456597879c4d6babad846349c18aba26_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

456597879c4d6babad846349c18aba26_JaffaCakes118
Size

236KB
MD5

456597879c4d6babad846349c18aba26
SHA1

04a0cbf640b372b59471594173e5eaa754617539
SHA256

d9e02e127fb1787a7473da23270b878895a9f78dfa5f6a04776e1b8c6800b90e
SHA512

aa61c4031151535e5a8c6cc1d5948e2d08c6234e3b7a686b068538f24e7f25c6ccfb9fa21cb78b617ae841f414d00febdbda71a01a0f6024791820fa037b9132
SSDEEP

6144:KKQYjVf+aa2B0nQXphj+xQfBrjg2FDNNsY68Zwsy1Kcj1aAz:KKQC+aHBt0+BrNFDx7ZHcj1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
456597879c4d6babad846349c18aba26_JaffaCakes118

Files

456597879c4d6babad846349c18aba26_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b38ce64e7311c5d4becaa2052dd2e8ae

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpSendRequestA
ShowSecurityInfo
DeleteIE3Cache
CommitUrlCacheEntryA
HttpQueryInfoA
FtpPutFileA
RetrieveUrlCacheEntryFileW
InternetSecurityProtocolToStringA
InternetShowSecurityInfoByURL
InternetOpenW
InternetCrackUrlA
GopherGetLocatorTypeW
GopherCreateLocatorW
FtpOpenFileA
IncrementUrlCacheHeaderData
InternetGetCertByURL
InternetShowSecurityInfoByURLA
InternetOpenUrlA

shell32

SheChangeDirA
SHChangeNotify
DoEnvironmentSubstW
DragAcceptFiles
SHUpdateRecycleBinIcon
SHGetFileInfo
ShellExecuteExW
ShellExecuteExA
SHAddToRecentDocs
SHBrowseForFolder
FindExecutableW

gdi32

GetObjectType
GetKerningPairs
SetViewportExtEx
GetTextExtentPointA
EnumFontsA
GetFontLanguageInfo
WidenPath
DeleteColorSpace
SelectObject
PlgBlt
GetBitmapBits
SetBrushOrgEx
ExtFloodFill
DeleteObject
PolyBezierTo

comdlg32

GetFileTitleA
GetOpenFileNameA
ChooseFontA
ReplaceTextW
ChooseColorA
PageSetupDlgW
GetSaveFileNameA
FindTextA
ReplaceTextA
FindTextW
PageSetupDlgA
ChooseColorW
ChooseFontW
PrintDlgW

kernel32

VirtualQuery
VirtualFree
HeapFree
GetDateFormatW
GetProcAddress
GetLastError
TerminateProcess
lstrcpyA
GetEnvironmentStrings
MapViewOfFile
LeaveCriticalSection
GetEnvironmentStringsW
GetPrivateProfileStructA
ReadConsoleOutputCharacterW
GetStartupInfoA
UnhandledExceptionFilter
GetProcAddress
GetFileType
MultiByteToWideChar
GetCommandLineA
TlsAlloc
GetStartupInfoW
WriteConsoleOutputCharacterW
IsBadWritePtr
LCMapStringA
GetCompressedFileSizeA
GetStdHandle
QueryPerformanceCounter
GetCurrentProcess
GetTickCount
ExitProcess
VirtualQueryEx
GetCurrentThread
GetModuleHandleA
TlsSetValue
WaitNamedPipeA
VirtualAlloc
ReadConsoleW
HeapAlloc
EnumDateFormatsW
TlsGetValue
TryEnterCriticalSection
DeleteCriticalSection
HeapReAlloc
GetSystemTimeAsFileTime
WriteFile
FormatMessageA
GetModuleFileNameW
SetLastError
EnterCriticalSection
TlsFree
InitializeCriticalSection
GetVersion
HeapDestroy
LoadLibraryA
FreeEnvironmentStringsW
GetCurrentProcessId
GetCommandLineW
FreeEnvironmentStringsA
ExitThread
GetModuleFileNameA
ExpandEnvironmentStringsW
LocalUnlock
GetCurrentThreadId
InterlockedExchange
RtlUnwind
HeapCreate
SetHandleCount

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b38ce64e7311c5d4becaa2052dd2e8ae

Headers

File Characteristics

Imports

wininet

shell32

gdi32

comdlg32

kernel32

Sections

.text Size: 95KB - Virtual size: 95KB

.data Size: 130KB - Virtual size: 130KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 95KB - Virtual size: 95KB

.data
Size: 130KB - Virtual size: 130KB

.rsrc
Size: 9KB - Virtual size: 9KB