13f66a7652a72b1e41fe882119236ac7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

13f66a7652a72b1e41fe882119236ac7_JaffaCakes118
Size

242KB
MD5

13f66a7652a72b1e41fe882119236ac7
SHA1

2d3e951e1d5d21795eabf51e8d111c4c2729b67d
SHA256

eabcc794002d22907a004907b7d1886091bcfeb787fd63159f62a0ebd775d98c
SHA512

9ebf342a059ae99c6b7e47b7daff9c4324c3d658c0cde2fd5bf3c0af66d84cabcb780478ebbd67a6341f55048c897fbec0410b26acbc2a09bb9f6448e638bd0b
SSDEEP

6144:k/sXlHlx8mcbJFKigRrtzK6V3jta8c9VgDJ7:MOlHzmJYigR53zta1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13f66a7652a72b1e41fe882119236ac7_JaffaCakes118

Files

13f66a7652a72b1e41fe882119236ac7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

76831f7910baddc781c7c077efec68b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InitializeCriticalSection
GetOEMCP
GetLastError
GetEnvironmentStringsW
RtlUnwind
WriteFile
GetEnvironmentStrings
GetCurrentProcess
TlsGetValue
VirtualAlloc
GetStartupInfoA
LeaveCriticalSection
HeapReAlloc
SetHandleCount
DeleteCriticalSection
MultiByteToWideChar
GetVersion
InterlockedExchange
GetModuleFileNameA
HeapDestroy
WideCharToMultiByte
ExitProcess
LCMapStringA
VirtualFree
GetThreadLocale
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
TlsSetValue
GetStringTypeW
FreeEnvironmentStringsW
QueryPerformanceCounter
GetNumberFormatA
TlsFree
GetCPInfo
VirtualQuery
GetCurrentThreadId
GetStringTypeA
HeapAlloc
TlsAlloc
HeapFree
GetProcessHeaps
TerminateProcess
GetCurrentProcessId
GetCurrentThread
IsBadWritePtr
UnhandledExceptionFilter
SetLocaleInfoW
GetACP
GetStdHandle
LCMapStringW
GetCommandLineA
HeapCreate
GetProcAddress
SetLastError
FreeEnvironmentStringsA
GetFileType
GetModuleHandleA
EnterCriticalSection

wininet

InternetOpenUrlW
CreateUrlCacheContainerA
InternetFindNextFileW
InternetTimeFromSystemTimeW
InternetShowSecurityInfoByURLW
InternetSetOptionA
RunOnceUrlCache
ReadUrlCacheEntryStream
FtpSetCurrentDirectoryA
UnlockUrlCacheEntryFileA
FindFirstUrlCacheEntryExA
GopherCreateLocatorW
HttpSendRequestW
FtpSetCurrentDirectoryW
InternetAlgIdToStringW
InternetQueryOptionA

user32

PackDDElParam
MapWindowPoints
RegisterDeviceNotificationW
SetTimer
DdeConnectList
DdeFreeDataHandle
SetWindowWord
DrawCaption
GetKeyNameTextW
EnumDisplaySettingsW
SetWindowTextW
GetInputState
AnyPopup
CheckMenuItem
ChildWindowFromPoint
SendMessageTimeoutA
OemToCharBuffW
GetShellWindow
RegisterClassA
CharPrevW
DeleteMenu
SetDlgItemInt

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76831f7910baddc781c7c077efec68b1

Headers

File Characteristics

Imports

kernel32

wininet

user32

Sections

.text Size: 98KB - Virtual size: 97KB

.data Size: 131KB - Virtual size: 130KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 98KB - Virtual size: 97KB

.data
Size: 131KB - Virtual size: 130KB

.rsrc
Size: 12KB - Virtual size: 12KB