2be063d1477dbd8fca926bfa913b2736_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2be063d1477dbd8fca926bfa913b2736_JaffaCakes118
Size

67KB
MD5

2be063d1477dbd8fca926bfa913b2736
SHA1

489b5b7a8032be763dbe90af5ea352312624c4c6
SHA256

446ff6aabf0bd8c4b7b8cfefa6b31bb57627d8f01cc4ffe0f681476154c4b735
SHA512

de89b3d6f290488ca3ae92cd672cca216b9b840cf2f676372da522d0642882c9c179ea0daffde0459022afec0a217c470407738cec57a7e15bd9087f7b0e664d
SSDEEP

768:XNjG4lDDe0ObeXAkRBNlNAaQHdQG1MujG/cYgug/+j1mmiR78B3VTlQS3jpeXGx+:nJe0ObAR7SxmcYPg0Qd0hlEpt8U40

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2be063d1477dbd8fca926bfa913b2736_JaffaCakes118

Files

2be063d1477dbd8fca926bfa913b2736_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8781f2bafa0a5bf0ee908d31a5da8832

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

N:\AtweD\malvRkll\cezmSu.pdb

Imports

user32

SetParent
UnloadKeyboardLayout
CharUpperW
InSendMessageEx
GetScrollPos
GetWindowRect
MapVirtualKeyA
GetClassNameW
PostThreadMessageW
DrawFrameControl
CharToOemBuffA
EnableMenuItem
IsWindowUnicode
LoadIconA

ntdll

_stricmp
memset

shlwapi

PathMakePrettyW
StrSpnA

kernel32

FileTimeToSystemTime
GetCurrentThreadId
ExitProcess
OpenFileMappingW
GetLocalTime
SetSystemTime
InterlockedExchangeAdd
InterlockedExchange
lstrlenA
OpenFileMappingA
GetCurrentProcessId

gdi32

EnumFontsW
GetCurrentObject
ScaleViewportExtEx
SelectPalette
CreateFontIndirectW
SaveDC

Exports

Exports

?_tp_q_cu_I_tmj_v_v@@YGIJ@Z
?KKY__VFI@@YGXK@Z
?P_JytmucRnihfr__@@YGEJF@Z
?CSERPi_XMVWQJUYN@@YGKJPAN@Z
?HI_VswOZ@@YGPAFPAF@Z
?H___LWOOBBX_SZGX_d@@YGKPAGPAI@Z

Sections

.code
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 346B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.import
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8781f2bafa0a5bf0ee908d31a5da8832

Headers

File Characteristics

PDB Paths

Imports

user32

ntdll

shlwapi

kernel32

gdi32

Exports

Exports

Sections

.code Size: 23KB - Virtual size: 22KB

.data Size: 28KB - Virtual size: 96KB

.rdata Size: 10KB - Virtual size: 10KB

.edata Size: 512B - Virtual size: 346B

.import Size: 1024B - Virtual size: 948B

.rsrc Size: 9KB - Virtual size: 12KB

.reloc Size: 1KB - Virtual size: 1KB

.code
Size: 23KB - Virtual size: 22KB

.data
Size: 28KB - Virtual size: 96KB

.rdata
Size: 10KB - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 346B

.import
Size: 1024B - Virtual size: 948B

.rsrc
Size: 9KB - Virtual size: 12KB

.reloc
Size: 1KB - Virtual size: 1KB