2e190bc50f5d58d5b18d6433f3f1df00_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2e190bc50f5d58d5b18d6433f3f1df00_JaffaCakes118
Size

1.4MB
MD5

2e190bc50f5d58d5b18d6433f3f1df00
SHA1

228d5af9a3707e0d49c86a751ac4d8d537521e5c
SHA256

b5a39107aca3603727ea34be0ac738d5d918a072b470125e50f3b563542dce0d
SHA512

44af24ba32fd1e937a6f850892a3622bff02953508822d70e58702f5f96c5ff41545890ce37df3e9f39832075c30e7ca6c7e77fa71133fb0d79115e97bd4012c
SSDEEP

24576:WSEG0dWNG/Zr6BlFwSiB/nSXF1vbrLKmdti94R/5pfM1zU/iQubkFz:WrG0dP/5gFbU/SXFhvLKwgkIdQ7l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e190bc50f5d58d5b18d6433f3f1df00_JaffaCakes118

Files

2e190bc50f5d58d5b18d6433f3f1df00_JaffaCakes118
.exe windows:4 windows x86 arch:x86

17b79ff91d1228455858dcab192193ac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\IFW\GAXEQS\RUWEOEWLAS\AYOUESFA\XAKGE\DLEGG.PDB

Imports

shell32

DragFinish
SHGetMalloc
ExtractIconEx
SHChangeNotify

comctl32

ImageList_Create
ImageList_DragLeave
ImageList_DragMove
InitCommonControlsEx
ImageList_GetIconSize
CreatePropertySheetPageA
CreateToolbarEx
ImageList_Read
GetEffectiveClientRect
ImageList_GetImageCount
CreateUpDownControl
ImageList_GetBkColor
ImageList_AddMasked
DrawStatusTextW
ImageList_Duplicate
CreatePropertySheetPageW
ImageList_SetIconSize
CreateStatusWindow
ImageList_Add
CreatePropertySheetPage
ImageList_DragShowNolock
ImageList_SetImageCount
ImageList_DrawIndirect

kernel32

InterlockedDecrement
lstrcmpiA
FreeEnvironmentStringsW
HeapFree
OpenMutexA
LoadLibraryA
ExitProcess
TlsSetValue
ReadFile
TlsAlloc
GetLastError
SetStdHandle
IsBadWritePtr
GetCurrentProcessId
CompareStringA
EnterCriticalSection
SetEnvironmentVariableA
FreeEnvironmentStringsA
InterlockedIncrement
GetCommandLineA
GetModuleHandleA
MultiByteToWideChar
LCMapStringA
WriteFile
GetTimeZoneInformation
lstrcpyW
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetSystemTime
GetStdHandle
VirtualQuery
VirtualFree
GetTickCount
GetStartupInfoA
GetCommandLineW
GetStringTypeW
GetEnvironmentStrings
InterlockedExchange
SetLastError
GetCurrentThread
UnhandledExceptionFilter
RtlUnwind
DeleteCriticalSection
SetHandleCount
CompareStringW
HeapCreate
InitializeCriticalSection
GetSystemDefaultLangID
GetStartupInfoW
GetModuleFileNameA
GetCurrentThreadId
LCMapStringW
GetEnvironmentStringsW
GetCurrentProcess
HeapReAlloc
ExpandEnvironmentStringsA
VirtualAlloc
HeapDestroy
TlsGetValue
GetProcAddress
GetModuleFileNameW
HeapAlloc
TlsFree
CreateDirectoryExW
SetFilePointer
CloseHandle
GetFileType
GetLocalTime
GetCPInfo
TerminateProcess
LeaveCriticalSection
GetStringTypeA
WideCharToMultiByte
CreateMutexA
GlobalHandle
FlushFileBuffers
GetVersion

user32

SendIMEMessageExW
HideCaret
wsprintfW
ToAscii
OpenWindowStationW
DdeUnaccessData
CloseDesktop
RegisterClassExA
SetWindowPos
DdeAddData
GetKeyboardLayoutNameA
WaitMessage
DialogBoxIndirectParamA
RegisterClassA
GetScrollInfo

comdlg32

GetFileTitleW
FindTextW
PrintDlgW

gdi32

StartPage
CreateColorSpaceW
SetWindowExtEx
EnableEUDC
SetPixel
SwapBuffers
OffsetWindowOrgEx
GetDeviceCaps
SelectPalette
GetArcDirection
PolyTextOutW
GetCharWidthFloatA
GetColorSpace
StretchDIBits
EndDoc
GetTextFaceA
PathToRegion
GetObjectType
CombineRgn
StartDocW
GetKerningPairsA
SetMetaFileBitsEx
GetLogColorSpaceA
GetClipBox

advapi32

RegQueryValueExA
RegNotifyChangeKeyValue
RevertToSelf
CryptGenRandom
CryptHashData
RegSetValueExW
RegRestoreKeyA
CryptSetProviderExW
CryptDuplicateHash
RegSetValueA
RegCreateKeyA
LookupPrivilegeDisplayNameW
RegOpenKeyExW
RegOpenKeyW
CryptVerifySignatureA
CryptAcquireContextW
RegReplaceKeyA
RegCreateKeyExW
RegQueryValueW
RegDeleteValueA
CryptExportKey

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 245KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 919KB - Virtual size: 911KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17b79ff91d1228455858dcab192193ac

Headers

File Characteristics

PDB Paths

Imports

shell32

comctl32

kernel32

user32

comdlg32

gdi32

advapi32

Sections

.text Size: 125KB - Virtual size: 124KB

.rdata Size: 245KB - Virtual size: 276KB

.data Size: 919KB - Virtual size: 911KB

.rsrc Size: 95KB - Virtual size: 95KB

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 245KB - Virtual size: 276KB

.data
Size: 919KB - Virtual size: 911KB

.rsrc
Size: 95KB - Virtual size: 95KB