1b024d9eedff8e12ef4eca977e5ba793_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b024d9eedff8e12ef4eca977e5ba793_JaffaCakes118
Size

123KB
MD5

1b024d9eedff8e12ef4eca977e5ba793
SHA1

8ecb40643bc9ce4cd3e2d5eae7cbdff65ff1b8da
SHA256

65a4425f931721cc999c42ca3331e87f9bc9389af152ee31d8d8f47df692bd4d
SHA512

7fcad53c7dfa4e041784c6170dbcdf43f24792f9bbd660d0c726592e496abda9190d982071fe1aae61190e7a7b2ab5b0756a654e83ed38e589c3b5474e57b61d
SSDEEP

3072:vchVOHhM4rpcbJPN3UdWD3YG0M+ek3I3D7:k0MPbJ+E01Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b024d9eedff8e12ef4eca977e5ba793_JaffaCakes118

Files

1b024d9eedff8e12ef4eca977e5ba793_JaffaCakes118
.dll windows:5 windows x86 arch:x86

35e8cb5bfb36011389fb263411366d0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

S:\KkYykeGejkiYflyEd\fZmwliWtbzz\ehaLpeaAoXzczvizgoa\klelckvldvsmwUQXlbQ\djiBsfwxhbuv\lgTabxnPhgKzhvi.pdb

Imports

shell32

ord196
ord195

comdlg32

GetSaveFileNameW
GetOpenFileNameA
ReplaceTextW
ChooseColorW

kernel32

DeleteFileW
ReleaseMutex
SetSystemTimeAdjustment
GetFileSize
GlobalFlags
GetModuleHandleW
GetCompressedFileSizeW
HeapLock
RaiseException
DeleteFileA
lstrcpyW
GetSystemTimeAsFileTime
DefineDosDeviceW
ReadFile
FindResourceExW
LoadLibraryExA

gdi32

Rectangle
LineTo
GetObjectA
BitBlt
CreatePen
GetFontData
CreateRectRgn
SetROP2
GetTextExtentPointA
CreateFontA
GetTextAlign
StartDocW
GetViewportOrgEx

shlwapi

StrChrIW

user32

SetParent
IsIconic
GetMessageTime
EqualRect
SendNotifyMessageW
EnumChildWindows
GetMenuItemRect
GetClientRect
EnumThreadWindows
LoadMenuA
CreateWindowExW
CreateCaret
RedrawWindow
DrawFrameControl
CopyRect
GetDlgItemInt
LoadBitmapW
CreateIconFromResource
GetClassInfoExA
InSendMessage
GetWindowTextA
ArrangeIconicWindows
GetWindowTextW
SetWindowLongW
RegisterClassW
SetTimer
IsCharAlphaW
CreateDialogIndirectParamW
InternalGetWindowText
CharUpperW

Exports

Exports

AlphaBlend
?DufiluIOQF67uiofYIFYfUFyf@@YGKEPA_WG@Z

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

35e8cb5bfb36011389fb263411366d0c

Headers

File Characteristics

PDB Paths

Imports

shell32

comdlg32

kernel32

gdi32

shlwapi

user32

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 28KB - Virtual size: 28KB

.mdata Size: 11KB - Virtual size: 11KB

.data Size: 15KB - Virtual size: 154KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 28KB - Virtual size: 28KB

.mdata
Size: 11KB - Virtual size: 11KB

.data
Size: 15KB - Virtual size: 154KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1KB - Virtual size: 1KB