333e714e38c47b6147796b5b85cf6f12_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

333e714e38c47b6147796b5b85cf6f12_JaffaCakes118
Size

188KB
MD5

333e714e38c47b6147796b5b85cf6f12
SHA1

9828abbe28f570829367887995d39b2f4430f881
SHA256

e61b4a3e0edc685da79e0d17aeaadde84e405805409687ef74e54003dc50864c
SHA512

bc5c4a71f06c21bfd8aec26c95a285672ad80a5d074c1e76b0f94ec587a97e57f582777b3c4f227df6580f6823ca101c06a8a60e6380bbecafd9b8c719150989
SSDEEP

3072:5+BkJyZ5cE+Skz0YYRw9TsnPcmCbNxlus1NXZ6Fj+r7x/0DksVPJ8ojJo5kPjYc:5+B3ZUAwhsnkmCbfN6ix/0DDPtjJyQj7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
333e714e38c47b6147796b5b85cf6f12_JaffaCakes118

Files

333e714e38c47b6147796b5b85cf6f12_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b8c37e60d83125793e9a2895437a4b6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files\Qym.pdb

Imports

user32

ReleaseDC
TranslateMessage
GetPropA
UnregisterHotKey
CreateMenu
DeferWindowPos
BeginDeferWindowPos
WindowFromPoint
LoadIconA
OffsetRect
EndDialog
CloseClipboard
GetMessageA
ValidateRect
GetClassInfoExA
EnumWindows
CallNextHookEx
GetWindowLongA
DrawTextA
DefWindowProcA
RegisterWindowMessageA
MapWindowPoints
GetSystemMetrics
DestroyMenu
BeginPaint
OpenClipboard
InvalidateRect
PostMessageA

gdi32

RectVisible
SelectClipRgn
CreateRectRgn
GetPixel
PtVisible
CreateFontA
CreateCompatibleDC
TextOutA
SetViewportOrgEx

comdlg32

CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA
GetFileTitleA
ChooseColorA

comctl32

ImageList_SetOverlayImage
DestroyPropertySheetPage
ImageList_Add
CreateToolbarEx
ord6
ImageList_Draw
ImageList_LoadImageA
ord17

dbghelp

MiniDumpWriteDump

wintrust

WinVerifyTrust

lz32

LZDone
LZInit
LZSeek
LZStart

mgmtapi

SnmpMgrCtl
SnmpMgrRequest

kernel32

LoadLibraryA
IsBadCodePtr
HeapSize
IsBadWritePtr
HeapReAlloc
GetACP
VirtualFree
HeapCreate
GetSystemTimeAsFileTime
GetFileType
GetOEMCP
GetCPInfo
GetCurrentProcessId
InterlockedExchange
VirtualQuery
SetConsoleCtrlHandler
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
VirtualAlloc
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
HeapDestroy
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetVersionExA
GetCommandLineA
GetCurrentProcess
TerminateProcess
GetProcAddress
IsBadReadPtr
GlobalFree
GlobalAlloc
GetLocaleInfoA
WriteConsoleW
GetWindowsDirectoryA
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
ExitProcess

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 753KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8c37e60d83125793e9a2895437a4b6c

Headers

File Characteristics

PDB Paths

Imports

user32

gdi32

comdlg32

comctl32

dbghelp

wintrust

lz32

mgmtapi

kernel32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 76KB - Virtual size: 753KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 76KB - Virtual size: 753KB

.reloc
Size: 8KB - Virtual size: 6KB