1c2d696fb7a7e980c935eb021f327899_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1c2d696fb7a7e980c935eb021f327899_JaffaCakes118
Size

96KB
MD5

1c2d696fb7a7e980c935eb021f327899
SHA1

4cd1e9c63a82732b7a89fc3e9908b6b3f10fc530
SHA256

40dcae283c0bb146b057f44cc93863ef1eab18505ec045f9fed8df509e4fb9bf
SHA512

b1466a56f2e605f123dad48f4295ba8eef72fbf8ae39b025064f31059de8c3179f7e066fe8cab9c2569f2e6d6a8e03d80b079055a468e38c05ba4cc3ddb80422
SSDEEP

1536:LEJq+bch1NZMLTBbaYbwZK1ah4Uu2oo2IO3zKg5VmunlxY1FPOc50o2wmoxzC:LEJq+bcHnSTNaYc4ah4URmGgPlmPOqmJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c2d696fb7a7e980c935eb021f327899_JaffaCakes118

Files

1c2d696fb7a7e980c935eb021f327899_JaffaCakes118
.dll windows:5 windows x86 arch:x86

27f1b0650fb8c3e66882441843e60b16

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\yuhojUDYA\bbaqzjd\GpeLmTSWr\yllbbehjpSy\wzlaopovcxtgBt.pdb

Imports

gdi32

EndDoc
CreateRectRgn
UnrealizeObject
GetClipBox
GetDIBits
GetRgnBox
CreateFontIndirectA
MoveToEx
TranslateCharsetInfo
FillRgn
Polygon
SetLayout
SetPaletteEntries
GetPixel
CombineRgn
EnumFontFamiliesExW
GetTextMetricsA
TextOutA
GetDeviceCaps

kernel32

GetModuleHandleA
DisconnectNamedPipe
GetWindowsDirectoryA
OpenFileMappingA
HeapValidate
GetTickCount
LCMapStringA
ReleaseSemaphore
IsValidLanguageGroup
WriteFile
GetCommModemStatus
DeleteCriticalSection
EnumResourceNamesA
GetProcAddress
GetWindowsDirectoryW
FindNextFileA
GetACP
CancelIo
SetCurrentDirectoryW
GetTempPathA
LoadLibraryW
FindFirstChangeNotificationW
FoldStringW

shlwapi

ord29
StrToIntExA

msvcrt

sprintf
_controlfp
ungetc
swprintf
__set_app_type
__p__fmode
__p__commode
wcscat
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
fprintf
_XcptFilter
_exit
isalpha
_cexit
iswdigit
isxdigit
strstr
islower
fwrite
ftell
__setusermatherr
__getmainargs
strtoul

user32

DrawAnimatedRects
SetScrollPos
GetSystemMenu
FindWindowExA
ReplyMessage
CharUpperBuffA
DestroyIcon
EnumChildWindows
OpenInputDesktop
GetClassInfoExW
CharLowerW
TrackPopupMenu
SendMessageW
GetIconInfo
IsCharAlphaNumericW
CreateCursor
WaitMessage
LoadStringA
DefWindowProcA
CopyRect
GetScrollPos
SetTimer
IsCharUpperA
SetMenuDefaultItem
wsprintfW
GetClipCursor
IsCharAlphaW
IsCharLowerA
IsDlgButtonChecked
SetLastErrorEx
SendNotifyMessageW
ShowOwnedPopups
GetMenuItemInfoW
OemToCharA
LoadCursorA
CheckMenuRadioItem
InSendMessageEx
EndDialog
CreateWindowExA
GetDlgItem
InflateRect
InSendMessage
RegisterWindowMessageA
GetKeyState
GetDlgCtrlID
IsWindow
CreateIconFromResource
InvalidateRgn

Exports

Exports

?DecrementProjectNew@@YGHPA_N~U
?CancelModuleNew@@YGFHPAGJM~U
?ModifyCharExW@@YGPANGPAK~U
?InstallExpressionExW@@YGEIPAN~U
InstallU
?DecrementHeaderA@@YGKMPAEHM~U
PluginCommand
PluginMain
?EnumFullNameNew@@YGPAFPAKEM~U
?GetSectionExW@@YGF_N~U
?ModifyFolderA@@YGPAGDPAGPAGJ~U
?InsertStateExW@@YGPAGEFJ~U
?LoadWindowInfoNew@@YGPAMGPAGMD~U
?FindSemaphoreA@@YGKIPAKEJ~U
PluginName
PluginType
PluginVersion
WSPStartup
?DumpDigitalDataCBhJEB@@YGKGHE@Z

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.init
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tidat
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tedat
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.alloc
Size: - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27f1b0650fb8c3e66882441843e60b16

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

shlwapi

msvcrt

user32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 20KB

.init Size: 1024B - Virtual size: 528B

.tidat Size: 3KB - Virtual size: 2KB

.tedat Size: 1024B - Virtual size: 851B

.rdata Size: 512B - Virtual size: 232B

.data Size: 2KB - Virtual size: 2KB

.alloc Size: - Virtual size: 79KB

.rsrc Size: 64KB - Virtual size: 63KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 20KB

.init
Size: 1024B - Virtual size: 528B

.tidat
Size: 3KB - Virtual size: 2KB

.tedat
Size: 1024B - Virtual size: 851B

.rdata
Size: 512B - Virtual size: 232B

.data
Size: 2KB - Virtual size: 2KB

.alloc
Size: - Virtual size: 79KB

.rsrc
Size: 64KB - Virtual size: 63KB

.reloc
Size: 2KB - Virtual size: 2KB