36300e0ae58dbcfc3070787b205a2dcb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36300e0ae58dbcfc3070787b205a2dcb_JaffaCakes118
Size

200KB
MD5

36300e0ae58dbcfc3070787b205a2dcb
SHA1

3d70436a923bd315dd1b90fcda58fbf04817402d
SHA256

41135e216afd5197bb4c11991e2a5cc8204f5612904f73b59fdaac70e5b93b1b
SHA512

eb9595525e4980bd3784b3bff2a92acf8ded557b29fa32ff885d557986c42ea72f4f357abe5479ef1b50892a85a0b4d9558c289911b9cbbd41d0995cf681b9f8
SSDEEP

3072:mF7nxpBR51jg+4BRgUDdaBdSeb5lttbrXsYs8JOLx:O1pBz154Ye+579TvAl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36300e0ae58dbcfc3070787b205a2dcb_JaffaCakes118

Files

36300e0ae58dbcfc3070787b205a2dcb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc20ac11b243196264178a539a92cf42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files\Xig.pdb

Imports

user32

DeferWindowPos
CreateMenu
UnregisterHotKey
LoadCursorA
TranslateMessage
GetWindowLongA
BeginDeferWindowPos
GetClassInfoExA
EnumWindows
CallNextHookEx
RegisterWindowMessageA
DefWindowProcA
ReleaseDC
FillRect
TrackPopupMenu
DrawFrameControl
PostMessageA
SetWindowLongA
IsDialogMessageA
GetActiveWindow
AppendMenuA
SetClipboardData
DestroyWindow
SendMessageA
IsClipboardFormatAvailable
SendDlgItemMessageA
CheckRadioButton
SetForegroundWindow

mprapi

MprAdminInterfaceDelete
MprConfigTransportCreate
MprConfigServerRestore
MprAdminPortGetInfo
MprAdminPortEnum
MprAdminPortDisconnect
MprAdminPortClearStats
MprAdminInterfaceConnect
MprAdminInterfaceCreate
MprConfigTransportDelete
MprAdminInterfaceDeviceGetInfo
MprAdminInterfaceGetCredentialsEx
MprAdminInterfaceSetCredentials

usp10

ScriptStringGetOrder
ScriptStringAnalyse
ScriptJustify
ScriptItemize
ScriptGetGlyphABCWidth
ScriptStringOut

kernel32

GetModuleHandleA
SetConsoleCtrlHandler
ReadFile
SetEndOfFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
VirtualQuery
InterlockedExchange
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
CreateFileA
FlushFileBuffers
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
HeapSize
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetFilePointer
GetCurrentProcess
TerminateProcess
GetProcAddress
RemoveDirectoryA
TlsAlloc
GetProfileStringW
GetTempPathA
HeapFree
HeapAlloc
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetLastError
CloseHandle
WriteFile
ExitProcess

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 690KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc20ac11b243196264178a539a92cf42

Headers

File Characteristics

PDB Paths

Imports

user32

mprapi

usp10

kernel32

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 88KB - Virtual size: 690KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 88KB - Virtual size: 690KB

.reloc
Size: 8KB - Virtual size: 7KB