189b149aad4627aae94506a8c9d8d244_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

189b149aad4627aae94506a8c9d8d244_JaffaCakes118
Size

123KB
MD5

189b149aad4627aae94506a8c9d8d244
SHA1

64681d3f61cb3f07d00007bab4cdb8e46a2ff89b
SHA256

9977f78ae83ea611a3b1b68b0b2ea0e7be63557b1653f4032fed1efeb2f6c551
SHA512

880eb6a522388242bb52b6e598b669076750bbb67aa1fcfb293250b4f0a9848ba1e527cc0080b401cfe803dfb923d99c080b0a25a4fb51728a1361b69f24544f
SSDEEP

1536:y9AI8bGAynECDG++oIQhoLySGWcWa1/odlcZS9GHwQTorIffA9gmhhCMQ+yhw+br:y9CG7RDXkB0cPQTKg+hCpRO+j1sBE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
189b149aad4627aae94506a8c9d8d244_JaffaCakes118

Files

189b149aad4627aae94506a8c9d8d244_JaffaCakes118
.dll windows:5 windows x86 arch:x86

dc15668dae5b35ec9ed4e0081d4dd35f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\wbYpduaryiswt\joyqePlfheHVmlYUDnd\XlrdfzytgRe\uqrcjzUtxgKBQxpfckbR\ZbYVrktmGrrwq\YNvcZqHuKzScpbNEoAy\jglVsxfaialZdlpM.pdb

Imports

comdlg32

GetSaveFileNameA
PrintDlgExW
GetFileTitleW

kernel32

FindResourceExW
GetLocaleInfoA
GetProcessHeap
OpenFileMappingW
HeapFree
GetLongPathNameW
CancelWaitableTimer
LocalLock
GetModuleHandleW
FindResourceW
DeleteCriticalSection
GlobalFree
lstrcpynW
HeapAlloc
WaitForSingleObject
GetCurrentThreadId
GetAtomNameA
EnumResourceTypesA

gdi32

PtVisible
DeleteDC
GetWindowOrgEx
CreateICW
SetWindowOrgEx
RestoreDC
EnumFontFamiliesW
CreateFontIndirectA
BitBlt
IntersectClipRect
GetDIBColorTable
CreateFontW
SetBitmapBits

user32

CreateMenu
SetWindowRgn
GetKeyboardLayoutNameW
GetSystemMetrics
GetUpdateRgn
GetParent
ShowCursor
DefDlgProcW
LoadBitmapA
keybd_event
TranslateAcceleratorA
CreateWindowExW
DefFrameProcA
SetDlgItemTextW
CharUpperBuffA
GetUpdateRect
SetPropW
EnableScrollBar
DispatchMessageA
IsCharLowerA
GetPropW
FindWindowW
ClipCursor
GetCursorPos
GetMenuStringW
GetWindow
CreatePopupMenu
GetTopWindow
AttachThreadInput
wsprintfA

shlwapi

StrCpyNW
StrChrNW

Exports

Exports

AlphaBlend
?DufiluIOQF67uiofYIFYfUFyf@@YGKEPA_WG@Z

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc15668dae5b35ec9ed4e0081d4dd35f

Headers

File Characteristics

PDB Paths

Imports

comdlg32

kernel32

gdi32

user32

shlwapi

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 28KB - Virtual size: 28KB

.mdata Size: 12KB - Virtual size: 11KB

.data Size: 15KB - Virtual size: 154KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 28KB - Virtual size: 28KB

.mdata
Size: 12KB - Virtual size: 11KB

.data
Size: 15KB - Virtual size: 154KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1KB - Virtual size: 1KB