56fd1fb5970b168ea135e7cd7c3cfe3a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

56fd1fb5970b168ea135e7cd7c3cfe3a_JaffaCakes118
Size

26KB
MD5

56fd1fb5970b168ea135e7cd7c3cfe3a
SHA1

d92d865e34a8ea8faff066ec6c60d1b188816528
SHA256

7f06959cc0e7883c8cb7f5f52d1f3453fbcf5737f4894128eb059570bcb72ece
SHA512

5f0c9651d1ea6531a988daf79837c359a0d268ff4b8f331b2a00d1fbe8728185af81229e7bdb3a2d19f3bd54ae5a90387a9c7f7b481747c757f6a84e8632774f
SSDEEP

768:ugD3n0MuqkKAsVmUAjSBc+oHO/kWqZIO1lZ:ugDXlymVmvSBc+awWlZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
56fd1fb5970b168ea135e7cd7c3cfe3a_JaffaCakes118

Files

56fd1fb5970b168ea135e7cd7c3cfe3a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e57733be9f77090f8780237b85c41717

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

dnsapi

DnsQuery_A
DnsRecordListFree

wininet

InternetCheckConnectionA

kernel32

HeapReAlloc
HeapSize
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
lstrcpynA
Sleep
lstrcatA
lstrcpyA
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
FlushViewOfFile
lstrlenA
GetModuleFileNameA
GetModuleHandleA
MapViewOfFile
CreateFileMappingA
CreateFileA
WaitForSingleObject
CreateMutexA
GetSystemDefaultLCID
GetVolumeInformationA
GetWindowsDirectoryA
lstrcmpA
GlobalFree
GlobalAlloc
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
HeapFree
GetProcessHeap
HeapAlloc
GetLastError
RaiseException
lstrlenW
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
VirtualAlloc
LoadLibraryA
GetCPInfo
GetOEMCP
GetStringTypeW
GetStringTypeA
GetCurrentThreadId
QueryPerformanceCounter
HeapCreate
HeapDestroy
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
InterlockedExchange
VirtualQuery
RtlUnwind
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
GetProcAddress
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
GetStartupInfoA
GetCommandLineA
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetCurrentProcessId

user32

CharUpperA
wsprintfA
GetForegroundWindow
SetForegroundWindow

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegCreateKeyA

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
VariantInit
VarBstrCat
SysStringByteLen
SysAllocStringByteLen
SysStringLen
SysFreeString
SysAllocString
SysAllocStringLen

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e57733be9f77090f8780237b85c41717

Headers

File Characteristics

Imports

dnsapi

wininet

kernel32

user32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 18KB - Virtual size: 17KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 1024B - Virtual size: 2KB

.text
Size: 18KB - Virtual size: 17KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 1024B - Virtual size: 2KB