37b19777359bbe92a33dda8486b8fa1f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

37b19777359bbe92a33dda8486b8fa1f_JaffaCakes118
Size

159KB
MD5

37b19777359bbe92a33dda8486b8fa1f
SHA1

a13135bdb3a98c553270b6e2b11ce55d8e80f411
SHA256

0eacc453c516eaf49743fd94e8aff26814b8f118a7386e0afca76ae4dafa816d
SHA512

d26f6402846288362fec2050a911fb765a78f6ae81c3056c7376f14c10ba61ea1fc342624108763d66505b82d9bb7c8f5098dbc4aa4f68f36ab3a80c3aeef44a
SSDEEP

3072:xAYMbfNaJL+hJKtuuyS7qqT+UwObOf/ROY/xkA2/HEaGPPnSHZUx:uNbQL+hJYuu7RyROIROYZkAMEdq5Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
37b19777359bbe92a33dda8486b8fa1f_JaffaCakes118

Files

37b19777359bbe92a33dda8486b8fa1f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e11590ba313c6e730cb129956291a295

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\dWzonqqvXb\ibCbFnyei\fnXfrQwbkye\TfBnAUc.pdb

Imports

ntdll

memset
strcspn

user32

SetClassLongW
IsWindowVisible
GetUserObjectInformationA
CharUpperA
SetRect
LoadCursorA
PostMessageA
GetMenuStringA
SetCursorPos
GetDlgItemTextW
LoadImageA
ModifyMenuW
GetSubMenu
ScreenToClient
OpenInputDesktop
GrayStringW
GetWindowDC
SetWindowTextA
GetMenuItemCount
CharUpperBuffA
ChildWindowFromPoint
SetRectEmpty
SetWindowPlacement
GetMenuCheckMarkDimensions
CharPrevW
OemToCharA
wvsprintfW
GetWindow

gdi32

GetObjectA
TranslateCharsetInfo
TextOutA
GetRgnBox
SetPixel
SetBitmapDimensionEx
GetTextExtentPoint32W
DeleteObject
OffsetRgn
IntersectClipRect
MoveToEx
EndDoc

shlwapi

PathRelativePathToA

kernel32

lstrcatA
GlobalGetAtomNameA
GetStartupInfoW
lstrcpyA
lstrlenW
lstrcmpiW
SetCommMask
ConvertDefaultLocale
GlobalCompact
GetComputerNameA
lstrcpynW
SetSystemTime
LeaveCriticalSection
GlobalFree
QueryPerformanceCounter
OpenFile

comctl32

PropertySheetW
ImageList_Draw
ImageList_Remove

msvcrt

exit

comdlg32

ReplaceTextW
GetSaveFileNameA

Exports

Exports

?U_LayeeAR@@YGMM@Z
?CE_C_AO_@@YGKPAI@Z
?XEB__VRCmol_oREPPD@@YGPAXHPAJ@Z
?_Wa_boefq_vktzwbxEJYT@@YGJE@Z
?DPKW_RCsfvcc_aaf_@@YGNPAHK@Z
?wl_bivKTK_@@YGPAXPAIPAG@Z
?_Y_A_TNg_qk@@YGFH@Z
?AN_XB_B@@YGHN@Z
?ea_ixp__JH_fxoCQQA@@YGDDH@Z
?x_re_u_ozywyetrvmy@@YGPAGPAD@Z
?PZpdt_Ugr_kpxI_LS@@YGJI@Z
?fuokCHMZRSFU_XWkd_w@@YGPAFDM@Z
?V__GZF_C@@YGKPADPAI@Z
?QLMNpe_rjSREMb_d@@YGPAGKH@Z
?_acrblmzbwx_tH__L_E@@YGEM@Z
?XIBFE_vr_zTRV_RFEWHGC@@YGHE@Z
?VDXDXIPMPoqusL_C@@YGG_N@Z
?M__FLNlcxauLB@@YGPAFKJ@Z
?Kgyiy_i_mb@@YGPADJ@Z
?JjTMY_nu@@YGPAXG_N@Z
?khwietf__p@@YG_NHJ@Z
?aD_Kpmsh_l_@@YGXG@Z
?zwrawRCUTAEymvuF_@@YGPADKPAJ@Z
?OABUMDGT___CAAJ@@YGIPAG@Z
?lp_yHJEpvohT@@YGXIPA_N@Z
?WKMVfoascsis@@YGJGD@Z
?_Jtztawgt_y_hek@@YGFIM@Z
?iTrevqkk@@YGGPA_N@Z
?x_UFHGNHm@@YGHJ@Z
?joiRFLGEBKWKB@@YGPAXEE@Z
?_Ul__nc@@YGGPAK@Z
?___xt_hp_ajw_@@YG_NKPAI@Z
?_HO__ztdRZI@@YGJGPAE@Z
?LGAMKKMJfpaofg_wY@@YGFK@Z
?na_m_uqtwr@@YGNKD@Z
?PCU_N_N_MEIubdnwDL@@YGPAKM@Z
?cxlw_qfnarygag_dw_@@YGHFPAH@Z
?rhuCTVA_@@YGPAKPAH@Z
?_T_Uystl_JI_CRQDd_DE@@YGHGJ@Z
?n_ypg_ZOFURN_WX___DO_S@@YGXPAH@Z
?_fx___xv_zjniMOS_U_Y__@@YGPAKPAH@Z
?H__TMK_Q_PKf_jt_efRRYS@@YGPAFGH@Z
?q_sqJ_KTTDyko__g@@YGNJPAJ@Z
?Z_IKJO_@@YGPAGPAMPAG@Z
?RM_G_YckjjBI__@@YGPAIPAD@Z
?GAZIDmzWnay_@@YGGFPAH@Z
?CYFZN_HONC_VLIETC_R@@YGPAEPAM@Z
?Hj_l_rVyo_BUIYR_MWP_@@YGDGF@Z
?lyc_gcHQ_FTG_P_Jh@@YGPAMPAK@Z
?WCLSOq_b_idkxyt_zo__l@@YGEPAJ@Z
?NE__B_RsYUANT@@YGX_N@Z
?FSX_QWIKW@@YGPANPAFPAD@Z
?wlGICAwppn@@YGPAND@Z
?bywejq___c__ckDW_Q@@YGEPAMF@Z
?_ndbz__U__C@@YGXPAM@Z
?fwlaizhd_d_l_rc_n@@YGPAI_NJ@Z
?th_vvpovsvwkf@@YGKI@Z
?G_OLAR_I___HVzynlQPH_@@YGPAEDI@Z
?eh__amU_BJSatx_za@@YG_NDE@Z
?_XZYSYTCNPIN__LMYF_B_@@YGEDPAG@Z
?ne__y__v_ZlCVBYRKP@@YGPAFPAK@Z
?l__wjgnKR_B_Y_cu__mQ_D@@YGEGPAG@Z
?xd_vuddun_l_cryk_po@@YGXD@Z
?KBJGPAMg_mx_cv@@YGFPAGF@Z
?_ff_mzUJOu_k_OCVZR@@YGJIPAE@Z

Sections

.text
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.export
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ldata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 507B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e11590ba313c6e730cb129956291a295

Headers

File Characteristics

PDB Paths

Imports

ntdll

user32

gdi32

shlwapi

kernel32

comctl32

msvcrt

comdlg32

Exports

Exports

Sections

.text Size: 91KB - Virtual size: 91KB

.idata Size: 10KB - Virtual size: 9KB

.export Size: 13KB - Virtual size: 12KB

.data Size: 37KB - Virtual size: 168KB

.ldata Size: 2KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 507B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 91KB - Virtual size: 91KB

.idata
Size: 10KB - Virtual size: 9KB

.export
Size: 13KB - Virtual size: 12KB

.data
Size: 37KB - Virtual size: 168KB

.ldata
Size: 2KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 507B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB