00d8d09256cf811fea41c972914d570f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00d8d09256cf811fea41c972914d570f_JaffaCakes118
Size

156KB
MD5

00d8d09256cf811fea41c972914d570f
SHA1

d5e26b07527437484b2f63871c6ab0e1c87d5e95
SHA256

0270af88ace385ff290ed232963f6b5791bb59ed9e8f0f5d3cf0aafa9c23be7a
SHA512

fe65a7df84e6993b897a70dfa30fa6fd9bdc80c41d5130a7ece425ed98375b10e26be5c4ce10b83f234235cc403dbc3fd7f7f12827fb0f5e4225e41ae11c9cb5
SSDEEP

3072:S891admAREz8iGSUM/HHudHjOWZJ62QJk/gjMHnrGTkUv0b7M21M8pycy:Sa0dmBHuNjO2MXS1rGT27k8pdy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00d8d09256cf811fea41c972914d570f_JaffaCakes118

Files

00d8d09256cf811fea41c972914d570f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b6c8632af89c4347ff6ad7a2613b6c80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Q:\vlWeovaf\Parfbxr\zKfTDtnuUBkaU\zuZtplTvpjcm\Souveou.pdb

Imports

shlwapi

PathIsUNCA

kernel32

GetCommConfig
lstrlenA
GetFullPathNameA
GetTempFileNameW
TryEnterCriticalSection
lstrcmpA
CopyFileW
FindNextFileA
GetCommandLineA
TlsSetValue
GetModuleHandleA
WaitCommEvent
CloseHandle
GetCurrentThreadId
RemoveDirectoryA
lstrlenW
FindResourceW
CreateFileW
lstrcpyA
GetCommProperties
GetStartupInfoA
RaiseException
lstrcmpW
SetThreadContext
GlobalGetAtomNameA
GetDateFormatA
GetShortPathNameW
LeaveCriticalSection
CreateWaitableTimerW
SetWaitableTimer
ConnectNamedPipe
OpenFileMappingW
OpenEventA
GetUserDefaultUILanguage
ClearCommBreak
GetBinaryTypeA
SetFilePointer
ClearCommError
CancelWaitableTimer
EnumResourceLanguagesA
UnhandledExceptionFilter
IsDBCSLeadByte
EnumSystemLocalesA
GetComputerNameExW
MoveFileExW
CreateNamedPipeW
GetUserDefaultLangID
GetLastError
GetLocaleInfoA
lstrcatA
LocalReAlloc
GetWindowsDirectoryW
FreeLibrary
AreFileApisANSI
VerSetConditionMask

msvcrt

memset
towlower
_controlfp
__set_app_type
wcscoll
__p__fmode
strspn
printf
getenv
fputc
strtoul
strcspn
isprint
mbstowcs
free
__p__commode
fputs
wcsncmp
wcstok
_amsg_exit
iswspace
localtime
iswdigit
swprintf
sprintf
strcoll
malloc
_initterm
fprintf
fflush
ungetc
wcscpy
clock
atoi
_ismbblead
calloc
fseek
toupper
setlocale
gmtime
puts
strstr
_XcptFilter
getc
_exit
atol
swscanf
_cexit
__setusermatherr
__getmainargs

user32

IsCharAlphaNumericW
GetPropW
CharNextW
GetMenuItemID
GetFocus
SendMessageTimeoutA
SendDlgItemMessageA
InvalidateRgn
GetKeyState
InternalGetWindowText
wsprintfW
DefWindowProcW
LoadCursorW
SendMessageTimeoutW
GetMenuItemCount
LoadIconA
DrawAnimatedRects
GetAsyncKeyState
LoadMenuW
SetWindowLongW
DefWindowProcA
EndPaint
GetWindowTextA
GetUpdateRect
CopyRect
DestroyCursor
RegisterClassA
TabbedTextOutW
InflateRect
SetDlgItemInt
EnableWindow
SetMenuItemInfoW
DrawStateW
OpenInputDesktop
CreateCaret
GetClipCursor
SendMessageA
DrawFrameControl
SetScrollPos
LoadAcceleratorsA
SetParent
IsDlgButtonChecked
PostThreadMessageA
ChildWindowFromPoint
GetUserObjectInformationW
SetMenuDefaultItem
IsWindow
RemovePropW
AppendMenuW
CheckRadioButton
GetKeyboardLayoutList
MapWindowPoints
GetCaretPos
PostMessageW
IsCharUpperA
CreateDialogParamA
ArrangeIconicWindows
CheckMenuItem
SetCaretPos
GetWindowLongA
GetScrollRange
DispatchMessageA
SetWindowPos
VkKeyScanW
OemToCharBuffA
DestroyCaret
SendMessageW
wsprintfA
GetClientRect
CharNextA
CharLowerA
DrawIcon
LoadStringW
GetMenu
RegisterClassExW
DestroyIcon
LoadBitmapA
CreateCursor
GetLastActivePopup
CharToOemBuffA
wvsprintfW
CheckDlgButton
GetWindowPlacement
DestroyAcceleratorTable
MessageBoxA
EnumWindows
CreateWindowExW
GetMenuItemInfoW
GetSysColorBrush
DrawTextExW
GetScrollPos
ClipCursor
SetClassLongW
ShowWindow
EnumChildWindows
RegisterHotKey
GetMessagePos
IsMenu
CharLowerW
ReleaseDC
OemToCharA
CreateIconFromResource
CallWindowProcW
CheckMenuRadioItem
UnionRect
GetWindowDC
DefFrameProcW
GetMenuItemRect
SetMenu
EnableScrollBar
SetWindowTextA
LoadImageA
GetDlgCtrlID
AdjustWindowRectEx
ReplyMessage
EqualRect
HideCaret
GetDlgItemInt
GetDCEx
IsWindowVisible
MapVirtualKeyExW

Exports

Exports

?ForwardControlItem@@YGK_KK:O

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ips1
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ips2
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.read
Size: 1024B - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ips3
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ips4
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b6c8632af89c4347ff6ad7a2613b6c80

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

msvcrt

user32

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 21KB

.ips1 Size: 6KB - Virtual size: 5KB

.ips2 Size: 512B - Virtual size: 88B

.read Size: 1024B - Virtual size: 96KB

.ips3 Size: 512B - Virtual size: 192B

.data Size: 3KB - Virtual size: 2KB

.ips4 Size: 34KB - Virtual size: 34KB

.rsrc Size: 88KB - Virtual size: 88KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 22KB - Virtual size: 21KB

.ips1
Size: 6KB - Virtual size: 5KB

.ips2
Size: 512B - Virtual size: 88B

.read
Size: 1024B - Virtual size: 96KB

.ips3
Size: 512B - Virtual size: 192B

.data
Size: 3KB - Virtual size: 2KB

.ips4
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 88KB - Virtual size: 88KB

.reloc
Size: 2KB - Virtual size: 1KB