ea5511595c4611e5c1e36019cb7e06cd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea5511595c4611e5c1e36019cb7e06cd_JaffaCakes118
Size

146KB
MD5

ea5511595c4611e5c1e36019cb7e06cd
SHA1

bc5d50a52556683fd3639de427285778132218e2
SHA256

295c4682b8d1894363eb78f6f77bf159cc35967aaa9c3d11aee606ca2acc9572
SHA512

c21662f569805ec3937b7923e1ceda52e6fd49f10de25af7c6c5b7d41180cf6feafb3f89ea22b6c48c24ed43d0196035214c567f5aa4bee5268c8bf1188dc33a
SSDEEP

3072:svIzY6GtT/HnfDyRoAOravmvkZKMxiSGS4Yh/yX:swaVHNa+8YMBGY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea5511595c4611e5c1e36019cb7e06cd_JaffaCakes118

Files

ea5511595c4611e5c1e36019cb7e06cd_JaffaCakes118
.exe windows:5 windows x86 arch:x86

50e8ca99071700442c07a377e1c54c6f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\BVhdfTzwVjblY\mxiZbLQEP\sOrHKeI\pyEclCuqlfo.pdb

Imports

comdlg32

PrintDlgExW
PrintDlgW
FindTextW

gdi32

SelectPalette
CreatePolygonRgn
CreateRoundRectRgn
CreateDCW
GetClipBox
UnrealizeObject
ScaleWindowExtEx
SetBitmapDimensionEx
Polyline
FillRgn
GetTextAlign
CreateDiscardableBitmap
CreateRectRgn

kernel32

GetTempFileNameW
CreateNamedPipeA
lstrcmpiW
SetThreadPriority
CopyFileA
SetThreadContext
FlushViewOfFile
GetVersionExA
FindCloseChangeNotification
OpenFileMappingW
GetUserDefaultLangID
SetCommState
lstrcpyA
GetCommProperties
CreateWaitableTimerA
lstrlenW
CreateFileW

msvcrt

exit

ntdll

memset

shlwapi

PathRelativePathToA
ChrCmpIA

user32

IsWindow
wsprintfW
SetTimer
GetActiveWindow
DestroyAcceleratorTable
CreatePopupMenu
GetClassLongW
LoadBitmapW
RegisterHotKey
SetMenuDefaultItem
SendDlgItemMessageA
CreateWindowExW
GetDialogBaseUnits
DrawTextA
SendMessageTimeoutW
GetDlgCtrlID
InternalGetWindowText
FindWindowExW
TrackPopupMenu
ModifyMenuW
GetLastActivePopup
EqualRect
FillRect
DispatchMessageA
ChildWindowFromPointEx
ShowWindowAsync
GetSysColorBrush
RegisterClassExA

Exports

Exports

?QGATHLvn__u_@@YGPAXEPAF@Z
?sh_H_XMQPC__EXF__X@@YGJPAMPAH@Z
?_ms_DCMIW_@@YGPAHDJ@Z
?LFKSPOLJXE__XU_FwdvfXR@@YGPAXD@Z
?EKj_pAQOAlyqA_WS_a_bd@@YGXPAI@Z
?FWIY_k_@@YGKPADN@Z
?_mq_ciQm_WKN_z@@YGPAEPAI@Z
?_OEBN_b__xiv_niwqo@@YGPAFPAKE@Z
?cwe__IHG@@YGDM@Z
?XMKJ_ZGgmfwC_XSXZLBL_@@YGXPAFPAF@Z
?OVQBC_LDA_KCQV_ID@@YGPAMPAJ@Z
?Io__kgflJ@@YGKE@Z
?_IU_RD_MOE@@YGPAJG@Z
?_o_stvcpsjqi_@@YGPAFPAM@Z
?ok_clGAXJW@@YGPAFN@Z
?qzob_yoZXZR_Ydi_domzVK@@YGPAEPA_N@Z
?BTVYJxbbkKTPBg@@YGPAIK@Z
?NON_IOKMW_o@@YGXD@Z
?lJY_KOKcmgp@@YGPAXD@Z
?_KUHUCHim_@@YGIPAG@Z
?bgt_j_v_usl_i_gZY_@@YGPAFGH@Z
?_oxrhgaxyttXmipxxtcl@@YGJJM@Z
?_eHALbgoeW@@YGKPAH@Z
?_axhb_f_B_DdkhTR_D@@YGGIK@Z
?jzutOS_K_IH__@@YGXPAH@Z
?de__p_c_atfkif@@YGXKD@Z
?_DZWFEIgklqh@@YGGH@Z
?tqqzuMD_YICztq__@@YGIK@Z
?wai_c__uCDCYB_Z@@YGXG@Z
?hQJQeh_knevgxbyybp@@YGPAJIG@Z
?_aof_mgeexV__@@YGXPA_N@Z
?AGR_YlnatIRIJDU@@YGPAXJM@Z
?kvcdrtumgjo@@YGFPAE@Z
?ouvfjLVH_@@YGEM@Z
?_yhf_wljGRPNDHD__@@YGIF@Z
?UO__J__BksleJZN_O_E@@YGPAKF@Z
?mp___zZSITUG_DDM_RCKl@@YGFPAJE@Z
?vgh_j_lzwya_fmkx_XNK@@YGFPAF@Z
?_ziqooMA@@YGPA_NPAEN@Z
?_wpwbsDgixuMW_Q_BMMUMD@@YG_NPAHN@Z
?AMwvfjr@@YGXD@Z
?F_YQvDMSdpao@@YGGPAEG@Z
?I_HOTAYNAx_FNZBCc_nzs@@YGPADGI@Z
?Zw__lm_y_cv@@YGXPAMPAD@Z
?aG_ux__yJG_RLH@@YGPAHG@Z
?XC_YGEM__EEY_UZZ@@YGPAIMI@Z
?ezv_jCOH_CIHCPv@@YGDPAII@Z
?lpwxw_NMM@@YGED_N@Z
?QY_ee__F__mwp_jEWhw@@YGPA_NPAD@Z
?RIBL_gmqd@@YGEH@Z
?GFZXEOQZEerL@@YGXI@Z
?NHLZxeou_JXL_@@YGMF@Z
?CGIt_aub@@YGXPA_NI@Z
?f_myLQBGDCEhevwc_fst@@YGHH@Z
?dmnC_HTIBV__KHOEVN@@YGXPANK@Z
?wsc__ic_k_ygTBU_ZDKU@@YGPAXH@Z
?ei_ifchgkp_utvFb@@YGPAHH@Z
?qcxvqnb_ysrvwA_KHVmkl_@@YGDPAD@Z
?gkmr_sxg@@YGPAFGPAN@Z
?T_Nm__dFJLDF_L_ZGZG@@YGPAHPAMI@Z
?bz_fbu_j_N_NZ@@YGMHN@Z
?_LHI_O_stjm_aLOTzd@@YGKG@Z
?g_nzz___@@YGXIM@Z
?CCLVG_UJ@@YGXMPAI@Z
?_j__y__dk_b@@YGPAXPADK@Z

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.export
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ldata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50e8ca99071700442c07a377e1c54c6f

Headers

File Characteristics

PDB Paths

Imports

comdlg32

gdi32

kernel32

msvcrt

ntdll

shlwapi

user32

Exports

Exports

Sections

.text Size: 79KB - Virtual size: 79KB

.idata Size: 12KB - Virtual size: 12KB

.export Size: 14KB - Virtual size: 13KB

.data Size: 33KB - Virtual size: 188KB

.ldata Size: 2KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 503B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 79KB - Virtual size: 79KB

.idata
Size: 12KB - Virtual size: 12KB

.export
Size: 14KB - Virtual size: 13KB

.data
Size: 33KB - Virtual size: 188KB

.ldata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 503B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB