e7f92638848c4d05deab994f5382dfe1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e7f92638848c4d05deab994f5382dfe1_JaffaCakes118
Size

575KB
MD5

e7f92638848c4d05deab994f5382dfe1
SHA1

e2c4f4ac547b6d98a59edc19d8e7a35cedce015f
SHA256

91e90b650320bd6304d2fdbef400085274954f99eecd7bea8d6e3d7e3abc4faa
SHA512

9aa6f908ae8d9066606079a2db1cb4f74d8361c2b09ab85a7b5a15b5c0e33b82bb95efdb844344d8f90295577d1874595baa52c0000748665c68629f854c52ad
SSDEEP

12288:gAMHoE3k5Ux/Lq7cQWGvkDWcX8jsQeRR0:gAKxU5UN6yGMDf8jFq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7f92638848c4d05deab994f5382dfe1_JaffaCakes118

Files

e7f92638848c4d05deab994f5382dfe1_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f9ce71e0ef98c5259caf04c2cfa85502

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ebvropxtog\wgqdawau\fcxzlbuot\jldar\keoksuio\jkl.pdb

Imports

advapi32

RegSetValueExA
CryptSetProviderExW
CryptSetProviderExA
RegLoadKeyW
CryptGenRandom
CryptAcquireContextW
RegDeleteKeyA
CryptSetHashParam

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx

shell32

DragQueryFileAorW
DragQueryPoint

gdi32

GetDeviceCaps
GetNearestColor
DeleteDC
RemoveFontResourceW
GetPath
GetObjectW
EnumEnhMetaFile
GetBitmapDimensionEx
GetCharWidth32W
GetMiterLimit
RemoveFontResourceA
EnumMetaFile
GetGraphicsMode
SetTextAlign
DeleteObject
EnumFontFamiliesExW
SetViewportOrgEx
UpdateICMRegKeyW
CopyMetaFileW
SetMetaRgn
CreateDCA
GetLayout
CreateFontW

user32

GetWindowThreadProcessId
GetMenuItemInfoW
GetProcessDefaultLayout
MapDialogRect
GetNextDlgTabItem
GetAncestor
PaintDesktop
PostMessageA
IsCharLowerA
GetAsyncKeyState
SetMenuContextHelpId
KillTimer
GetKeyboardType
GetSubMenu
SetMenuDefaultItem
ShowScrollBar
AttachThreadInput
DestroyWindow
EnumPropsW
SendMessageTimeoutW
CreateIcon
MessageBoxA
GetUpdateRgn
RegisterClassExA
DefWindowProcW
CreateWindowExA
MenuItemFromPoint
ShowWindow
RegisterClassA
UnhookWindowsHookEx

kernel32

GetTimeZoneInformation
LCMapStringA
HeapReAlloc
TlsAlloc
GetCurrentProcess
InterlockedExchange
DeleteCriticalSection
SetPriorityClass
ExitProcess
GetLocaleInfoW
GetSystemTimeAsFileTime
GetStringTypeA
GetDateFormatA
SetEnvironmentVariableA
GetFileAttributesExW
GlobalSize
GetConsoleCursorInfo
CreateThread
LCMapStringW
VirtualFree
CreateSemaphoreA
SetHandleCount
GetCurrentThread
IsBadReadPtr
GetCPInfo
GetEnvironmentStringsW
GetStartupInfoA
GetFileType
GetStdHandle
GetLastError
GetTimeFormatA
RtlUnwind
WriteConsoleInputW
InterlockedDecrement
InitializeCriticalSection
WritePrivateProfileStructA
TerminateProcess
CloseHandle
GlobalUnlock
AddAtomW
GetModuleHandleA
CommConfigDialogA
CreateNamedPipeW
GetSystemInfo
LeaveCriticalSection
HeapFree
SetStdHandle
CreateMutexA
GetStringTypeW
CreateProcessA
FreeEnvironmentStringsW
ReadFile
WideCharToMultiByte
OpenWaitableTimerA
GlobalFree
LoadLibraryA
VirtualQuery
HeapAlloc
InterlockedIncrement
FlushFileBuffers
SetCurrentDirectoryW
OpenMutexA
HeapCreate
WriteFile
GetOEMCP
UnhandledExceptionFilter
EnumResourceNamesW
CompareStringA
FreeEnvironmentStringsA
DeleteFiber
TlsSetValue
EnumSystemLocalesA
HeapDestroy
FindFirstFileExA
GetLocaleInfoA
IsValidLocale
MultiByteToWideChar
GetThreadTimes
GetSystemDirectoryA
GetTickCount
GetModuleFileNameA
OutputDebugStringA
IsValidCodePage
GetProcAddress
ReadConsoleOutputAttribute
GetACP
SetLastError
WriteConsoleW
VirtualAlloc
QueryPerformanceCounter
GetFullPathNameW
CreateMutexW
TlsGetValue
GetCurrentProcessId
GetCurrentThreadId
GetVersion
GetProcAddress
ReadConsoleW
GetEnvironmentStrings
TlsFree
GetCommandLineA
GetModuleFileNameW
GetLogicalDriveStringsW
SetFilePointer
VirtualProtect
GetVersionExA
CompareFileTime
GetTempFileNameW
DebugBreak
CreateDirectoryW
GetSystemDirectoryW
GetFileAttributesExA
GetUserDefaultLCID
GetShortPathNameW
SetComputerNameW
EnterCriticalSection
HeapValidate
GetThreadSelectorEntry
GetDriveTypeW
CompareStringW
EnumResourceTypesA
SetConsoleCtrlHandler
IsBadWritePtr

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9ce71e0ef98c5259caf04c2cfa85502

Headers

File Characteristics

PDB Paths

Imports

advapi32

comctl32

shell32

gdi32

user32

kernel32

Sections

.text Size: 195KB - Virtual size: 194KB

.rdata Size: 254KB - Virtual size: 254KB

.data Size: 113KB - Virtual size: 124KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 195KB - Virtual size: 194KB

.rdata
Size: 254KB - Virtual size: 254KB

.data
Size: 113KB - Virtual size: 124KB

.rsrc
Size: 11KB - Virtual size: 11KB