173bbc667907f6f4f1e473f27c30780b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

173bbc667907f6f4f1e473f27c30780b_JaffaCakes118
Size

417KB
MD5

173bbc667907f6f4f1e473f27c30780b
SHA1

5c39c3ec238e4be5d05816474a55164f4b361395
SHA256

ceb908f36bb37be46427c7bd2481007bdcbbd8bc1fe110e1972855ed64cf99e1
SHA512

d2593ed7d2ed972cc82340d6f4a6628a8141261bcd154be10cc2ebb4e8f681e8c5ea4748ea542006931b682b542ec790097d5d4caa2a653922f3d0228882f80f
SSDEEP

12288:P2bzfvyRtLcU5DOQGanPlk2Wa1chqjvJuW5i1y5Z:yHUx1MuJNH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
173bbc667907f6f4f1e473f27c30780b_JaffaCakes118

Files

173bbc667907f6f4f1e473f27c30780b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8ab74043f9dc92b2ba5ab83072cc2f43

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapCreate
IsValidCodePage
LCMapStringA
TlsSetValue
GetProcAddress
LCMapStringW
HeapReAlloc
VirtualFree
GetACP
GetTimeZoneInformation
GetCurrentProcessId
WriteFile
CompareStringW
GetModuleFileNameW
Sleep
GetModuleHandleA
MultiByteToWideChar
MapViewOfFile
lstrcpynA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedDecrement
GetCommandLineW
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableA
CompareStringA
GetStringTypeW
VirtualLock
ReadConsoleOutputCharacterA
ExitProcess
GetTickCount
FindResourceExA
WideCharToMultiByte
HeapFree
GetFileType
GetModuleFileNameA
HeapDestroy
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
VirtualAlloc
MoveFileW
GetCPInfo
VirtualQuery
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
RtlUnwind
GetLastError
GetModuleHandleW
GetStdHandle
TlsAlloc
WritePrivateProfileStructA
IsValidLocale
GetCurrentThread
GetSystemTimeAsFileTime
GetLocaleInfoA
EnumSystemLocalesA
LeaveCriticalSection
GetLocaleInfoW
GetOEMCP
EnterCriticalSection
TlsGetValue
SetHandleCount
HeapSize
DeleteCriticalSection
GetStartupInfoW
TlsFree
SetSystemTime
IsDebuggerPresent
UnhandledExceptionFilter
GetStringTypeA
LocalUnlock
InterlockedExchange
GetUserDefaultLCID
GetTimeFormatA
GetDateFormatA
SetLastError
FreeLibrary
FreeEnvironmentStringsW
SetConsoleCtrlHandler
InterlockedIncrement
HeapAlloc

wininet

InternetAlgIdToStringW
InternetDialW
GopherGetLocatorTypeW
FtpCommandA
InternetCanonicalizeUrlW
CreateUrlCacheContainerA
FtpGetFileSize
InternetCombineUrlA
UnlockUrlCacheEntryFileW
InternetReadFileExW
InternetOpenUrlW
InternetTimeFromSystemTime
InternetSetDialStateW
CreateUrlCacheEntryA
RetrieveUrlCacheEntryFileW
FtpDeleteFileW
HttpEndRequestW
InternetConfirmZoneCrossing
InternetTimeFromSystemTimeA
GopherCreateLocatorW
InternetReadFileExA
InternetCrackUrlA
FtpDeleteFileA

Sections

.text
Size: 135KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 275KB - Virtual size: 282KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ab74043f9dc92b2ba5ab83072cc2f43

Headers

File Characteristics

Imports

kernel32

wininet

Sections

.text Size: 135KB - Virtual size: 134KB

.data Size: 275KB - Virtual size: 282KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 135KB - Virtual size: 134KB

.data
Size: 275KB - Virtual size: 282KB

.rsrc
Size: 5KB - Virtual size: 5KB