267c157e3d80fdc9a4e066c49f7b4d0c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

267c157e3d80fdc9a4e066c49f7b4d0c_JaffaCakes118
Size

376KB
MD5

267c157e3d80fdc9a4e066c49f7b4d0c
SHA1

d32ef9b2e9b7ad91d225ebe9a1fd788422be0b11
SHA256

fd13880062c14648ac33d02abbf9e9480231731c05d31de4e8a37d3a5edb0356
SHA512

520c72c7bf8892bfc401026b0d90e51eaa50d723a1b1421944cf4648dde6ccd450ab604544dee1f8f1670be7a7b9687f6a297d1b04f274ee434d446b0242628c
SSDEEP

6144:HDHIgy9KHRQFpEp5EH1oGO52odzo25OGA7fn5rIJfNKVZZPRwaS4W:HbMKxQFpEIVoFJMFf5rIJs7Bi0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
267c157e3d80fdc9a4e066c49f7b4d0c_JaffaCakes118

Files

267c157e3d80fdc9a4e066c49f7b4d0c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

079ba06810a8c4346496031c791269ab

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\sduugacex\gjm\iek.pdb

Imports

comdlg32

ChooseFontW
ChooseColorA

user32

LoadAcceleratorsW
WindowFromDC
GetShellWindow
DdeSetQualityOfService
SystemParametersInfoA
SetForegroundWindow
RegisterClassExA
MapVirtualKeyExW
LoadAcceleratorsA
DrawIconEx
RegisterClassA
PostMessageW
LoadImageA
GetGUIThreadInfo
CallNextHookEx
MapVirtualKeyA
GetWindowLongW
GetForegroundWindow
CreateDialogIndirectParamA
GetDoubleClickTime

wininet

UnlockUrlCacheEntryFile
SetUrlCacheHeaderData

shell32

ShellHookProc

comctl32

ImageList_GetImageCount
ImageList_SetBkColor
ImageList_GetIcon
ImageList_Draw
ImageList_LoadImageW
InitCommonControlsEx
ImageList_SetIconSize
ImageList_SetImageCount
DrawStatusTextW

kernel32

GetProcAddress
TlsAlloc
GetCommandLineA
ExitProcess
GetCurrentThread
TerminateProcess
GetTimeZoneInformation
GetEnvironmentStringsW
ReadFile
OpenMutexA
InterlockedExchange
GetModuleHandleA
TlsFree
CloseHandle
GetCurrentProcess
CreateMutexA
LeaveCriticalSection
UnhandledExceptionFilter
HeapReAlloc
EnterCriticalSection
QueryPerformanceCounter
SetLastError
GetFileType
GetStartupInfoW
GetVersion
IsBadWritePtr
DeleteCriticalSection
GetModuleFileNameW
GetStringTypeA
GetSystemTime
GetStdHandle
InterlockedIncrement
HeapAlloc
GetStringTypeW
GetCurrentThreadId
HeapCreate
GetModuleFileNameA
SetHandleCount
VirtualQuery
HeapDestroy
GetCommandLineW
CompareStringA
CompareStringW
HeapFree
GetEnvironmentStrings
SetEnvironmentVariableA
TlsGetValue
WideCharToMultiByte
SetFilePointer
TlsSetValue
GetStartupInfoA
FlushFileBuffers
FreeEnvironmentStringsA
VirtualAlloc
GetTickCount
GetCurrentProcessId
LCMapStringA
InitializeCriticalSection
RtlUnwind
WriteFile
GetLocalTime
GetLastError
MultiByteToWideChar
VirtualFree
LCMapStringW
LoadLibraryA
GetCPInfo
InterlockedDecrement
FreeEnvironmentStringsW
SetStdHandle
GetSystemTimeAsFileTime

Sections

.text
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

079ba06810a8c4346496031c791269ab

Headers

File Characteristics

PDB Paths

Imports

comdlg32

user32

wininet

shell32

comctl32

kernel32

Sections

.text Size: 132KB - Virtual size: 129KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 88KB - Virtual size: 117KB

.rsrc Size: 80KB - Virtual size: 77KB

.text
Size: 132KB - Virtual size: 129KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 88KB - Virtual size: 117KB

.rsrc
Size: 80KB - Virtual size: 77KB