0a0cc0411ad9cbc7ce74e6992230fb3c_JaffaCakes118

General

Target

0a0cc0411ad9cbc7ce74e6992230fb3c_JaffaCakes118
Size

423KB
MD5

0a0cc0411ad9cbc7ce74e6992230fb3c
SHA1

168f381697544e19c7e7ee3823f474f8e0dcc489
SHA256

562c904521e7137e1abd98ed51a799d4f9ee1d6df57e9b190819c87a33351778
SHA512

a57f87672d57e242f6d19217e656de14547065639f67676347ef860fd0800b54d54a2677a5d10984c13dae6bdfe29abc08f6d002fcd268378d967f3bdf726606
SSDEEP

12288:3D+Gigd9igt6XOS1teNnRRyfgGIChhXa:T+BROSb+yfgGICh4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a0cc0411ad9cbc7ce74e6992230fb3c_JaffaCakes118

Files

0a0cc0411ad9cbc7ce74e6992230fb3c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

94545ee19b34bb3a887d4f9830cd9e3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
EnterCriticalSection
DeleteCriticalSection
SetEnvironmentVariableW
RtlUnwind
LeaveCriticalSection
GetFileAttributesW
GetCurrentProcess
HeapDestroy
VirtualAlloc
TlsSetValue
WideCharToMultiByte
HeapReAlloc
GetStringTypeA
GetTempFileNameW
GetStdHandle
GetCommandLineA
InterlockedExchange
GetModuleFileNameA
GetEnvironmentStrings
LCMapStringW
ExitProcess
GetLastError
LCMapStringA
SetLastError
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSection
GetCPInfo
TlsGetValue
QueryPerformanceCounter
CreateToolhelp32Snapshot
UnhandledExceptionFilter
SetConsoleCP
VirtualQuery
GetCurrentThreadId
GetACP
HeapAlloc
GetVersion
HeapFree
VirtualFreeEx
TerminateProcess
GetCurrentProcessId
FormatMessageA
MultiByteToWideChar
IsBadWritePtr
GetThreadLocale
TlsFree
FreeEnvironmentStringsW
GetOEMCP
SetHandleCount
GetCurrentThread
VirtualFree
WriteFile
DebugActiveProcess
CreateProcessW
GetModuleHandleA
RtlMoveMemory
GetFileType
ReadFileEx
WriteConsoleOutputW
HeapCreate
WriteConsoleOutputCharacterA
lstrcpynA
FreeEnvironmentStringsA
TlsAlloc
GetProcAddress
GetStartupInfoA
GetStringTypeW

wininet

GopherCreateLocatorW
SetUrlCacheEntryGroupA
GetUrlCacheEntryInfoExW
DeleteUrlCacheEntry
InternetOpenW
InternetGoOnlineW
FtpPutFileW
InternetReadFileExW
InternetConnectA
CreateUrlCacheEntryW
GopherFindFirstFileA
FindCloseUrlCache

advapi32

RevertToSelf
CryptReleaseContext

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94545ee19b34bb3a887d4f9830cd9e3c

Headers

File Characteristics

Imports

kernel32

wininet

advapi32

Sections

.text Size: 112KB - Virtual size: 111KB

.data Size: 305KB - Virtual size: 304KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 112KB - Virtual size: 111KB

.data
Size: 305KB - Virtual size: 304KB

.rsrc
Size: 5KB - Virtual size: 4KB