397b0e500086e72da2a50ddac677e91f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

397b0e500086e72da2a50ddac677e91f_JaffaCakes118
Size

268KB
MD5

397b0e500086e72da2a50ddac677e91f
SHA1

48a23b4c67d7bc76ae9493d2f0bc7ba96d268072
SHA256

e7a72b15f3c68323384842090c8670b1a67bb919971a8e9c8198e52d8aac061c
SHA512

5e8eb777135f14d18933963a29f9fcbf5c3598fd8e7b970a21b4ebb1defa0b410b2e1b1faf22873b02978a7667dbc4a03e94bffcdd0d8b4dc4470dddc3c077ec
SSDEEP

6144:9eQEkcvPQsTINUClOE8C6u9vEgQGyusq:9eFkuosqUoOE8y9kW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
397b0e500086e72da2a50ddac677e91f_JaffaCakes118

Files

397b0e500086e72da2a50ddac677e91f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f42ce2fb7b739371fbe7e275d926e880

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

InternalExtractIconListA
FindExecutableA
CommandLineToArgvW
SHFreeNameMappings
DragQueryFileA
SHFileOperationW
ShellExecuteA
SHGetInstanceExplorer
FindExecutableW
ExtractAssociatedIconA
SHGetDataFromIDListW
DoEnvironmentSubstW
RealShellExecuteExA
ShellExecuteExA
SHFormatDrive
CheckEscapesW
ExtractIconA
DragAcceptFiles
SheChangeDirA
SHEmptyRecycleBinW
ShellExecuteEx
SHUpdateRecycleBinIcon
SHQueryRecycleBinA
DragQueryFileW

advapi32

CryptEnumProviderTypesW
RegQueryInfoKeyA
CryptSetKeyParam
CryptCreateHash
RegDeleteKeyA
CryptGetKeyParam
CryptGetDefaultProviderA
CryptDuplicateHash
RegOpenKeyW
RegEnumValueA
LookupPrivilegeDisplayNameW

user32

IsZoomed
InflateRect
SetMenuItemInfoA
SetWindowsHookExW
AppendMenuA
MapWindowPoints
GetMenuState
UnregisterClassA
UnregisterHotKey
CreateDialogIndirectParamW

wininet

InternetCombineUrlW
InternetCanonicalizeUrlA
InternetGetConnectedStateExW
InternetCheckConnectionA
FindCloseUrlCache
DeleteUrlCacheEntry
HttpSendRequestA
FtpCreateDirectoryW
InternetAlgIdToStringA
DeleteUrlCacheEntryW

kernel32

ExitProcess
HeapReAlloc
GetModuleFileNameA
GetTickCount
RtlUnwind
OpenMutexW
GetCurrentProcess
HeapDestroy
IsBadWritePtr
WideCharToMultiByte
GetStringTypeA
WriteFile
QueryPerformanceCounter
LCMapStringW
LocalUnlock
GetSystemTimeAsFileTime
InitializeCriticalSection
GetStartupInfoA
GetDateFormatA
VirtualProtect
IsValidLocale
lstrcmpi
GetLastError
GetCurrentProcessId
GetFileType
GetCurrentThread
SetLastError
GetCurrentThreadId
HeapSize
LCMapStringA
LoadLibraryA
GetStringTypeW
CompareStringW
EnumSystemLocalesA
SetEnvironmentVariableA
GetACP
GetModuleHandleA
GetCurrencyFormatA
HeapCreate
GetStdHandle
FreeEnvironmentStringsW
IsValidCodePage
TlsFree
GetSystemInfo
TlsSetValue
GetEnvironmentStrings
GetOEMCP
VirtualAlloc
InterlockedExchange
GetNumberFormatW
SetConsoleCtrlHandler
HeapFree
HeapAlloc
SetHandleCount
CompareStringA
GetTimeFormatA
FreeEnvironmentStringsA
MultiByteToWideChar
TerminateProcess
GetTimeZoneInformation
GetCPInfo
VirtualQuery
GetLocaleInfoW
GetEnvironmentStringsW
GetProcAddress
GetLocaleInfoA
DeleteCriticalSection
VirtualFree
LeaveCriticalSection
GetUserDefaultLCID
EnterCriticalSection
GetVersionExA
TlsGetValue
GetCommandLineA
TlsAlloc
UnhandledExceptionFilter

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f42ce2fb7b739371fbe7e275d926e880

Headers

File Characteristics

Imports

shell32

advapi32

user32

wininet

kernel32

Sections

.text Size: 127KB - Virtual size: 126KB

.data Size: 136KB - Virtual size: 140KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 127KB - Virtual size: 126KB

.data
Size: 136KB - Virtual size: 140KB

.rsrc
Size: 4KB - Virtual size: 4KB