegOpenKeyW
CryptEnumProviderTypesA

wininet

FtpPutFileA
RetrieveUrlCacheEntryStreamW
InternetConfirmZoneCrossingA
HttpQueryInfoW
IsUrlCacheEntryExpiredW
HttpQueryInfoA
InternetCrackUrlA
FtpOpenFileA
GetUrlCacheConfigInfoA
DetectAutoProxyUrl
InternetSetDialState
InternetQueryFortezzaStatus
InternetTimeToSystemTimeW
InternetAttemptConnect
SetUrlCacheConfigInfoA
InternetGoOnlineW

user32

GetUserObjectInformationA
IsClipboardFormatAvailable
GetCursorPos
MessageBoxExA
SetDlgItemInt
GetKeyboardType
DrawStateW
BringWindowToTop
GetShellWindow
EnumDesktopsW
GetDoubleClickTime
SendMessageW
GetMenuStringW

kernel32

TlsFree
SetLastError
GetDateFormatA
HeapCreate
GetCommandLineA
VirtualProtect
HeapDestroy
HeapValidate
GetUserDefaultLCID
SetHandleCount
GetStartupInfoA
TlsGetValue
GetLocaleInfoA
GetSystemTimeAsFileTime
GetPrivateProfileSectionNamesA
VirtualAlloc
EnumSystemLocalesA
TerminateProcess
CompareStringA
CloseHandle
GetTimeZoneInformation
TlsSetValue
GetEnvironmentStrings
GetStringTypeA
SetConsoleCtrlHandler
MultiByteToWideChar
ExitProcess
GetProcAddress
OpenFileMappingW
CreateMutexA
GetLastError
VirtualQuery
InterlockedDecrement
WriteFile
FreeEnvironmentStringsW
LoadLibraryA
RtlUnwind
WaitNamedPipeA
SetEnvironmentVariableA
GetVolumeInformationA
SetFilePointer
CreateSemaphoreA
GetFileType
GetModuleFileNameA
GetCPInfo
CompareStringW
IsBadWritePtr
DebugBreak
GetLocaleInfoW
GetFullPathNameA
GetStringTypeW
LCMapStringA
VirtualFree
GetCurrentProcessId
SetComputerNameW
QueryPerformanceCounter
IsValidCodePage
GetCompressedFileSizeA
SetStdHandle
GetTimeFormatA
GetWindowsDirectoryA
UnhandledExceptionFilter
GetACP
GetVersionExA
WideCharToMultiByte
TlsAlloc
HeapAlloc
GetCurrentThread
OutputDebugStringA
InterlockedIncrement
GetCurrentProcess
FlushFileBuffers
GetDiskFreeSpaceExA
GetStdHandle
GetSystemInfo
FreeEnvironmentStringsA
InterlockedExchange
IsBadReadPtr
GetModuleHandleA
GetTickCount
LCMapStringW
GetEnvironmentStringsW
SetFileTime
GetCurrentThreadId
DeleteCriticalSection
GetOEMCP
InitializeCriticalSection
HeapFree
CreateMutexW
LeaveCriticalSection
GlobalDeleteAtom
EnterCriticalSection
HeapReAlloc
IsValidLocale

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6752f0dbf7c2652198dd6dbc2337906a

Headers

File Characteristics

Imports

gdi32

advapi32

wininet

user32

kernel32

Sections

.text Size: 172KB - Virtual size: 171KB

.data Size: 120KB - Virtual size: 120KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 172KB - Virtual size: 171KB

.data
Size: 120KB - Virtual size: 120KB

.rsrc
Size: 9KB - Virtual size: 9KB