249af1f36ae6fab6fb2c0eb172e52d43_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

249af1f36ae6fab6fb2c0eb172e52d43_JaffaCakes118
Size

122KB
MD5

249af1f36ae6fab6fb2c0eb172e52d43
SHA1

c84b8082c5e925a3310a40f6ab6b96f1d7ced485
SHA256

418e639940388d347e552275300c411ae753f3fde0d4be13c1648983fc6fba9c
SHA512

523921112a44d07c619d3db2d87d73731fb28895dbae1fb12bbf18dcf25fa9663f58c6da6285028ddf98656c79cc8176ab4b6bc455738ebca53abdf67972ebb2
SSDEEP

3072:GijAbZ7qgOAd/wfc11TpTSeQaGMsCSd3I3zQf:GD7TwUZdShMaY+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
249af1f36ae6fab6fb2c0eb172e52d43_JaffaCakes118

Files

249af1f36ae6fab6fb2c0eb172e52d43_JaffaCakes118
.dll windows:5 windows x86 arch:x86

1639b69a169b6a333cdaed9d543cb489

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

N:\audVwxEmJdfybnutjQ\WbyaznInqqmppuwvgla\OGwztFtQRNolj\OjpvLreiynfiokXxqheea\naCtttIfQlimm\reybcMoNfddorPugihbgt.pdb

Imports

user32

ShowScrollBar
EnableScrollBar
ClipCursor
GetClientRect
DispatchMessageW
DrawStateA
UpdateWindow
InsertMenuW
SetScrollPos
GetActiveWindow
RedrawWindow
RegisterWindowMessageW
GetClassLongA
PostMessageW
CopyRect
GetUserObjectInformationA
CharNextW
GetSysColor
CloseDesktop
DestroyMenu
SwitchToThisWindow
SetLastErrorEx
LoadImageA
SetTimer
OemToCharA
ScrollWindow
wvsprintfA
LoadBitmapW
CharLowerW
GetTopWindow

kernel32

lstrcpyW
GetVersionExA
CreateDirectoryW
SetSystemTime
GetModuleHandleW
DuplicateHandle
FormatMessageW
HeapLock
ResumeThread
GetThreadPriority
FindResourceExW
GlobalFlags
IsValidLocale
SetEvent
WriteFile
GetVersion

shell32

ord196
ord195

comctl32

ImageList_ReplaceIcon
ImageList_Create
DestroyPropertySheetPage

gdi32

IntersectClipRect
GetLayout
DeleteObject
Ellipse
TextOutA
GetViewportOrgEx
CreateDIBitmap
BitBlt
CreateHatchBrush
GetTextFaceW
CreateDIBSection
SetAbortProc

shlwapi

StrChrIW

Exports

Exports

AlphaBlend
?DufiluIOQF67uiofYIFYfUFyf@@YGKEPA_WG@Z

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1639b69a169b6a333cdaed9d543cb489

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

shell32

comctl32

gdi32

shlwapi

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 28KB - Virtual size: 27KB

.mdata Size: 11KB - Virtual size: 11KB

.data Size: 14KB - Virtual size: 154KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 28KB - Virtual size: 27KB

.mdata
Size: 11KB - Virtual size: 11KB

.data
Size: 14KB - Virtual size: 154KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1KB - Virtual size: 1KB