f1a4ddc29638daad34cefe7ebd19eb93_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f1a4ddc29638daad34cefe7ebd19eb93_JaffaCakes118
Size

221KB
MD5

f1a4ddc29638daad34cefe7ebd19eb93
SHA1

e3c05aab0e6637f8ffad908e335da847e22a48f4
SHA256

51ab5fff6f8d8f4d73d79aa0fce1f5852926bb896e572db48889fabcdf359846
SHA512

230711f001a3b4098e68de90509693ef6253cb359c44a6ed71aef0382e66b75835cd90c2f354711973d27494c18be5b3efaed02f80b979c7d249c928ba356fdb
SSDEEP

6144:GU1ip5lLmCdtiWM1uoZQUuWKPVE0FPtaqkUVxKRI4ua8T/y:GSiPPtiVTZQUuWOE0FPt7HVxAua+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f1a4ddc29638daad34cefe7ebd19eb93_JaffaCakes118

Files

f1a4ddc29638daad34cefe7ebd19eb93_JaffaCakes118
.exe windows:5 windows x86 arch:x86

eef3899a567583b0b88699285634ad68

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\opmjJsimYWszqs\TtWSlhahbwxojfeCMw\SCqFbFWMQoLbqfi\mAYfmlCnqegibkfgjeudt\hFdkuatmbmBRZlfw\orjkfBheJynLdvdlXdxne.pdb

Imports

shell32

ord196
ord195

kernel32

WaitForSingleObjectEx
HeapFree
GetUserDefaultLangID
TlsSetValue
SetSystemTime
ClearCommError
lstrcpyA
FindResourceExW
GetModuleHandleW
GetUserDefaultUILanguage
EscapeCommFunction
GetTimeFormatA
GlobalUnlock
GetVersionExW
GetStringTypeExW
TerminateThread
FormatMessageA

shlwapi

StrChrW

user32

IntersectRect
GetDCEx
InSendMessage
DrawStateA
SetMenuItemBitmaps
MessageBoxW
DestroyIcon
UpdateWindow
mouse_event
AllowSetForegroundWindow
GetMenuItemInfoW
SetMenu
GetActiveWindow
CharUpperA
SetRect
IsZoomed
DrawTextW
EnumThreadWindows
GetWindowRect
GetCaretPos
OemToCharA
SetDlgItemInt
GetScrollPos
DrawTextA
DestroyMenu
GetShellWindow
RedrawWindow
SetWindowTextA
RegisterClassW
CallWindowProcW

gdi32

BeginPath
Ellipse
CreateBitmapIndirect
Polygon
SetLayout
RoundRect
SelectClipRgn
SetBkMode
GetFontData
DeleteObject
RestoreDC
CreatePolygonRgn
CreateRectRgn
GetCharWidth32W

Exports

Exports

?DUIidJLdlukydILKDFyiuITFUf6utydyifdikgfgfdhgfd@@YGKEPA_WG@Z

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eef3899a567583b0b88699285634ad68

Headers

File Characteristics

PDB Paths

Imports

shell32

kernel32

shlwapi

user32

gdi32

Exports

Exports

Sections

.text Size: 136KB - Virtual size: 135KB

.rdata Size: 70KB - Virtual size: 69KB

.mdata Size: 11KB - Virtual size: 11KB

.data Size: 1KB - Virtual size: 161KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 860B

.text
Size: 136KB - Virtual size: 135KB

.rdata
Size: 70KB - Virtual size: 69KB

.mdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 161KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 860B