09264475ef8e410dedc1334dfb8d870a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

09264475ef8e410dedc1334dfb8d870a_JaffaCakes118
Size

142KB
MD5

09264475ef8e410dedc1334dfb8d870a
SHA1

0243f856fe69dfd16b025893291da70e6490ffa7
SHA256

dc4ebb720a6bdfdacd1160eb4d7812cdb46c3198219a4ad33898b219525e411a
SHA512

7086a179bab334d061e7817320756fe7719fb8b20835330970f1f8b2af8262f6ec7f87da5260c572669f09c280afcb8840fd858c5b985cbd04fdc19b288258b1
SSDEEP

3072:rKo8G4yOHg4/zOEN9UlUwYH1JbRwYwY3gFEAKrhu/7:r6lHFzOELwUwYHnqYwOQ+MT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
09264475ef8e410dedc1334dfb8d870a_JaffaCakes118

Files

09264475ef8e410dedc1334dfb8d870a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

06ae2df2a17e703e23e2975658a76de9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\xEuZTcyJGhgIzTxt\OjmwtMkPOGn\rvuklJgNdDeeZWmCt\EattGqVrxPUovxa\spsldVrnlqdouDbJ\pdncfbHlSprdwov\mDnsifmLOqywMpqvzuk.pdb

Imports

comctl32

PropertySheetA
InitCommonControlsEx

shlwapi

ChrCmpIA
PathSearchAndQualifyA
StrToIntA
StrFormatByteSizeA

user32

MessageBoxExA
MonitorFromPoint
GetAsyncKeyState
GetSubMenu
GetSystemMetrics
SetCursorPos
GetKeyboardLayout
ArrangeIconicWindows
SetClassLongW
mouse_event
BringWindowToTop
LookupIconIdFromDirectory
LoadMenuA
GetMenuItemInfoW
DestroyCaret
DrawStateW
GetClassNameW
CascadeWindows
CreatePopupMenu
IsDialogMessageA
WindowFromPoint
GetMonitorInfoW
GetMessagePos
IsZoomed
SendMessageTimeoutA
LoadBitmapW
SetWindowLongW
SetSysColors
EnumChildWindows

kernel32

GetSystemDirectoryW
GetProcessHeap
GetStartupInfoA
CreateEventA
FindFirstFileA
SetCommTimeouts
GlobalMemoryStatusEx
FlushFileBuffers
lstrcmpiW
GetThreadContext
lstrlenW
GlobalMemoryStatus
PulseEvent
EnumResourceTypesA
HeapAlloc
EnumSystemLocalesA
WaitForSingleObject

gdi32

GetSystemPaletteEntries
StartDocW
PtVisible
OffsetRgn
SetLayout
CreateFontIndirectA
CreateDIBSection
LineTo
GetROP2
MoveToEx
GetTextMetricsW
GetTextExtentPointA

comdlg32

GetSaveFileNameA
GetOpenFileNameW

Exports

Exports

?WQz_davt_hU_S_DCA___L@@YGDMK@Z
?BEuLQR__CJwmmrdJO_B@@YGII@Z
?rhy__kl@@YGPAXPAGD@Z
?GL_MN_SOPSx_gqhkD_BM_@@YG_NK@Z
?oosxEURVktz_ndd_pSBG_z@@YGXG@Z
?N_MOZNj_v_ioxhdbeogbj@@YGGHD@Z
?v_foqvoq_@@YGPAN_N@Z
?gaXRYiqtnpkkgsfwd_l@@YGNHF@Z
?tLmn_nfgt_DnkgfhM@@YGFE@Z
?S_IUVHMFYHoy__go_@@YGPAFH@Z
?KF_TIP_@@YGPAGM@Z
?_auyipo_leOZY__PIUTQZ@@YGPAXHPAD@Z
?_mIYGUTO__KUY_y_f@@YGPA_NPA_NH@Z
?vkoep_fx_npapm_emjh_@@YGXG@Z
?GC_HseewajFYMV@@YGNK@Z
?f_fpe_bzeUDY_RCC@@YG_NK@Z
?iKMJAWO_EQQ_AGRolt_j@@YGGPAK@Z
?lk__XBIOUU@@YGXPAD@Z
?AFQVLDBT_S___RG@@YGXPAFI@Z
?_b_elXSBYH_ryd_@@YGJGPAH@Z
?OJI_FLEK@@YGMKPAM@Z
?jb_v_grve_tAHS@@YGPAFPAKH@Z
?_jj__u_JLC@@YGID@Z
?PCZRCPIEVKJVQ@@YGJK@Z
?wuymlm_ugzK_EJCK_UI@@YGGE@Z
?rdoxgvgqnbt_sb@@YGNE@Z
?o_dtfDqqzk_@@YGIPAKPAN@Z
?F__OLam@@YGPADPAN@Z
?Q__AIAB_rsrtchkv_hf_ss@@YGJN@Z
?ri_pniEJX_ogaPx@@YGXPAE@Z
?yxsaqg_xv__m@@YGPAXIG@Z
?THRQUCYB@@YGXPAG@Z
?r__rjeW@@YGGF@Z
?HEJ_WwxaRMWA@@YGPAXPAK@Z
?KIsDWcN___EJ@@YGNDPA_N@Z
?QBkUQQijcnD@@YGPAMDK@Z
?Z____F_a_BMZEM____T_QN@@YGPANJPAD@Z
?I_UGBadlcqFQF_ZS@@YGHK@Z
?mnamrhohNLDKQCg__avf_@@YGENI@Z
?_hw_m_xDURC_HXBPFYGP@@YGKIE@Z
?wf__bjjnuOHJFZD_@@YGPAXN@Z
?sc_kH_ERCO_JA_URp_tb@@YGDG@Z
?HILDYBCdtrkV_@@YGKPADPAD@Z
?_n_x__fxFBQ_PQGH__j@@YGJM@Z
?AE_k___AcoXC_J_@@YGJPAMM@Z
?AC_EYTQENZDxuaecHYDv@@YG_NPAF@Z
?o_SFDQool__MSC_KI@@YGMPAKM@Z
?_lfy_eywn__@@YGXJ@Z
?xtezufhqJ@@YG_NPAG@Z
?tlyq_zJOOZv___s@@YGFH_N@Z
?p_tWS_JOZSGMHvmPO@@YGPAXPAD@Z
?bteZDXWlzee__ythx@@YGHG@Z
?tvq_jpopdqznuQC__V_WXE@@YGEI@Z
?IEOITNR_G_S_JFYDYG__D@@YGPAJK@Z
?FH_jguBJvz@@YGJEPAJ@Z
?txktkQPW_FKEQ@@YGJH_N@Z
?MRPTGMQRM_T_S_cj_dz@@YGPAXHPAH@Z
?AIW_KAPRTIG_GNJ@@YGPAJJPAF@Z

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 34KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 503B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

06ae2df2a17e703e23e2975658a76de9

Headers

File Characteristics

PDB Paths

Imports

comctl32

shlwapi

user32

kernel32

gdi32

comdlg32

Exports

Exports

Sections

.text Size: 89KB - Virtual size: 88KB

.data Size: 34KB - Virtual size: 190KB

.idata Size: 14KB - Virtual size: 14KB

.rdata Size: 512B - Virtual size: 503B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 89KB - Virtual size: 88KB

.data
Size: 34KB - Virtual size: 190KB

.idata
Size: 14KB - Virtual size: 14KB

.rdata
Size: 512B - Virtual size: 503B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 2KB