1ba2c79fb9e1dc1f956380997fc9b91e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1ba2c79fb9e1dc1f956380997fc9b91e_JaffaCakes118
Size

540KB
MD5

1ba2c79fb9e1dc1f956380997fc9b91e
SHA1

8b1c74f60c8e6de929d9414941125102aadd7572
SHA256

af26bf2b3390d97edcc62e32650d5948a64e08591b4d5a0a8a9f96b78298e3ad
SHA512

b673c3b1e96c75bd6ca53255963cd25484840077aa27bf73b8f94d61d81350921f09bee3eef12e01e1e85270ff7393c446c159603bd5d01b6fb1da10c6ab94e4
SSDEEP

12288:EHE8wz9VzQMzwx6x0s4WjqXquE8msBIhTZEhxcxZRfveu:E3wxRQMz26is4WjEE89gTWSfve

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1ba2c79fb9e1dc1f956380997fc9b91e_JaffaCakes118

Files

1ba2c79fb9e1dc1f956380997fc9b91e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8a847403b95d5c15ec345850b9572d37

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\xoowwtsu\htmqn.pdb

Imports

gdi32

Escape
DescribePixelFormat
ExtEscape
GetKerningPairs
GetNearestColor
SetMagicColors
RealizePalette

user32

SetActiveWindow
GetKBCodePage
SetScrollRange
DialogBoxIndirectParamA
CreateWindowExW
IsWindowVisible
EnumChildWindows
CreateDesktopW
CharNextExA
SetClassLongW
DestroyWindow
UnpackDDElParam
DispatchMessageA
SetDebugErrorLevel
PackDDElParam
RegisterClassA
RegisterClassExA
RegisterWindowMessageW
MessageBoxW
SendMessageA
DefWindowProcA
ShowWindow
SetCaretPos

wininet

RetrieveUrlCacheEntryFileW
InternetCrackUrlA
IsUrlCacheEntryExpiredA
InternetCrackUrlW
InternetLockRequestFile
InternetSetOptionW
GopherGetLocatorTypeW
FindNextUrlCacheEntryW

kernel32

SetComputerNameW
EnumDateFormatsExA
QueryPerformanceCounter
GetProcessHeaps
InterlockedExchange
GetLocalTime
VirtualAlloc
ResumeThread
SetConsoleTitleW
GetProcAddress
GetConsoleCursorInfo
ReleaseMutex
WriteConsoleW
OutputDebugStringA
FindFirstFileExA
lstrcpynW
HeapLock
TlsGetValue
MultiByteToWideChar
GetPrivateProfileSectionNamesW
CreateSemaphoreA
VirtualAllocEx
OpenFileMappingW
FreeEnvironmentStringsW
GetComputerNameA
GetCPInfo
LoadLibraryA
DuplicateHandle
FlushFileBuffers
FreeEnvironmentStringsA
GetCurrentProcess
SetLocaleInfoW
HeapFree
GetExitCodeProcess
CompareStringA
SetLocalTime
DeleteCriticalSection
MapViewOfFileEx
LCMapStringA
GlobalGetAtomNameW
GetFileType
CreateDirectoryExA
EnumTimeFormatsA
TlsFree
HeapCreate
lstrcpynA
GetProfileIntA
WaitForSingleObjectEx
lstrcpyA
SetEnvironmentVariableA
GetModuleFileNameW
GetNumberFormatA
GetLastError
GetEnvironmentStringsW
OpenSemaphoreA
OpenEventA
GetTempFileNameW
SetStdHandle
GetTickCount
lstrlen
WriteFile
SetConsoleCP
GetStringTypeA
PulseEvent
VirtualQuery
GetACP
GetCurrentThread
GetEnvironmentVariableW
lstrcmpi
GetSystemTimeAsFileTime
ContinueDebugEvent
WaitCommEvent
InitializeCriticalSection
HeapDestroy
OpenWaitableTimerW
CreateMutexA
GetOEMCP
GetProfileIntW
OpenWaitableTimerA
GetFullPathNameW
InterlockedDecrement
GetDiskFreeSpaceW
WideCharToMultiByte
CloseHandle
GetCurrentProcessId
EnterCriticalSection
FindFirstFileExW
SetFileTime
ExitProcess
SetLastError
OpenMutexA
GetUserDefaultLCID
LocalFree
GetSystemTime
SetFilePointer
HeapReAlloc
GetStringTypeW
GetVersionExW
GetCurrentThreadId
VirtualFree
GetVersion
WritePrivateProfileStringA
GetCurrentDirectoryW
GetProfileSectionA
CreateWaitableTimerA
RtlMoveMemory
ReadConsoleOutputCharacterW
RtlUnwind
VirtualQueryEx
SetHandleCount
TlsAlloc
VirtualProtect
TlsSetValue
FileTimeToLocalFileTime
LeaveCriticalSection
CreateMailslotW
IsBadWritePtr
GetModuleHandleA
LCMapStringW
GetStdHandle
lstrcmpiW
GetModuleFileNameA
ReadFile
InterlockedIncrement
WriteConsoleOutputCharacterA
GetTimeZoneInformation
GetCurrencyFormatW
GetMailslotInfo
HeapAlloc
lstrcmp
CompareStringW
GlobalAlloc
GetCommandLineA
UnhandledExceptionFilter
GetStartupInfoA
TerminateProcess
GetEnvironmentStrings

comctl32

ImageList_Replace
ImageList_SetOverlayImage
CreatePropertySheetPage
ImageList_Copy
ImageList_DrawEx
ImageList_AddMasked
DrawStatusTextW
InitCommonControlsEx
DestroyPropertySheetPage
ImageList_Duplicate
ImageList_SetBkColor
ImageList_DragLeave
_TrackMouseEvent
ImageList_Read
ImageList_AddIcon
ImageList_GetIconSize

Sections

.text
Size: 144KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 134KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a847403b95d5c15ec345850b9572d37

Headers

File Characteristics

PDB Paths

Imports

gdi32

user32

wininet

kernel32

comctl32

Sections

.text Size: 144KB - Virtual size: 140KB

.rdata Size: 248KB - Virtual size: 246KB

.data Size: 112KB - Virtual size: 134KB

.rsrc Size: 32KB - Virtual size: 29KB

.text
Size: 144KB - Virtual size: 140KB

.rdata
Size: 248KB - Virtual size: 246KB

.data
Size: 112KB - Virtual size: 134KB

.rsrc
Size: 32KB - Virtual size: 29KB