1c7a098427d88d0b952bf95c121f14c1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1c7a098427d88d0b952bf95c121f14c1_JaffaCakes118
Size

96KB
MD5

1c7a098427d88d0b952bf95c121f14c1
SHA1

64e0b6928c91aa27af4fcc3062a2510248cb6b76
SHA256

3a6324ae835382c173be6f5cf26372014af3dadd865b28195a6cab69fffeb595
SHA512

471931edb72073c4a67c6844cec5fd26347af59a9c00deb44a9882f4f7b8ddea51ab6ab2461506cdc31207856eba6b0972652c151f6c7af4b92cab5b854b5933
SSDEEP

3072:8eDhRZ3l86dTrDAIwZXp2nDu/rNnCFMRY:8YRp5EXpWu/V6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c7a098427d88d0b952bf95c121f14c1_JaffaCakes118

Files

1c7a098427d88d0b952bf95c121f14c1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

97547f2e6d75b5c73f6b467c5e477584

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\jbtlhP\pjvm\vpkIexp\rPaqj\qgfqP.pdb

Imports

shlwapi

StrSpnA
PathMakePrettyW

kernel32

ExitProcess
GetCurrentProcessId
FindNextChangeNotification
FileTimeToLocalFileTime
lstrcmpiA
LocalLock
LoadLibraryA
GetCurrentThreadId
DeleteAtom
lstrcmpiW
InterlockedExchange
SetThreadPriority
InterlockedExchangeAdd

gdi32

SetStretchBltMode
CreateDIBSection
SetWindowOrgEx
StartDocW
SetWindowExtEx
ResizePalette

ntdll

memset
_stricmp

user32

GetClassLongA
wsprintfA
SetDlgItemInt
GetIconInfo
GetDCEx
SetParent
RemovePropW
SetCursor
GetUserObjectInformationA
MessageBoxExW
TranslateAcceleratorW
InflateRect
GetUserObjectInformationW
ClipCursor

Exports

Exports

?skxgjqkfL_FS@@YGHG@Z
?MDXDKJYGNR_@@YGMPAHPAM@Z
?_Q__INDBM_V_US_VX_VMP@@YGPAEE@Z
?_pstm_kumLLCH_E_luvJAN@@YGPAXPAN@Z
?YTSVCZZY_J@@YGPAFEJ@Z
?szhejxk_dnczxlOQMfljWP@@YG_NJPAK@Z
?SHYYQ_WlnaFRU_DH_Ei_x@@YGDE@Z
?tzdvxRQPBax@@YGPAJJ@Z

Sections

.code
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 475B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.import
Size: 1024B - Virtual size: 978B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

97547f2e6d75b5c73f6b467c5e477584

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

gdi32

ntdll

user32

Exports

Exports

Sections

.code Size: 23KB - Virtual size: 23KB

.data Size: 12KB - Virtual size: 135KB

.rdata Size: 52KB - Virtual size: 52KB

.edata Size: 512B - Virtual size: 475B

.import Size: 1024B - Virtual size: 978B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

.code
Size: 23KB - Virtual size: 23KB

.data
Size: 12KB - Virtual size: 135KB

.rdata
Size: 52KB - Virtual size: 52KB

.edata
Size: 512B - Virtual size: 475B

.import
Size: 1024B - Virtual size: 978B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB