aaa7db1933feab160b5a277e1ddfc991_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

aaa7db1933feab160b5a277e1ddfc991_JaffaCakes118
Size

552KB
MD5

aaa7db1933feab160b5a277e1ddfc991
SHA1

0caf4aa7056dd428d3fc7fa65f23e63bc1366cdd
SHA256

d6aa9b85d50f0a171effd9ea4f0c91dcfef7d204ecde55466c7b1dbbc3dd3c64
SHA512

cbcf2e4ddb033b296d51d9aab5fe903b8b2e9ee035f5d35675a25d496e6a236d804f99eaf329e6c8fc21200b0a5ef12d1bcc912b14df1639570bcf4c84f1fae4
SSDEEP

3072:bmrMookGuvd1RsD25g6mCGHjrGlT0Swrj1w+SEJQ9D6p8rlBf2:6rkkGkdHsD2BGHmlgSwrBKgE6p85B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
aaa7db1933feab160b5a277e1ddfc991_JaffaCakes118

Files

aaa7db1933feab160b5a277e1ddfc991_JaffaCakes118
.exe windows:5 windows x86 arch:x86

06381806846b2f1b5db3ce474006668f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

her2$je.Pdb

Imports

gdi32

BitBlt
EnumObjects
StrokePath
GetClipRgn
GetGlyphOutlineW
SelectObject
GdiSetBatchLimit
MaskBlt
RectVisible
LineTo
CreatePatternBrush
Arc
GetKerningPairsA
Polyline
OffsetClipRgn
GetSystemPaletteEntries

kernel32

SetConsoleHistoryInfo
GetDynamicTimeZoneInformation
GetModuleHandleA
GetNamedPipeInfo
GetModuleHandleExW
GetLocalTime
GetSystemTimes
GetLongPathNameA
OpenMutexA
CommConfigDialogA
GetConsoleTitleW
TransmitCommChar
lstrcpynA
WaitForMultipleObjectsEx

winspool.drv

DeletePrinterDriverExW

imm32

ImmGetContext

winmm

mixerGetLineControlsW
midiInGetDevCapsA
PlaySoundA
midiInAddBuffer
GetDriverModuleHandle

msi

ord29

ntdll

strlen
RtlCompareMemory
RtlInterlockedPopEntrySList
memset

wininet

InternetFindNextFileA
InternetOpenUrlA

ole32

OleSetContainedObject
CoDisconnectObject
OleConvertOLESTREAMToIStorage

msvfw32

ICLocate

netapi32

NetGroupGetUsers
NetApiBufferSize

cfgmgr32

CM_Locate_DevNodeW

rpcrt4

RpcServerUseProtseqIfW

crypt32

CryptMsgDuplicate
CertOpenSystemStoreA

mscms

CloseColorProfile

user32

RealGetWindowClassA
BeginPaint
WaitMessage
EnumWindows
EnumChildWindows
FlashWindow
BeginDeferWindowPos
GetUpdateRgn
GetMenuState
ToAsciiEx

pdh

PdhMakeCounterPathW

rasapi32

RasFreeEapUserIdentityW

comdlg32

GetSaveFileNameA
CommDlgExtendedError

version

VerQueryValueW

shlwapi

StrTrimA
PathRemoveFileSpecA
SHRegGetUSValueA
PathFileExistsA

lz32

LZSeek
LZInit

msacm32

acmStreamOpen

Sections

.text
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 48KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06381806846b2f1b5db3ce474006668f

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

kernel32

winspool.drv

imm32

winmm

msi

ntdll

wininet

ole32

msvfw32

netapi32

cfgmgr32

rpcrt4

crypt32

mscms

user32

pdh

rasapi32

comdlg32

version

shlwapi

lz32

msacm32

Sections

.text Size: 492KB - Virtual size: 491KB

.data Size: 48KB - Virtual size: 52KB

.idata Size: 4KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 1024B

.text
Size: 492KB - Virtual size: 491KB

.data
Size: 48KB - Virtual size: 52KB

.idata
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 1024B