1b0f2bb8de07991c9f86b9836968bb0a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1b0f2bb8de07991c9f86b9836968bb0a_JaffaCakes118
Size

544KB
MD5

1b0f2bb8de07991c9f86b9836968bb0a
SHA1

1b53a86d713bc5aa61113167a743a12c618f3d5c
SHA256

ea2026144ee95f3be8a609d1953bc3f9f5c8773cdb8074e2f58a7a269aeb1f77
SHA512

647454ac32fabc98bd089072c8a98bb0d0bbc4bbc8f9cabaf98f447dbf72741ecbd96707e64b4a813a5e64c7e80dd24ea02db85f41211d8816b8368b82081202
SSDEEP

12288:rUkJi1wPIKJAZXa1mdW3phpQae1Y3ghUj:ewPcEmdW3JQj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b0f2bb8de07991c9f86b9836968bb0a_JaffaCakes118

Files

1b0f2bb8de07991c9f86b9836968bb0a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3ba82db3b23a92ba955df5b93cc61dbe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\ljq.PDB

Imports

user32

GetPropA
GetWindowPlacement
SetUserObjectInformationW
EndTask
EnumDesktopsA
SetWindowLongW
SetMenuDefaultItem
RegisterClassA
GetMessageA
CreateDesktopW
GetClassNameA
ClientToScreen
SetWindowTextW
CheckDlgButton
GetKeyboardLayoutList
CharToOemBuffW
CreateCursor
CharUpperBuffW
VkKeyScanW
EnumDesktopWindows
GetKBCodePage
IsIconic
RegisterClassExA
wsprintfW
ClipCursor

kernel32

GetLastError
OpenMutexA
VirtualProtect
TlsFree
GetTimeFormatA
HeapReAlloc
VirtualQuery
TlsGetValue
GetUserDefaultLCID
IsValidCodePage
RtlUnwind
GetCurrentThread
GetModuleFileNameA
SetEnvironmentVariableA
FlushFileBuffers
GetSystemTimeAsFileTime
GetEnvironmentStringsW
GetProcAddress
HeapDestroy
IsValidLocale
InterlockedExchange
GetStringTypeA
VirtualFree
GetCurrentProcessId
VirtualAlloc
GetCurrentProcess
WaitCommEvent
HeapFree
GetTimeZoneInformation
HeapSize
SetHandleCount
SetFilePointer
TlsSetValue
ReadFile
HeapAlloc
GetStartupInfoW
TerminateProcess
LCMapStringW
GetDiskFreeSpaceW
GetModuleFileNameW
LCMapStringA
TlsAlloc
GetCurrentThreadId
LoadLibraryA
EnumSystemLocalesA
WriteFile
CompareStringW
GetStringTypeW
GetVersionExA
UnhandledExceptionFilter
LeaveCriticalSection
SetStdHandle
GetStringTypeExW
SetThreadLocale
FreeEnvironmentStringsW
GetSystemInfo
GetOEMCP
GetCommandLineA
InitializeCriticalSection
GetCommandLineW
ExitProcess
HeapCreate
GetEnvironmentStrings
SetLastError
WideCharToMultiByte
CompareStringA
lstrcmpiW
GetModuleHandleA
GetACP
CreateMutexA
EnterCriticalSection
GetStdHandle
GetFileType
GetCPInfo
GetLocaleInfoA
MapViewOfFile
DeleteCriticalSection
GetStartupInfoA
MultiByteToWideChar
GetTickCount
GetDateFormatA
QueryPerformanceCounter
CloseHandle
GetLocaleInfoW
FreeEnvironmentStringsA
IsBadWritePtr

comctl32

ImageList_SetFilter
ImageList_Replace
ImageList_GetFlags
ImageList_AddMasked
ImageList_DrawIndirect
ImageList_SetOverlayImage
ImageList_SetIconSize
ImageList_Destroy
ImageList_DragLeave
ImageList_Read
ImageList_GetImageCount
CreateUpDownControl
ImageList_Create
InitCommonControlsEx
ImageList_Write
ImageList_Draw
CreatePropertySheetPageA
ImageList_SetImageCount
CreateStatusWindowW
DrawStatusTextA
ImageList_ReplaceIcon
ImageList_Add
CreateToolbarEx
ImageList_SetFlags
InitMUILanguage

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ba82db3b23a92ba955df5b93cc61dbe

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

Sections

.text Size: 160KB - Virtual size: 159KB

.rdata Size: 256KB - Virtual size: 253KB

.data Size: 112KB - Virtual size: 131KB

.rsrc Size: 12KB - Virtual size: 9KB

.text
Size: 160KB - Virtual size: 159KB

.rdata
Size: 256KB - Virtual size: 253KB

.data
Size: 112KB - Virtual size: 131KB

.rsrc
Size: 12KB - Virtual size: 9KB