3aebec2ae57d988e6552c5da2c9e825a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3aebec2ae57d988e6552c5da2c9e825a_JaffaCakes118
Size

781KB
MD5

3aebec2ae57d988e6552c5da2c9e825a
SHA1

b971c77ff3caf4d78cf3c11d22a0da23e5a93862
SHA256

fc9bd7953c3b0a937f8b1833797e1971ed92e89eea0dcc833d81dc4ced6b7a2f
SHA512

4b4de9e7114453f522cc97f2741e96078b1ae562fb454f082d8dd284f6c903a69bfd9fea8a261cb4d8a802589dbfb40d6bc814f3e503584dab51b623c90bfbd8
SSDEEP

24576:uywBhgXS838a6BWBHdBIQe7vg8EzWNvoiU0:uywBhgXv8LBWt/qvg8Ezw7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3aebec2ae57d988e6552c5da2c9e825a_JaffaCakes118

Files

3aebec2ae57d988e6552c5da2c9e825a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f0a18d6216325302061a31516cd132bf

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\yevzdelb\kgu\upddegszz.pdb

Imports

user32

SendMessageTimeoutW
IsCharLowerA
RegisterClassA
RegisterClassExA
DdeCreateStringHandleW
ClientToScreen
SendIMEMessageExW

gdi32

EqualRgn
SetTextJustification
ModifyWorldTransform
GetGlyphOutlineW
CancelDC
GetTextExtentPoint32A
PolyBezierTo
GetTextAlign
CreateColorSpaceW
UpdateColors
GetRandomRgn
SetMetaRgn

comdlg32

GetFileTitleW
PrintDlgA
ChooseColorW

shell32

DoEnvironmentSubstW
DuplicateIcon

comctl32

InitCommonControlsEx

kernel32

GetEnvironmentStrings
TlsFree
GetCurrentProcess
Sleep
GetConsoleOutputCP
HeapSize
TerminateProcess
WriteFile
MultiByteToWideChar
GetStdHandle
UnhandledExceptionFilter
LoadLibraryA
GetUserDefaultLCID
FreeEnvironmentStringsW
GetConsoleMode
ExitProcess
GetCurrentThreadId
GetModuleHandleA
TlsSetValue
InterlockedDecrement
GetLocaleInfoW
CloseHandle
InterlockedIncrement
SetUnhandledExceptionFilter
GetStartupInfoA
IsValidLocale
SetStdHandle
TlsGetValue
InterlockedExchange
WriteConsoleA
VirtualAlloc
GetLocaleInfoA
HeapAlloc
SetFilePointer
GetFileType
WideCharToMultiByte
LeaveCriticalSection
GetCurrentProcessId
TlsAlloc
InitializeCriticalSection
GetCPInfo
FlushFileBuffers
CreateFileA
LCMapStringW
IsDebuggerPresent
WriteConsoleW
GetTimeZoneInformation
SetLastError
GetOEMCP
GetDateFormatA
ReadFile
ReadConsoleInputW
DeleteCriticalSection
GetCommandLineA
CompareStringA
HeapReAlloc
FreeLibrary
IsValidCodePage
VirtualQuery
GetEnvironmentStringsW
GetTimeFormatA
GetSystemTimeAsFileTime
CreateMutexA
FreeEnvironmentStringsA
RtlUnwind
EnumSystemLocalesA
OpenMutexA
GetCurrentThread
VirtualFree
LCMapStringA
GetProcessAffinityMask
GetConsoleCP
GetStringTypeA
HeapDestroy
GetACP
HeapFree
SetEnvironmentVariableA
CompareStringW
lstrcmp
GetLastError
SetConsoleCtrlHandler
GetProcAddress
HeapCreate
GetTickCount
SetHandleCount
GetVersionExA
GetProcessHeap
EnterCriticalSection
GetModuleFileNameA
GetStringTypeW
GetCalendarInfoA
QueryPerformanceCounter

Sections

.text
Size: 621KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0a18d6216325302061a31516cd132bf

Headers

File Characteristics

PDB Paths

Imports

user32

gdi32

comdlg32

shell32

comctl32

kernel32

Sections

.text Size: 621KB - Virtual size: 620KB

.rdata Size: 14KB - Virtual size: 23KB

.data Size: 126KB - Virtual size: 126KB

.rsrc Size: 18KB - Virtual size: 18KB

.text
Size: 621KB - Virtual size: 620KB

.rdata
Size: 14KB - Virtual size: 23KB

.data
Size: 126KB - Virtual size: 126KB

.rsrc
Size: 18KB - Virtual size: 18KB