072f0190e934a02e1931a8c091b4fabb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

072f0190e934a02e1931a8c091b4fabb_JaffaCakes118
Size

287KB
MD5

072f0190e934a02e1931a8c091b4fabb
SHA1

286084f16c39b5604f195caa64fc2d7fb55b9321
SHA256

c0248ca7a012d158c2ed6889d4f3a8e3109d8bffa95d610b6d808bc41a415a08
SHA512

ebe4873cff53d43810fd75aa7fda491d046de2b35398dfda54bb2f31fe06545509afd7f96b25ac53df88f2d581efc9122771e930bac3f7a0da626fcfdd9f8825
SSDEEP

6144:puGm+ypvDHIop/UawOzdpu9G8N+lHeVKLFiOjorGWBCs6Rq/8wZIJSlGq:jwZDp/BpzdUQfZeKhsrjBAcFZeSsq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
072f0190e934a02e1931a8c091b4fabb_JaffaCakes118

Files

072f0190e934a02e1931a8c091b4fabb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d7e54e8575ed7aa18577f23383a1a787

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

FtpSetCurrentDirectoryA
InternetTimeToSystemTime
HttpEndRequestA
FtpOpenFileA
GetUrlCacheEntryInfoExW
InternetSetOptionA
InternetAlgIdToStringA
ShowClientAuthCerts
ShowSecurityInfo
ShowX509EncodedCertificate
InternetConnectA
GopherOpenFileA
InternetGetLastResponseInfoW
FindFirstUrlCacheContainerW
UpdateUrlCacheContentPath
ShowCertificate
DeleteUrlCacheGroup
ReadUrlCacheEntryStream
HttpOpenRequestA

user32

TranslateMessage
GetClipCursor
OemKeyScan
GetForegroundWindow
ChangeMenuW
DestroyIcon
CharPrevA
GetDesktopWindow
FindWindowA
wsprintfA
GetKeyboardLayoutNameW

comdlg32

ReplaceTextW
PrintDlgA
ChooseFontW
GetFileTitleA
ReplaceTextA
GetOpenFileNameW
PrintDlgW
GetSaveFileNameA
ChooseColorW
GetOpenFileNameA
GetSaveFileNameW
GetFileTitleW
FindTextW
ChooseColorA
PageSetupDlgW

advapi32

LookupPrivilegeValueA
RegCreateKeyW
RevertToSelf
RegEnumKeyExW
CryptAcquireContextW

kernel32

ReadConsoleA
EnterCriticalSection
VirtualFree
SetComputerNameW
InterlockedExchange
TlsGetValue
WaitForMultipleObjects
GetCurrentProcess
HeapDestroy
LoadLibraryA
VirtualProtect
GetProcAddress
InitializeCriticalSection
EnumDateFormatsA
GetStartupInfoA
CreateEventA
HeapCreate
IsValidLocale
GetEnvironmentStrings
TlsAlloc
GetDateFormatA
LCMapStringW
GetCurrentThread
CompareStringA
GetModuleFileNameA
LeaveCriticalSection
GetStringTypeA
GetCommandLineA
GetCurrencyFormatW
GetStringTypeW
GetThreadLocale
GetStdHandle
GetCurrentDirectoryA
lstrcmpi
HeapSize
LocalReAlloc
HeapReAlloc
VirtualQuery
GetConsoleOutputCP
EnumSystemCodePagesW
IsBadWritePtr
WriteConsoleInputA
TerminateProcess
GetEnvironmentStringsW
GetACP
HeapAlloc
GetOEMCP
GetShortPathNameW
CompareStringW
SetEvent
EnumSystemLocalesA
GetFileType
SetEnvironmentVariableA
WideCharToMultiByte
DeleteCriticalSection
lstrcmpW
QueryPerformanceCounter
GetLocaleInfoW
FreeEnvironmentStringsA
WriteFile
GetCPInfo
LockFileEx
GetCurrentThreadId
TlsFree
GetSystemTimeAsFileTime
GetVersionExA
IsValidCodePage
SetLastError
GetTimeZoneInformation
SetHandleCount
GetCompressedFileSizeW
UnmapViewOfFile
GetTickCount
TlsSetValue
VirtualAlloc
FlushViewOfFile
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetCurrentProcessId
GetLocaleInfoA
LCMapStringA
ExitProcess
MultiByteToWideChar
GetModuleHandleA
GetUserDefaultLCID
HeapFree
RtlUnwind
GetTimeFormatA
GetSystemInfo
GetLastError

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7e54e8575ed7aa18577f23383a1a787

Headers

File Characteristics

Imports

wininet

user32

comdlg32

advapi32

kernel32

Sections

.text Size: 137KB - Virtual size: 137KB

.data Size: 138KB - Virtual size: 148KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 137KB - Virtual size: 137KB

.data
Size: 138KB - Virtual size: 148KB

.rsrc
Size: 11KB - Virtual size: 10KB