0c3a9183e9055a97d6b6ab599d4d10e9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0c3a9183e9055a97d6b6ab599d4d10e9_JaffaCakes118
Size

230KB
MD5

0c3a9183e9055a97d6b6ab599d4d10e9
SHA1

6472dccc820e8ea3fd65d3e18a59329c95a85290
SHA256

dadc4120e11236d6c037b7931d96ac48bbccde2237db0e4fbce5d8b98b9ec391
SHA512

74a9f351bef4a1d51bdc9d398156869a9a458b727dea452a0b0ebf65e47c7a5bee4330f83fdf46a504ac3077fc2a14f57444072e1e106bae63973dad89f20af0
SSDEEP

6144:J2gxnpyIfC2se2Z664zjyJ9SmCWpALPxCnJbFm+53lx3:lxnQek4aveWU5wx1lx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c3a9183e9055a97d6b6ab599d4d10e9_JaffaCakes118

Files

0c3a9183e9055a97d6b6ab599d4d10e9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6775a6e6ea0a29479e97986b0c2a977f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

StartServiceW
LookupSecurityDescriptorPartsW
LookupPrivilegeValueA
CryptHashSessionKey
CryptDuplicateHash
LookupPrivilegeDisplayNameW
CryptSetProviderExW
CryptGetUserKey
CryptHashData

wininet

InternetAutodial
InternetCheckConnectionA
InternetSetOptionExW
SetUrlCacheEntryInfoA
InternetTimeFromSystemTimeW
InternetSetOptionA
InternetSetDialState
FindNextUrlCacheGroup
InternetConfirmZoneCrossingW
InternetConnectA
FtpSetCurrentDirectoryA
InternetSecurityProtocolToStringW
FtpCreateDirectoryW
SetUrlCacheHeaderData
FtpRenameFileW
InternetOpenW

comdlg32

PageSetupDlgA
ChooseFontW
GetOpenFileNameW
GetSaveFileNameW
FindTextW
ChooseFontA

shell32

SheChangeDirA
SHBrowseForFolderA
DragAcceptFiles
DoEnvironmentSubstA
SHInvokePrinterCommandA
ExtractAssociatedIconExA
SHBrowseForFolder
SHQueryRecycleBinW
SHGetSettings
SHAddToRecentDocs
CommandLineToArgvW
SHGetFileInfoW
SheGetDirA
CheckEscapesW
DoEnvironmentSubstW

kernel32

DeleteCriticalSection
DeleteAtom
GetCommandLineW
VirtualAlloc
SetLastError
WriteFile
RtlUnwind
EnterCriticalSection
InterlockedExchange
MultiByteToWideChar
GetCommandLineA
SetHandleCount
lstrcpyn
GetModuleHandleA
GetLastError
VirtualQuery
TlsSetValue
ExitProcess
GetProcAddress
GetModuleFileNameW
VirtualFree
GetEnvironmentStringsW
GetEnvironmentStrings
HeapReAlloc
TlsAlloc
GetCurrentProcess
IsBadReadPtr
GetStartupInfoW
GetCurrentThread
HeapFree
GetSystemTimeAsFileTime
GetFileType
GetWindowsDirectoryW
HeapAlloc
HeapDestroy
UnhandledExceptionFilter
FreeEnvironmentStringsA
MoveFileExW
SetConsoleCursorPosition
HeapCreate
SetCurrentDirectoryA
SetPriorityClass
InitializeCriticalSection
GetNumberFormatW
GetStdHandle
GetModuleFileNameA
IsBadWritePtr
TlsGetValue
LeaveCriticalSection
FoldStringA
GetCurrentProcessId
TlsFree
LoadLibraryA
RaiseException
FreeEnvironmentStringsW
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
ExpandEnvironmentStringsA
TerminateProcess
GetExitCodeProcess
GetVersion
GetStartupInfoA
GetCurrentDirectoryW

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6775a6e6ea0a29479e97986b0c2a977f

Headers

File Characteristics

Imports

advapi32

wininet

comdlg32

shell32

kernel32

Sections

.text Size: 118KB - Virtual size: 118KB

.data Size: 106KB - Virtual size: 106KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 118KB - Virtual size: 118KB

.data
Size: 106KB - Virtual size: 106KB

.rsrc
Size: 4KB - Virtual size: 3KB