40178aabe9c59eaf68df091e391a9105_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40178aabe9c59eaf68df091e391a9105_JaffaCakes118
Size

232KB
MD5

40178aabe9c59eaf68df091e391a9105
SHA1

5881f961484cd7c1609d79c50d4a79954c2c0105
SHA256

eedf5f65ba08792ff5a699cbb991bd2525e1f80b016407b6c7e022caed3b7fdf
SHA512

b52ffb9eab0a5870e8d4aebfbc4e8809e088456a2e542944cc338ffc00aefad09185850857b73a131c0d624808afe8b84608748b48bab43cd15d0c18baf61ba9
SSDEEP

6144:1PMjRrbv4gz8DCHnvYnqv66L57jOFM1xoYVq7cglVJ:VM1rbv4gzuMgnqvht7sMocgPJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40178aabe9c59eaf68df091e391a9105_JaffaCakes118

Files

40178aabe9c59eaf68df091e391a9105_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc07786ec56bb5f22927084394cd14a4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetCookieW
InternetOpenA
InternetQueryOptionW
RetrieveUrlCacheEntryStreamW
FtpOpenFileA
InternetReadFileExA
DeleteUrlCacheContainerW
FindNextUrlCacheEntryW
InternetConfirmZoneCrossingW
GopherGetLocatorTypeA
InternetCheckConnectionA
InternetConnectA
InternetConfirmZoneCrossing
CreateUrlCacheEntryA
InternetCreateUrlW
FtpCommandW
InternetDialW
FindNextUrlCacheEntryExA
SetUrlCacheEntryInfoA
InternetConnectW
FindNextUrlCacheGroup
FtpPutFileW
CommitUrlCacheEntryW
GetUrlCacheEntryInfoExW
SetUrlCacheEntryGroupW

comdlg32

GetSaveFileNameW
GetSaveFileNameA
PageSetupDlgW

user32

EnableScrollBar
DlgDirSelectExA
DdeUnaccessData
GetWindowInfo
RemovePropW
CharUpperBuffW
OffsetRect
CheckRadioButton
MessageBoxExW
RegisterDeviceNotificationW
DdeNameService

shell32

SHBrowseForFolder
SHAppBarMessage
ExtractAssociatedIconExW
ShellExecuteW
ExtractIconExW
SHFileOperationA
ShellAboutA
SheSetCurDrive
SHUpdateRecycleBinIcon

kernel32

MultiByteToWideChar
GetModuleFileNameA
HeapFree
GetLocaleInfoA
LoadLibraryA
GetCurrentProcess
TlsSetValue
GetCurrentThreadId
GetModuleFileNameW
InterlockedExchange
InterlockedDecrement
GetACP
lstrcmpiW
ExitProcess
FreeEnvironmentStringsW
GetStartupInfoA
QueryPerformanceCounter
LCMapStringA
TlsFree
Sleep
GetCPInfo
GetTimeZoneInformation
GetProcAddress
HeapReAlloc
SetLastError
WriteFile
IsValidLocale
HeapSize
TlsGetValue
EnumSystemLocalesA
IsDebuggerPresent
InterlockedIncrement
WaitForDebugEvent
FreeLibrary
VirtualAlloc
TlsAlloc
TerminateProcess
HeapCreate
GetCurrentThread
GetLastError
GetDateFormatA
IsValidCodePage
CompareStringA
SetHandleCount
GetCommandLineW
GetLocaleInfoW
GetCurrentProcessId
GetModuleHandleA
GetStringTypeA
GetModuleHandleW
GetStdHandle
SetEnvironmentVariableA
GetEnvironmentStringsW
RtlUnwind
VirtualFree
EnterCriticalSection
GetShortPathNameA
GetTickCount
GetTimeFormatA
WideCharToMultiByte
SetConsoleCtrlHandler
HeapDestroy
CompareStringW
VirtualQuery
DeleteCriticalSection
GetStringTypeW
SetUnhandledExceptionFilter
GetStartupInfoW
GetSystemTimeAsFileTime
HeapAlloc
GetFileType
GetOEMCP
UnhandledExceptionFilter
GetUserDefaultLCID
LCMapStringW
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount

Sections

.text
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc07786ec56bb5f22927084394cd14a4

Headers

File Characteristics

Imports

wininet

comdlg32

user32

shell32

kernel32

Sections

.text Size: 113KB - Virtual size: 112KB

.data Size: 113KB - Virtual size: 118KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 113KB - Virtual size: 112KB

.data
Size: 113KB - Virtual size: 118KB

.rsrc
Size: 5KB - Virtual size: 4KB