27b3f95b63b25651a7493656f5fc0c3b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

27b3f95b63b25651a7493656f5fc0c3b_JaffaCakes118
Size

716KB
MD5

27b3f95b63b25651a7493656f5fc0c3b
SHA1

b13ce44272bfe5e2e61b4df794be670743fd76f1
SHA256

115ca3a76b71c7091b18d03a4705763a0c7671b4897a554b290c074a299f1afc
SHA512

25ca8baf09c3a74dd368443d1b9d69c9b339a25f35f7d64b2dfdf0fd35940799d2df461cb69d769f442cf2e6ed40ddbb91085ab754ae78985071eae3bdd7410f
SSDEEP

12288:QSErS65zSSEBZLljt9hJP1KkbFu2aXE74jAMlPsS3Kncvi2yoetki0MXQU+qNMHR:Q/S6WSEBzjLtnNx4jHacviELi0MXQUnU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
27b3f95b63b25651a7493656f5fc0c3b_JaffaCakes118

Files

27b3f95b63b25651a7493656f5fc0c3b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6b135f482de4f51bf8a276cd30e4d945

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\coqjwgb\beropwivq.pdb

Imports

comdlg32

GetFileTitleW
ReplaceTextW

wininet

SetUrlCacheEntryGroupA
IncrementUrlCacheHeaderData
ShowX509EncodedCertificate

shell32

SheSetCurDrive
SHLoadInProc
InternalExtractIconListW
SHFormatDrive
RealShellExecuteExW

gdi32

GetCurrentPositionEx
CreateDCW
GetPaletteEntries
GdiPlayDCScript
EnumFontFamiliesExW
PlayEnhMetaFileRecord
GetObjectA
DeleteObject
DeleteDC
SelectClipRgn
GetDeviceCaps

comctl32

CreateToolbarEx
MakeDragList
ImageList_GetFlags
CreateStatusWindowA
CreateMappedBitmap
CreateStatusWindow
ImageList_BeginDrag
ImageList_Add
ImageList_SetDragCursorImage
ImageList_EndDrag
ImageList_SetFlags
ImageList_Create
DrawStatusTextW
ImageList_Write
ImageList_Copy
InitCommonControlsEx
ImageList_SetBkColor
ImageList_DrawIndirect

user32

RegisterClassExA
CharLowerBuffA
SetPropA
TileWindows
GetWindowTextA
GetMenuState
GetComboBoxInfo
DestroyWindow
CharNextA
CascadeChildWindows
VkKeyScanExA
SetClipboardViewer
GetUserObjectInformationA
GrayStringW
DrawTextA
KillTimer
MonitorFromRect
ShowWindow
SendDlgItemMessageA
RemoveMenu
MenuItemFromPoint
SetWindowLongW
RegisterClipboardFormatW
ChangeMenuA
GetWindowPlacement
SetWinEventHook
GetProcessDefaultLayout
SetCapture
DispatchMessageW
LoadMenuIndirectA
InvertRect
SetActiveWindow
MoveWindow
MessageBoxIndirectW
SetWindowsHookExA
wsprintfW
DdeFreeDataHandle
CreateWindowExA
CopyRect
PostMessageA
FindWindowW
DdeQueryStringW
GetUpdateRect
MessageBoxW
WaitForInputIdle
IsDialogMessageW
WaitMessage
IsCharUpperA
OemToCharBuffA
InsertMenuItemW
SetDeskWallpaper
TabbedTextOutA
GetClipCursor
CharToOemBuffW
RegisterClassA
DefWindowProcA
ChangeDisplaySettingsExA
DestroyCaret
ToAscii
PeekMessageW
SetMenuInfo

kernel32

SystemTimeToFileTime
VirtualAlloc
GetThreadPriorityBoost
GetFileType
OpenMutexA
GetTickCount
GetSystemTimeAsFileTime
TlsSetValue
GetModuleHandleA
GetModuleFileNameW
CompareStringW
WriteProfileStringW
GetEnvironmentStringsW
GetLocaleInfoW
TlsGetValue
EnumTimeFormatsW
ExitProcess
HeapSize
CompareStringA
VirtualFree
EnumSystemLocalesA
TlsAlloc
GetCommandLineA
InterlockedExchange
GetCurrentThreadId
CloseHandle
WriteFile
GetSystemInfo
SetEnvironmentVariableA
EnterCriticalSection
DeleteCriticalSection
GetOEMCP
GetTimeZoneInformation
FlushFileBuffers
FreeEnvironmentStringsA
lstrcpy
GetNamedPipeHandleStateA
GetCPInfo
InitializeCriticalSection
LCMapStringA
VirtualProtect
GetDateFormatA
SetStdHandle
TlsFree
GetThreadPriority
GetLocaleInfoA
HeapCreate
WideCharToMultiByte
HeapFree
MultiByteToWideChar
GetModuleFileNameA
TerminateProcess
GetCurrentProcessId
HeapAlloc
GetLastError
UnhandledExceptionFilter
RtlUnwind
CopyFileExA
GetCommandLineW
GetStdHandle
GetCurrentThread
LoadLibraryA
OpenEventW
SetFilePointer
GetVersionExA
SetLastError
GetTimeFormatA
IsValidCodePage
GetUserDefaultLCID
FreeEnvironmentStringsW
SetHandleCount
LeaveCriticalSection
CreateMutexA
GetStringTypeW
HeapDestroy
QueryPerformanceCounter
ReadFile
IsBadWritePtr
HeapReAlloc
GetStartupInfoA
VirtualQuery
IsValidLocale
GetEnvironmentStrings
LCMapStringW
GetCurrentProcess
GetProcAddress
GetStartupInfoW
GetACP
OpenFileMappingA
GetStringTypeA

Sections

.text
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b135f482de4f51bf8a276cd30e4d945

Headers

File Characteristics

PDB Paths

Imports

comdlg32

wininet

shell32

gdi32

comctl32

user32

kernel32

Sections

.text Size: 164KB - Virtual size: 162KB

.rdata Size: 392KB - Virtual size: 391KB

.data Size: 140KB - Virtual size: 167KB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 164KB - Virtual size: 162KB

.rdata
Size: 392KB - Virtual size: 391KB

.data
Size: 140KB - Virtual size: 167KB

.rsrc
Size: 16KB - Virtual size: 12KB