149c5f12ad3c517f62ec897da1a40873_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

149c5f12ad3c517f62ec897da1a40873_JaffaCakes118
Size

154KB
MD5

149c5f12ad3c517f62ec897da1a40873
SHA1

758efb747236d86fb33b2705cb4b2c863d272866
SHA256

fddca8cc4dda2e778db6e87ff8cbbb5c40d67d0318027e67f0f14ac6bd5e13d3
SHA512

197bb36de11873127e247c2776a97a70f066257fc1e81ceceb8d301a428eff6ac1071969055b30d6c28903d6d5e6c3dd2c7fbcc897af3fc2edac3ad12132de79
SSDEEP

3072:ai+mtHR3zFW07t9GFTkZGJYw+7Rd28r2LCTyLJHyKVx5S+64Y0W8Evghd:a85Rbt9GwH3dY8oLJSKTz6zvghd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
149c5f12ad3c517f62ec897da1a40873_JaffaCakes118

Files

149c5f12ad3c517f62ec897da1a40873_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9a1c5f512834609bc13ed5a152b0d539

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\buYankftfLxz\cjVSfwsuaypgn\kndjnicxythYt.pdb

Imports

ntdll

memset

comdlg32

CommDlgExtendedError
PrintDlgW
GetOpenFileNameA

msvcrt

exit

comctl32

ImageList_LoadImageW
ImageList_Remove
ImageList_ReplaceIcon

gdi32

CreatePenIndirect
GetFontData
CreateEllipticRgnIndirect
CreateHalftonePalette
StartPage
GetRgnBox
SetPaletteEntries
SetViewportExtEx
SetPixel
MoveToEx
Ellipse
RealizePalette

kernel32

GetModuleHandleA
GetHandleInformation
TlsGetValue
FindResourceW
lstrlenW
GetComputerNameW
lstrcpyA
OpenEventW
IsBadReadPtr
GlobalFindAtomW
GetBinaryTypeW
DeleteFileW
lstrcatA
EnumSystemLocalesA
GetThreadPriority
CompareStringW

shlwapi

ChrCmpIW
UrlGetPartW

user32

SwitchToThisWindow
FindWindowExA
CharLowerW
RegisterClassExA
RemovePropW
DeleteMenu
CharToOemBuffA
GetShellWindow
ExitWindowsEx
EndDialog
GetScrollRange
DialogBoxIndirectParamA
GetTopWindow
GetFocus
CopyImage
DispatchMessageW
EnumChildWindows
CheckRadioButton
LoadIconA
DestroyWindow
CharNextW
SendMessageTimeoutA
MessageBoxExW
CreateDialogIndirectParamW
DestroyCursor
LoadCursorW
AllowSetForegroundWindow
GetClassInfoExW

Exports

Exports

?lEAZ_YMKRX@@YGXPAEPAE@Z
?__fxrvKYE___J_PytU_@@YGPADPAF@Z
?eqdEO_vto_NWLJ__V_er@@YGPAHED@Z
?IKwkIUYN_A__UHzwcxL@@YGXF@Z
?GA_HQGvvw@@YGFJPA_N@Z
?TVg_pnegQIAP___JNF@@YGPAMFPAD@Z
?fttozqizrvc_BGW@@YGPADPAEG@Z
?TSB_lriqjzuqu@@YGXK@Z
?gl_yglKBQG_fqTCPK_ROM@@YGPANGPAN@Z
?___Gfug_odZBKDFPI_K@@YGX_N@Z
?Y_I_WOPIAjrFBL_NA_E_P@@YGXPAEPAI@Z
?___HDXYJXNO_@@YGGK@Z
?TUCL__Zrw@@YGPANI@Z
?kydffPHMs_udewQ__I@@YGIPAD@Z
?FZIQG_TFD_KRj_sjbmzbot@@YGHPAJ@Z
?K_Tdtueh_pb_bFeitdnqe_@@YGKPAGD@Z
?qcpnPWZKQghg__j_R_@@YGJPAEK@Z
?SCOXOY_S_Q_K_TSQ@@YGXG@Z
?phlst_q@@YGPAXPAE@Z
?CEG_NQ_E_Wg_maHSR@@YGPAKPAFD@Z
?AMH_LBM_UZNllc@@YGHI@Z
?itvyboyNMH_D_ND_phldt@@YGXPA_NPAG@Z
?ZnRX_OJCDUBDWF_I@@YGXPAF_N@Z
?_R_WmfrbgDL@@YGX_NN@Z
?VX_PLlcpwh_KB_OTSEA@@YGHPAJPAF@Z
?_xdqlnF_GTC@@YGDFK@Z
?_T_WPI_____XM_F@@YGDI@Z
?myX___QXIJ_STX_XtdkDK@@YGPAFPAKH@Z
?RZ___EU_JHAFJIJL@@YGPAGHPAE@Z
?W__MAKVsy@@YGJI@Z
?jnbmv__Omsve__rAT@@YGPADPAMF@Z
?KL_F__QYLP_KQIerm@@YGPAXPAN@Z
?lcuK_y_g_o_g@@YGEI@Z
?TG_CSTBU@@YGFPAMG@Z
?DG_VIEXTY_Nc@@YGPAKM@Z
?_ug_jzzx_i_V@@YGPAXPAD@Z
?qruUVHJEo_x_ranl@@YGPAFPAK@Z
?pjiZPObwqnbv_avqnw_hU@@YGXF_N@Z
?JCSABN_zgtiftcmmmw@@YGDG@Z
?boa_wfBF@@YGXH_N@Z
?u_l__bzvEZGR@@YGPAJPAN@Z
?jd_y_jiUSQMQxPSxtMA_PA@@YGMDPAK@Z
?_IVO_WMMDQuj__uWJ@@YGXPAG@Z
?z__eqcjmqgvvnzcu@@YGPAXF@Z
?_ilFWsynXFJISFSm_@@YGEH@Z
?uiqrzwypej@@YGPAJK@Z
?howeu_aam__v@@YGGN@Z
?wqk_niql_r@@YGKDH@Z
?rufjqOAZZslRC_QB@@YGXPAD@Z
?WTKAV_BLRGVWO@@YGXKPAG@Z
?TESPRJRD@@YGIM@Z
?g_xSHNA_Xh@@YGFNM@Z
?_KJu__F__ZMLS@@YGH_NJ@Z
?BOOirexO_EMRBY_Xl_l@@YGHGK@Z
?irbzUZF_d_@@YGXPAD@Z
?_himhvgpZQSIM@@YGGPAD@Z
?_FIMEGXPK___CHSNKAEco@@YGPAMJ@Z
?Znd_nb_rsk_d_al@@YGKGPAM@Z
?_bhdqyY_Wwri__oOESA@@YGKPA_NI@Z
?hiqWR_RuQN@@YGIJF@Z
?nwDTNJO_AS__KF_SMKDRT@@YGDPAKJ@Z
?__ZUPY_tkYAOG_M_EZPg@@YGGE@Z
?_RLW_QOAYHcYMLPEUCCH@@YGPAKPA_N@Z
?i_demkk_K@@YGXF@Z
?F_O_MJpvdwb____DRUen@@YGPAIEH@Z
?__hlhNSLSKgoemivejT@@YGPAGD@Z
?Jwebd_ekrddbil_w__r@@YGMPAE@Z
?ZBJCPGHH_KjgjCMU_@@YGPAXPAIPAM@Z
?_N___XKIJ_N__@@YGPAEM@Z
?__BD_T_t@@YGPAKPAHPAM@Z
?EJ___tp@@YGPAMEI@Z
?jc___r_Ifvwl_vlI_O_@@YGIJN@Z
?_pxqvSMHOJLI@@YGPAGMPAH@Z
?L_K__PXS_JZDQZh_dq_@@YGPAD_NPAG@Z
?LZL_I__@@YGXM@Z
?L_uO_Dmw_ybSL_P_@@YGPANPA_N@Z
?__ycul_kD@@YGPAFJJ@Z
?KSC_QBfnczkl_@@YGPAKPAIK@Z
?ezyedf__xX@@YGXPAIPAK@Z
?M_xbkoOLJSo_GR_LH_VG@@YGGPAJPAK@Z
?HTOEY_YL_BG_@@YGFEI@Z
?__U_EDDSv@@YGGPAD@Z
?tEVIXqycdi@@YGMPAD@Z
?bn___f_JXNAhhiZ@@YGJDH@Z
?nnlJNXJ__A_t_jb@@YGGK@Z
?eocvnrz__h_ayex@@YGEH@Z
?_Yze_azqviN_TOSVMZ@@YGJEJ@Z
?bw_baHLJ_DI_TDCHRetd@@YGKPAHPAM@Z
?c_oCutcdzZJXBGURJ_@@YGDKPAD@Z
?LF_JRDi_o_@@YGNN@Z
?jWNDvgpWNA_K@@YGJH@Z
?ZL_P_BO__luy_sg@@YGXK@Z
?pxakLEFB__B_QUFzaz_@@YGPAXPAG@Z
?PBQ_Q__MCKKUUO_agf@@YGPAHNPAJ@Z
?__qlbOHciruLK@@YGMGPAJ@Z
?W__R_T_ECQY_UAG__MJ_X@@YGKKPAH@Z
?_kmv_A__TT__Q_G_@@YGHHI@Z
?dZW_D_FKQRkbij_ldn_fqm@@YGPAKIG@Z
?hzny__bUYY_PDndlo_@@YGPADDJ@Z
?JPRPrqw_xq@@YGPAXPAFG@Z
?_KE_F_UF_Ny_@@YGPAXD@Z
?oxiiVH_E@@YGPAK_N@Z
?KZFP_mxg_fn_@@YGPAJPAG@Z
?__KispY@@YGXGK@Z

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data1
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data2
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.strs
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ldata
Size: 1024B - Virtual size: 604B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a1c5f512834609bc13ed5a152b0d539

Headers

File Characteristics

PDB Paths

Imports

ntdll

comdlg32

msvcrt

comctl32

gdi32

kernel32

shlwapi

user32

Exports

Exports

Sections

.text Size: 86KB - Virtual size: 86KB

.itext Size: 512B - Virtual size: 296B

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 4KB - Virtual size: 3KB

.data1 Size: 512B - Virtual size: 408B

.data2 Size: 512B - Virtual size: 458B

.strs Size: 512B - Virtual size: 512B

.crt Size: 10KB - Virtual size: 10KB

.ldata Size: 1024B - Virtual size: 604B

.data Size: 40KB - Virtual size: 117KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 86KB - Virtual size: 86KB

.itext
Size: 512B - Virtual size: 296B

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 4KB - Virtual size: 3KB

.data1
Size: 512B - Virtual size: 408B

.data2
Size: 512B - Virtual size: 458B

.strs
Size: 512B - Virtual size: 512B

.crt
Size: 10KB - Virtual size: 10KB

.ldata
Size: 1024B - Virtual size: 604B

.data
Size: 40KB - Virtual size: 117KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB