1b78d46c12c0c5f39004137f166fbcc8_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1b78d46c12c0c5f39004137f166fbcc8_JaffaCakes118
Size

285KB
MD5

1b78d46c12c0c5f39004137f166fbcc8
SHA1

5f81a03ba5a2f732bdff80595a35685da13fb005
SHA256

20a4ed4bc12e45ac3dff1f9267867ac20f786ac7b43f79dacfd86a8730851069
SHA512

4b2d9c1aca88d05c794b9d707b30141af2b2f5956595659808c5276502c6320861f9b36f20a08fc01fc56345b04910b55f8996afcaaf7e41fd27d16981c5f637
SSDEEP

6144:CXct0ylYtHBAEl4mC6aFITw59Pepn5HrrVliZqH+:CMllMHBAeC6aF4wP+5P6u+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b78d46c12c0c5f39004137f166fbcc8_JaffaCakes118

Files

1b78d46c12c0c5f39004137f166fbcc8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1b0ec115526a3ffb7ba5c4926f851a95

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetPropW
SetActiveWindow
ValidateRect
SetMenuItemBitmaps
CopyRect
DispatchMessageA
IsDialogMessageA
ReleaseDC
CloseWindow
OpenIcon
SetSysColors
GetMenuItemCount
IsWindowEnabled
CreatePopupMenu
VkKeyScanW
BeginPaint
SetWindowRgn
GetDC
GetMenuState
SetWindowLongW
GetMessageA
GetSystemMenu
TranslateMessage
EndPaint
GetFocus
DrawTextW
IsWindowVisible
SetWindowContextHelpId
TabbedTextOutW
MoveWindow
GetWindowContextHelpId
TranslateAcceleratorW
PeekMessageA
AppendMenuA
DrawMenuBar
BroadcastSystemMessageW
OpenInputDesktop
InsertMenuA
TileChildWindows
GetSubMenu
CopyImage

gdi32

DeleteMetaFile
GetMiterLimit
SetDIBitsToDevice
GetObjectW
SelectPalette
CreateRoundRectRgn
DeleteObject
CreateDiscardableBitmap
Escape
SetTextAlign
CreateCompatibleDC
GetBrushOrgEx
GetBkMode

msvcrt

wcscspn
rand
strstr
strpbrk
srand
wcstod
memset

crypt32

CertCloseStore
CertFreeCertificateContext
CertOpenStore

psapi

GetModuleFileNameExA
GetModuleBaseNameW
EnumProcessModules
EnumProcesses

dbghelp

SymSetOptions
SymGetModuleInfoW
SymGetModuleInfo

kernel32

GetStringTypeExW
ContinueDebugEvent
GetOEMCP
GetAtomNameW
LoadLibraryA
WriteProfileSectionA
GetFileSize
HeapSize
lstrcpynW
SetHandleInformation
GetStartupInfoW
GetTimeFormatA
EnumResourceNamesA
LocalReAlloc
lstrlenW
HeapFree
HeapAlloc
WaitForSingleObject
GetTickCount
IsDBCSLeadByte
GetModuleHandleA
FindClose
GlobalDeleteAtom
SetErrorMode
MoveFileExA
GetNextVDMCommand
UnmapViewOfFile
LocalUnlock
GetDriveTypeA
GlobalFlags
OpenEventW
GetCommandLineW

shell32

CommandLineToArgvW

Exports

Exports

_DwH_nqeo_xto_fq@8
_ModifyRegistry@8
_NTL_hys_sxlaW_Di@8
_SaveRegistry@12
_JjP_Lbb_tav@4

Sections

.code
Size: - Virtual size: 279KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1b0ec115526a3ffb7ba5c4926f851a95

Headers

File Characteristics

Imports

user32

gdi32

msvcrt

crypt32

psapi

dbghelp

kernel32

shell32

Exports

Exports

Sections

.code Size: - Virtual size: 279KB

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 6KB - Virtual size: 6KB

.cdata Size: 512B - Virtual size: 512B

.rsrc Size: 250KB - Virtual size: 249KB

.reloc Size: 1024B - Virtual size: 630B

.code
Size: - Virtual size: 279KB

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 6KB - Virtual size: 6KB

.cdata
Size: 512B - Virtual size: 512B

.rsrc
Size: 250KB - Virtual size: 249KB

.reloc
Size: 1024B - Virtual size: 630B