391c74bd6447637dd6210ddc113f0644_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

391c74bd6447637dd6210ddc113f0644_JaffaCakes118
Size

178KB
MD5

391c74bd6447637dd6210ddc113f0644
SHA1

165eb28ff92317f5708748f13f084550432c0167
SHA256

5a2e8a069e2da5230d2a48f8f05f10f1328546e2867a99bc39180a41ea0e2940
SHA512

3e8c44ac06743e3b02709ef6c059750542a29b9c086e0eaa3128dae0fba3d91648e44d3c7fa9beabc85d484fb1c3655fe51c0bf5e887f8f087fc55e6791bd5d2
SSDEEP

3072:yK+BjMpbjci5AQW+UwsR53MatR0V/H5gQGE4KGr8+Ydp6Fxp66H89yy71G:dawTAZ+igq0V/KjuGr8+YmJeJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
391c74bd6447637dd6210ddc113f0644_JaffaCakes118

Files

391c74bd6447637dd6210ddc113f0644_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1574ee4887dd61fd86810508edb41dc3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
CreateDirectoryA
ExitProcess
GetCommandLineA
GetLastError
GetModuleHandleA
GetStartupInfoA
HeapAlloc
InitializeCriticalSection
MultiByteToWideChar
QueryPerformanceCounter
RemoveDirectoryA
RtlUnwind
SetLastError
SetUnhandledExceptionFilter
SleepEx
VirtualFree
lstrlenA

user32

CharToOemBuffA
CharUpperBuffA
BeginPaint
CreateAcceleratorTableA
CreateIcon
DispatchMessageA
LoadBitmapA
MessageBoxA
ShowCursor
CharPrevA

advapi32

RegOpenKeyExA
RegLoadKeyA
RegEnumKeyA
RegQueryValueA

ole32

OleInitialize
OleGetClipboard
OleLockRunning
GetConvertStg
CreateStreamOnHGlobal
CreateFileMoniker
OleSaveToStream
OleUninitialize
WriteFmtUserTypeStg
OleDuplicateData
CoCreateInstance
CoGetClassObject
CoInitialize
CoUninitialize

wininet

InternetGetLastResponseInfoA
InternetQueryDataAvailable
InternetSetOptionExA
InternetSetStatusCallbackA
InternetGetCookieA
InternetCrackUrlA
InternetCloseHandle
HttpSendRequestA
HttpQueryInfoA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetConnectA

shell32

SHFileOperationA
SHGetDesktopFolder
SHGetFileInfoA
SHGetMalloc
SHGetPathFromIDListA
ShellExecuteExA
SHBindToParent

Sections

.text
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1574ee4887dd61fd86810508edb41dc3

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

wininet

shell32

Sections

.text Size: 43KB - Virtual size: 44KB

.rdata Size: 49KB - Virtual size: 52KB

.data Size: 49KB - Virtual size: 52KB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 33KB - Virtual size: 36KB

.text
Size: 43KB - Virtual size: 44KB

.rdata
Size: 49KB - Virtual size: 52KB

.data
Size: 49KB - Virtual size: 52KB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 33KB - Virtual size: 36KB