3e8b7e9b2c0b7d6218115535c8006196_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3e8b7e9b2c0b7d6218115535c8006196_JaffaCakes118
Size

853KB
MD5

3e8b7e9b2c0b7d6218115535c8006196
SHA1

5c9e96ce0dfa8b5fb0a3de082f4887eaec62b19e
SHA256

2634fa239b90bab716efea537c289d45829eb38dfbaf60480db46871c5bb40b1
SHA512

d1ed8af1843974c4204bbbcad2b0ee74f8b0e4a9938cb19b6c5160e67cf03fbcf76d531ecd4a7f469c39755033b33456a92e37f583adbd2ecb7e6afd9e09185e
SSDEEP

24576:ZmcCwXmRxLgu9CZQLfv2OLLKacSL0ydTFSBKfyVyJE:yxUjZQROSBTykpE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e8b7e9b2c0b7d6218115535c8006196_JaffaCakes118

Files

3e8b7e9b2c0b7d6218115535c8006196_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2313e61299824298d245f76c2a5d3ad7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

pdh

PdhOpenQueryW
PdhExpandWildCardPathW
PdhParseCounterPathW
PdhBrowseCountersA
PdhVbGetLogFileSize
PdhEnumObjectItemsA
PdhGetDataSourceTimeRangeA
PdhListLogFileHeaderA
PdhExpandWildCardPathHA
PdhAdd009CounterA
PdhSelectDataSourceA
PdhGetDefaultPerfObjectHA
PdhVbGetDoubleCounterValue
PdhExpandWildCardPathA
PdhEnumMachinesW
PdhGetFormattedCounterArrayA
PdhVbOpenQuery
PdhValidatePathA

wininet

InternetTimeToSystemTimeW
InternetTimeFromSystemTimeA
ParseX509EncodedCertificateForListBoxEntry
InternetAutodialHangup
GetUrlCacheEntryInfoW
LoadUrlCacheContent
UrlZonesDetach
FtpGetCurrentDirectoryA
InternetSetStatusCallbackA
InternetSetCookieW
GetUrlCacheEntryInfoExW
FtpGetFileW
GopherCreateLocatorA
FtpRenameFileW
InternetTimeFromSystemTimeW
RetrieveUrlCacheEntryStreamA
UnlockUrlCacheEntryFile
FtpRemoveDirectoryA

kernel32

SetEndOfFile
lstrcat
CreateIoCompletionPort
SetComputerNameExW
SetEvent
InitializeCriticalSection
GetSystemDefaultLCID
ReadDirectoryChangesW
FindVolumeMountPointClose
FindResourceExW
lstrcmpA
VirtualAlloc
EnumDateFormatsExA
SetFileAttributesW
_hread
WriteConsoleInputVDMA
LoadLibraryA
LZOpenFileA
GlobalAlloc
WritePrivateProfileSectionW
BuildCommDCBA
EnumResourceNamesA
DebugActiveProcess
IsValidCodePage
DeleteTimerQueue
UnhandledExceptionFilter

Sections

.text
Size: 738KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2313e61299824298d245f76c2a5d3ad7

Headers

DLL Characteristics

File Characteristics

Imports

pdh

wininet

kernel32

Sections

.text Size: 738KB - Virtual size: 738KB

.rdata Size: 107KB - Virtual size: 107KB

.data Size: 3KB - Virtual size: 1.4MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 738KB - Virtual size: 738KB

.rdata
Size: 107KB - Virtual size: 107KB

.data
Size: 3KB - Virtual size: 1.4MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB