2e118284d3e8365adfc15ddad85c0e7e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e118284d3e8365adfc15ddad85c0e7e_JaffaCakes118
Size

168KB
MD5

2e118284d3e8365adfc15ddad85c0e7e
SHA1

403a389f15ad1e453d9d56a600c4904a99539f60
SHA256

af140f3d0dc984a65b25205fb9a9c5f0af4e65c73333d1eda2c3ce6af31cfa82
SHA512

cddd68ddf5c3bee12e37f2e26ee1164e661d2dd67da80d40edacfd7c9159c2c7da138cc6f1a7354584cbb79adc21570b31c607aab97465011d9d4b589e849fc1
SSDEEP

3072:jfpF6N9Z87bE5VIEdKvmxMsMFTWemF+CC1cjJLZOz47lr9WL/RHruuCllZDrYmvE:j29qbE5VIE8AMR6HBZOz4KL/RLuuA5kL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e118284d3e8365adfc15ddad85c0e7e_JaffaCakes118

Files

2e118284d3e8365adfc15ddad85c0e7e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c36fdcc979882baf8bf508d9bc367ab8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\daYdYPlaU\rsfgabAJtsfy\mkbpbOcgqhrWai\XzzqedltUjrY.pdb

Imports

comctl32

ImageList_Create
ImageList_Remove
CreateToolbarEx
ImageList_GetIconSize
ImageList_Write

kernel32

IsBadStringPtrW
CreateMutexA
SizeofResource
FindResourceW
LCMapStringW
VirtualAlloc
DeviceIoControl
CompareStringW
lstrcmpiW
lstrcpyA
SearchPathW
lstrlenW
GetSystemDefaultUILanguage
RegisterWaitForSingleObject
IsDBCSLeadByte
GetExitCodeThread

gdi32

SetPaletteEntries
GetSystemPaletteEntries
StretchBlt
SetLayout
Rectangle
DeleteDC
ScaleWindowExtEx
RealizePalette
EndPage
CreateDIBSection
CreatePolygonRgn
SetAbortProc
TranslateCharsetInfo
SetStretchBltMode

msvcrt

exit

user32

VkKeyScanA
CascadeWindows
GetClassInfoExW
CopyAcceleratorTableW
SetRectEmpty
IsDialogMessageA
GetTopWindow
SetRect
GetDC
OffsetRect
IsIconic
AdjustWindowRect
SetUserObjectInformationW
ChangeMenuW
DrawStateW
IsCharUpperA
IsDialogMessageW
SetWindowLongA
SendMessageTimeoutA
DefWindowProcW
FindWindowW
CharToOemBuffA
GetMenuStringW
GetClassInfoA
LookupIconIdFromDirectory
CharUpperBuffA
GetDlgCtrlID
DialogBoxParamW

ntdll

strcspn
memset

shlwapi

PathRelativePathToA

Exports

Exports

?m__bek_f_i@@YGDGE@Z
?kmb__pcgx_v_hjxkCR@@YGHH@Z
?SFUSPu_F@@YGKPAG@Z
?LC_YvlyRs_am_jiqsexil@@YGXK@Z
?_obdyMRMML_XovzgElbuL@@YGXIK@Z
?_sbqsQ__HP_NUj_bcZ_@@YGPAKMPAE@Z
?LD_M_GJKhitvaklaydz_um@@YGFPAFPAI@Z
?me_dwpZ_@@YGPA_NPAKPAF@Z
?gmWVGRVQ_SVit@@YGDPAJH@Z
?_nqzqta_ru@@YGJM@Z
?dbbPYUBGf_k___t@@YGPAKPAEK@Z
?Ruq__ea_d_@@YGJG@Z
?DC__KM__l@@YGPAEGE@Z
?ucsaovcSWXjTI_IAFpke@@YGPAH_N@Z
?j_wk_gUJGOok_@@YGDPAG@Z
?pndd_nz___h_CIOJ@@YGGEN@Z
?cfxg_zz_h_VRB_MIey@@YGPAXFI@Z
?lwjhtj__@@YGXPAD@Z
?Brro_YY_T_GM@@YGXPAKG@Z
?I_BKVMOwlp__kim@@YGMEPAF@Z
?__rsevdKwfukh___E_@@YGIDPAK@Z
?Shsmn_ohX@@YGPAKPAGPAD@Z
?_fn__e_u@@YGMPAH@Z
?XawDKYEI@@YGPAHIM@Z
?jgnk__aomp_qaxp_xp@@YGPAXH@Z
?BLd_pqwo_XusNBPJYPRAW@@YGK_N@Z
?TPNFTf_hPYW@@YGFKPAD@Z
?__OOJCC@@YGHPANK@Z
?_O__GX_A@@YGJK@Z
?yb_xwaiuGf_yocyr@@YGXD@Z
?Pk_l___odMOYELQ_eqsm@@YGHGPAG@Z
?QACIOPyxaotyzQWELG@@YGPAHF@Z
?GKTXX_uBzrclhprqI@@YGFPAEK@Z
?__GAG_DO__NLMSJ@@YGMDF@Z
?wrratjDGPLOBMDMHwfaq_@@YGDHE@Z
?r__xa_qVpb__eoKNZY@@YGMPAFK@Z
?hqohdoz_je@@YGPADJ@Z
?KOR_ZRrckn_g_q_@@YGNN@Z
?__jmmtw_cl_a_yp_fkn@@YGEPAHM@Z
?TJD_SVKQBfubcybXX_@@YGGEK@Z
?YZGAWw_mejep_oM_t@@YGPAEK@Z
?sali_FZ@@YGPAJPAJ@Z
?eczluZW_L@@YGDH@Z
?rF_NSUOGhephQL_EAUakx@@YGPAXIF@Z
?oxlfKTTQ_W@@YGHD@Z
?TZdqsh_ep@@YGHDPAH@Z
?OOe_hkxzNXA_PK_yqm_oi@@YGPAKG@Z
?zcv___w_muqmirh_X_GO@@YGDPAIE@Z
?qyxqhBXRCaMGyjM_LFN__@@YGPAKID@Z
?e_r_rTER_DFEyxwn_rf@@YGMN@Z
?TCWQ_OQ_HAT_XWSXBPXm@@YGPAXNPA_N@Z
?_Lyn_jXXO_A_HCc__xa@@YGMPA_N@Z
?ee_ea_tshp_P__G_LD@@YGPAGGI@Z
?sf_LHaxbCLsoD@@YGDPAF@Z
?NWOyqCUSwv_eZF__ZL_z@@YGFEI@Z
?_u__hXIHUC_HV@@YGEE@Z
?_ve_tmmG_h_lj@@YGMIPAF@Z
?zw_gvELUO_MS_H___e@@YGPAHN@Z
?LL_MzYf@@YGPAXK@Z
?gv_vzgltK_T@@YGPAIKH@Z
?PZLLRlHHPukOJ@@YGPAFE@Z
?Kvex_sjuhpF_hwap__d_@@YGPAXD@Z
?QYQ_ExlwDM_X@@YGHEF@Z
?eryg____@@YGXPAJJ@Z
?fbjSOLCPN_KHYOFB@@YGJPAIPAJ@Z
?P_AO_S_@@YGKE@Z
?WNN_vur@@YGEEPAG@Z

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.export
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ldata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 511B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c36fdcc979882baf8bf508d9bc367ab8

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

gdi32

msvcrt

user32

ntdll

shlwapi

Exports

Exports

Sections

.text Size: 98KB - Virtual size: 97KB

.idata Size: 10KB - Virtual size: 10KB

.export Size: 13KB - Virtual size: 12KB

.data Size: 40KB - Virtual size: 311KB

.ldata Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 511B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 98KB - Virtual size: 97KB

.idata
Size: 10KB - Virtual size: 10KB

.export
Size: 13KB - Virtual size: 12KB

.data
Size: 40KB - Virtual size: 311KB

.ldata
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 511B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB