254485032b9b2f18d41e8aa0fcaa700a_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

254485032b9b2f18d41e8aa0fcaa700a_JaffaCakes118
Size

1.9MB
MD5

254485032b9b2f18d41e8aa0fcaa700a
SHA1

1c6b5c8b32b92bdc237cbe626ac174cdbb966332
SHA256

e83fd7f3c2cc9957aa560763daf23f0804fd85839a9ab654ec2a472751c69461
SHA512

8aa5952e5f7ba4ef674eb2674890dc0cb6a1a3a17a5631e06633dc02060cfd85b50936b13a34c0ecb7c5241b0efca3245ffd39348a60a7cda701922aa05e03f2
SSDEEP

49152:S+/T6kizbOF9tddrtPc1Lv7WcCxHqjX+38GtAhgguSQlTw:SoubfObl+sqi38G9Pxw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
254485032b9b2f18d41e8aa0fcaa700a_JaffaCakes118

Files

254485032b9b2f18d41e8aa0fcaa700a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

09fe19030e0e9807322faefb447937bd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\wtzybe\oem\xtjaebcmge\uoee

Imports

user32

RegisterClassExA
BringWindowToTop
GetSystemMetrics
InsertMenuItemA
ShowWindow
MessageBoxA
CallMsgFilter
RegisterClassA
CreateWindowExA

kernel32

AddAtomW
SetHandleCount
GetOEMCP
VirtualFree
GetSystemTimeAsFileTime
InterlockedDecrement
GetEnvironmentStringsW
GetCPInfo
IsValidLocale
GetUserDefaultLCID
HeapAlloc
InitializeCriticalSectionAndSpinCount
InterlockedExchange
GetStdHandle
HeapCreate
SetFilePointer
HeapSize
QueryPerformanceCounter
GetPrivateProfileSectionNamesA
GetNamedPipeHandleStateW
OpenProcess
GetCurrentProcessId
GetCurrentThreadId
LeaveCriticalSection
TlsGetValue
CreateFileA
CreateMutexA
HeapReAlloc
GetCommandLineW
GetModuleFileNameW
TlsSetValue
HeapDestroy
LCMapStringA
GetModuleHandleW
RtlUnwind
WriteFile
GetConsoleOutputCP
SetConsoleCtrlHandler
SetLastError
GetStringTypeA
FreeEnvironmentStringsW
CloseHandle
GetModuleFileNameA
IsDebuggerPresent
Sleep
GetTickCount
GetLocaleInfoW
FreeLibrary
SetStdHandle
IsValidCodePage
IsBadReadPtr
TlsAlloc
GetTimeZoneInformation
GetLogicalDrives
ReadFile
ExitProcess
GetPrivateProfileSectionNamesW
UnhandledExceptionFilter
TlsFree
LCMapStringW
WriteConsoleW
CompareStringA
SetEnvironmentVariableA
GetTimeFormatA
GetCompressedFileSizeW
RtlMoveMemory
FindNextFileW
InterlockedIncrement
OpenMutexA
DeleteCriticalSection
EnumSystemLocalesA
WriteConsoleA
GetStartupInfoW
GetLongPathNameA
FlushFileBuffers
HeapFree
lstrcmpiW
GetCurrentProcess
GetCommandLineA
GetConsoleCP
TerminateProcess
WideCharToMultiByte
ResetEvent
VirtualQuery
ReadConsoleOutputCharacterW
LoadLibraryA
GetProfileSectionA
SetUnhandledExceptionFilter
ContinueDebugEvent
GetDateFormatA
GetLastError
GetProcAddress
RtlZeroMemory
VirtualAlloc
GetThreadPriority
GetFileType
GetConsoleMode
GetLocaleInfoA
GetCurrentThread
GetConsoleScreenBufferInfo
GetStringTypeW
GetStartupInfoA
MultiByteToWideChar
EnterCriticalSection
GetACP
GetModuleHandleA
CompareStringW

comctl32

ImageList_Add
ImageList_GetDragImage
ImageList_LoadImageA
ImageList_LoadImageW
ImageList_Draw
ImageList_SetFlags
ImageList_Read
ImageList_ReplaceIcon
MakeDragList
ImageList_Create
InitCommonControlsEx
ImageList_GetIcon
CreateMappedBitmap

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

09fe19030e0e9807322faefb447937bd

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

Sections

.text Size: 328KB - Virtual size: 327KB

.rdata Size: 47KB - Virtual size: 66KB

.data Size: 1.5MB - Virtual size: 1.5MB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 328KB - Virtual size: 327KB

.rdata
Size: 47KB - Virtual size: 66KB

.data
Size: 1.5MB - Virtual size: 1.5MB

.rsrc
Size: 11KB - Virtual size: 10KB