3a97efa15673db0f8585c1f9cb4918e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3a97efa15673db0f8585c1f9cb4918e6_JaffaCakes118
Size

443KB
MD5

3a97efa15673db0f8585c1f9cb4918e6
SHA1

88129ea9aa3c34f0cc6b116c503a4c4b35b19d74
SHA256

1abb32a6ea3ba0ff3b5ec8aee38426504015f419fd5a1e252a61d648032ddced
SHA512

d8ea6d50a2b38a680fcfaabb4b6fad5ce91e1a1598febeaf7b7e3f80ac830c4e22f4432124e72582eeb5c1c34bfffca2f057a0efd72097ce353ac77507c45b39
SSDEEP

6144:FEPjxWYkbLBrh/gL56uXyrTCGqwFWyTwFk/Z70bpDil1tyatfgMrQ8+kEsJ:FELxW7/D4F6y9mwF2Qpi1FQFk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3a97efa15673db0f8585c1f9cb4918e6_JaffaCakes118

Files

3a97efa15673db0f8585c1f9cb4918e6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f37b61e5cc3a6c029e30acbccf065a81

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetEnvironmentStringsW
FreeLibrary
LeaveCriticalSection
EnumSystemLocalesA
RtlUnwind
GetVersionExA
EnterCriticalSection
GetCurrentProcess
GetStringTypeA
VirtualAlloc
SetEnvironmentVariableA
LCMapStringA
HeapReAlloc
GetProcessHeap
RtlZeroMemory
GetOEMCP
GetCurrentThread
SetConsoleCtrlHandler
GetModuleFileNameA
GetEnvironmentStrings
GetUserDefaultLCID
ExitProcess
GetLastError
GetTimeZoneInformation
HeapSize
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetStringTypeW
GetCommandLineW
InterlockedIncrement
QueryPerformanceCounter
VirtualFree
Sleep
CompareStringA
SetUnhandledExceptionFilter
TlsSetValue
GetCommandLineA
HeapAlloc
GetStartupInfoW
HeapFree
VirtualLock
SetHandleCount
GetCurrentProcessId
DeleteCriticalSection
HeapCreate
GetTimeFormatA
TlsFree
InterlockedDecrement
GetCPInfo
GetLocaleInfoA
HeapDestroy
GetDateFormatA
IsValidLocale
TlsAlloc
GetThreadPriority
FreeEnvironmentStringsA
GetModuleHandleA
EnumCalendarInfoExW
WriteFile
CompareStringW
FindResourceExA
SetLastError
SuspendThread
GetModuleFileNameW
GetACP
InitializeCriticalSection
GetProcAddress
GetLocaleInfoW
GetStartupInfoA
FreeEnvironmentStringsW
LCMapStringW
InterlockedExchange
IsDebuggerPresent
WideCharToMultiByte
GetStdHandle
VirtualQuery
UnhandledExceptionFilter
TlsGetValue
IsBadReadPtr
MultiByteToWideChar
GetCurrentThreadId
IsValidCodePage
CreateProcessA
TerminateProcess
GetFileType

comdlg32

GetOpenFileNameW
PrintDlgA

wininet

ShowClientAuthCerts
FtpGetCurrentDirectoryW
HttpEndRequestW
GetUrlCacheGroupAttributeW
CreateUrlCacheEntryA
SetUrlCacheEntryGroupA
InternetCombineUrlW
InternetCheckConnectionW
ResumeSuspendedDownload
FtpRenameFileW
CreateUrlCacheContainerW
InternetSecurityProtocolToStringA
InternetTimeFromSystemTimeA
SetUrlCacheEntryInfoW
FtpRemoveDirectoryW
InternetGetCertByURL
GetUrlCacheGroupAttributeA
FtpCommandW
InternetSetOptionExA

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 310KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f37b61e5cc3a6c029e30acbccf065a81

Headers

File Characteristics

Imports

kernel32

comdlg32

wininet

Sections

.text Size: 119KB - Virtual size: 118KB

.data Size: 310KB - Virtual size: 310KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 119KB - Virtual size: 118KB

.data
Size: 310KB - Virtual size: 310KB

.rsrc
Size: 12KB - Virtual size: 12KB