31827d6a83ef976cc7d801e937716d4c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31827d6a83ef976cc7d801e937716d4c_JaffaCakes118
Size

150KB
MD5

31827d6a83ef976cc7d801e937716d4c
SHA1

9bdae8076ae45ce5a80fe6ad88f3f87a5f45ab32
SHA256

b9711162b1c54a9de83fd90b6c7d6e17f2c8acb7ec61a6594c65d0c0823fbbb7
SHA512

bbe7fb8899604ba5187c7a8ada60ab1427069b3d55bb6019e0a7de9dd4eabe2ca2cdf5672d449c18c402f3b29bee8dfd9611c9e85c8bafcc66e9412e179c9863
SSDEEP

3072:45Mapi7tcBHCXyGrSbjWA/5xR5/k2Z3Eam0Xek4X4+bsTdNLtedx6QsA:6t0YHCFSFBXdukGbsBNJed5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31827d6a83ef976cc7d801e937716d4c_JaffaCakes118

Files

31827d6a83ef976cc7d801e937716d4c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c1486700443255055dcdda85d7f2578f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\uiLQaqxojxaddyrdipzhQ\fxZrwakHrhapoevblNTpn\TYoBuLtlnsNzea\tlOUdYwiyhBbSwzZythp\rvcjqlvLhdjrQgt\mTpTrekbqCocqquqdqjmL.pdb

Imports

gdi32

SetWindowExtEx
PolyBezier
LineTo
GetLayout
CreateRectRgn
SetBkColor
GetBkMode
GetPaletteEntries
SetWindowOrgEx
GetTextAlign
GetNearestPaletteIndex
StretchBlt
CreateHatchBrush

kernel32

lstrcmpiA
GetTempFileNameW
GetFileInformationByHandle
HeapSize
FindResourceW
lstrlenW
CancelWaitableTimer
GetUserDefaultLangID
WinExec
GetCurrentDirectoryW
GlobalDeleteAtom
GetHandleInformation
OpenEventA
lstrcpynW
GlobalAddAtomA
LoadResource

user32

OpenDesktopW
DrawIconEx
DeferWindowPos
CharLowerA
SetDlgItemTextW
GetShellWindow
IsDlgButtonChecked
LoadCursorW
OpenInputDesktop
GetKeyNameTextW
GetWindowDC
RegisterClassA
GetMessageTime
GetScrollRange
BeginDeferWindowPos
LoadStringW
DrawMenuBar
CharNextA
SetDlgItemTextA
GetWindowLongA
GetMenuStringA
mouse_event
GetUserObjectInformationA
CopyAcceleratorTableW
EnableScrollBar
CheckMenuRadioItem
SetDlgItemInt
PostQuitMessage
OffsetRect
RegisterWindowMessageW

comdlg32

CommDlgExtendedError
PageSetupDlgW

Exports

Exports

?_wcsnicoll_l@@YGKPA_WG@Z

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1486700443255055dcdda85d7f2578f

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

user32

comdlg32

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 90KB

.rdata Size: 44KB - Virtual size: 43KB

.mdata Size: 11KB - Virtual size: 11KB

.data Size: 1KB - Virtual size: 109KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 90KB - Virtual size: 90KB

.rdata
Size: 44KB - Virtual size: 43KB

.mdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 109KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1KB - Virtual size: 1KB