02e9dd67e7dd02467621104b94784af2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

02e9dd67e7dd02467621104b94784af2_JaffaCakes118
Size

456KB
MD5

02e9dd67e7dd02467621104b94784af2
SHA1

4a0a443aa00c7baf03b11e2e250d5297953b11c2
SHA256

9d23e5d8fd391ff58fd82734bb68cb4f0131d67c66649d07a335a4102917525b
SHA512

54f29511e6925cba6413db31ee6c4a2117ea67d037873862c423aab63d77aa1b4843fcb52176c92277c5a99c623d676d61ebdae806ff603e5ecaab5ea81df0f2
SSDEEP

12288:J39HiWCJtG3QwJKw7cU5DYsINVoyc8p7r:J1mJtGAwAw7ceD5IzX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
02e9dd67e7dd02467621104b94784af2_JaffaCakes118

Files

02e9dd67e7dd02467621104b94784af2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

56b47686e17fcc3a892c65198c03cf0a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??3@YAXPAX@Z
??2@YAPAXI@Z
_except_handler3

kernel32

GetModuleHandleW
GetWindowsDirectoryW
GetModuleFileNameW
FreeLibrary
GetProcAddress
LoadLibraryW
TlsFree
InterlockedDecrement
TlsSetValue
InterlockedIncrement
TlsAlloc
TlsGetValue
CreateFileW
CloseHandle
FormatMessageW
GetLastError
GetFileAttributesW
lstrcpyW
TerminateThread
CreateThread
SetLastError
WriteFile
lstrlenA
GetSystemDefaultUILanguage
GetOEMCP
FreeResource
SizeofResource
LoadResource
FindResourceW

user32

EnableWindow
PostMessageW
WinHelpW
EndDialog
wsprintfA
SetDlgItemTextW
GetKeyboardLayout
InsertMenuW
wsprintfW
MsgWaitForMultipleObjects
SetWindowLongW
GetWindowLongW
LoadImageW
LoadIconW
GetDlgItem
GetClientRect
SendMessageW
DestroyIcon
SendDlgItemMessageW
LoadStringW
LoadStringA
DialogBoxParamW
GetSystemMetrics
PeekMessageW

ole32

ReleaseStgMedium

shlwapi

StrToIntW
StrToIntA
ord219
PathAppendW
PathBuildRootW
StrCatW

shell32

DragQueryFileW
SHChangeNotifySuspendResume
SHChangeNotify
ord155
SHGetFileInfoW
ord182
SHParseDisplayName
ShellExecuteW

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj5
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj50
Size: 512B - Virtual size: 194B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj51
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj52
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj53
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj54
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj55
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fhj56
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fhj57
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fhj58
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.fhj59
Size: 512B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.1231
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JAKS
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.GAHS
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HAJS
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.HnJS
Size: 512B - Virtual size: 198B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SKALS
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SKAkS
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SfAkS
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.8AUqj
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.8AUq8
Size: 512B - Virtual size: 202B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JAHQK
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.JAHSK
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 324B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56b47686e17fcc3a892c65198c03cf0a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

ole32

shlwapi

shell32

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 3KB

.fhj5 Size: 512B - Virtual size: 192B

.fhj50 Size: 512B - Virtual size: 194B

.fhj51 Size: 512B - Virtual size: 228B

.fhj52 Size: 206KB - Virtual size: 205KB

.fhj53 Size: 206KB - Virtual size: 205KB

.fhj54 Size: 512B - Virtual size: 196B

.fhj55 Size: 512B - Virtual size: 204B

.fhj56 Size: 512B - Virtual size: 208B

.fhj57 Size: 512B - Virtual size: 202B

.fhj58 Size: 512B - Virtual size: 228B

.fhj59 Size: 512B - Virtual size: 206B

.1231 Size: 512B - Virtual size: 208B

.JAKS Size: 512B - Virtual size: 208B

.GAHS Size: 512B - Virtual size: 204B

.HAJS Size: 1024B - Virtual size: 588B

.HnJS Size: 512B - Virtual size: 198B

.SKALS Size: 512B - Virtual size: 208B

.SKAkS Size: 512B - Virtual size: 216B

.SfAkS Size: 512B - Virtual size: 236B

.8AUqj Size: 512B - Virtual size: 202B

.8AUq8 Size: 512B - Virtual size: 202B

.JAHQK Size: 512B - Virtual size: 160B

.JAHSK Size: 512B - Virtual size: 162B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 512B - Virtual size: 324B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 3KB

.fhj5
Size: 512B - Virtual size: 192B

.fhj50
Size: 512B - Virtual size: 194B

.fhj51
Size: 512B - Virtual size: 228B

.fhj52
Size: 206KB - Virtual size: 205KB

.fhj53
Size: 206KB - Virtual size: 205KB

.fhj54
Size: 512B - Virtual size: 196B

.fhj55
Size: 512B - Virtual size: 204B

.fhj56
Size: 512B - Virtual size: 208B

.fhj57
Size: 512B - Virtual size: 202B

.fhj58
Size: 512B - Virtual size: 228B

.fhj59
Size: 512B - Virtual size: 206B

.1231
Size: 512B - Virtual size: 208B

.JAKS
Size: 512B - Virtual size: 208B

.GAHS
Size: 512B - Virtual size: 204B

.HAJS
Size: 1024B - Virtual size: 588B

.HnJS
Size: 512B - Virtual size: 198B

.SKALS
Size: 512B - Virtual size: 208B

.SKAkS
Size: 512B - Virtual size: 216B

.SfAkS
Size: 512B - Virtual size: 236B

.8AUqj
Size: 512B - Virtual size: 202B

.8AUq8
Size: 512B - Virtual size: 202B

.JAHQK
Size: 512B - Virtual size: 160B

.JAHSK
Size: 512B - Virtual size: 162B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 512B - Virtual size: 324B