3f043523142a18337635e07b8b441359_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f043523142a18337635e07b8b441359_JaffaCakes118
Size

572KB
MD5

3f043523142a18337635e07b8b441359
SHA1

7e104ded4c0b14a31873916da3658f12f881bcee
SHA256

706ae7a03c491003c793109b0b89364e341fc65508785b70b5734bc83208edbc
SHA512

301496f8df7ae62fa49c641017d4c6ba77fcb5b7831d45cb8610338f637f36d7464660fde14eeb1db16d16a250239e5fefbecae93186ad2e89bae2d35b73ceb6
SSDEEP

12288:E4X4Uxa3xorAJsVF7Aat/rfn8ugq7Og/Jz:E4IUxaNJsf7AM/jUAvB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f043523142a18337635e07b8b441359_JaffaCakes118

Files

3f043523142a18337635e07b8b441359_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4b8b5290b2c557a06b1109bb70448c21

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\cwtwhpfcd\ktvioee\ryostecum.pdb

Imports

user32

DrawTextW
EnumDesktopsA
DdeReconnect
LoadIconW
CreateWindowStationW
GetClipboardFormatNameW
SendNotifyMessageW
RegisterClassExA
MessageBoxW
DefWindowProcA
DestroyWindow
MapDialogRect
GetSystemMetrics
ChangeDisplaySettingsExA
PostMessageA
ShowWindow
CreateWindowExA
BringWindowToTop
RegisterClassA
GetWindowWord
EnumDisplayDevicesA
wsprintfA
MessageBoxExA
DdeQueryConvInfo
VkKeyScanExA

comctl32

ImageList_Write
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_AddIcon
CreatePropertySheetPage
ImageList_Draw
InitCommonControlsEx
ImageList_DragShowNolock
CreateToolbar
_TrackMouseEvent
CreateStatusWindowW
ImageList_GetImageInfo
ImageList_SetOverlayImage
ImageList_EndDrag
ImageList_GetFlags
ImageList_GetIconSize
ImageList_Copy
CreateUpDownControl

kernel32

EnumTimeFormatsA
OpenWaitableTimerW
SetHandleCount
HeapCreate
SetLocaleInfoA
HeapAlloc
GetDiskFreeSpaceA
HeapSize
VirtualAlloc
VirtualQuery
LoadLibraryA
RtlUnwind
OpenEventW
GetNamedPipeHandleStateW
GetEnvironmentStrings
GetThreadContext
GetModuleFileNameA
LCMapStringW
CreateSemaphoreW
GetVolumeInformationW
FreeResource
HeapDestroy
SetLastError
TransmitCommChar
FindNextChangeNotification
GetCommandLineA
SetEnvironmentVariableA
GlobalFlags
GetComputerNameA
FreeLibrary
GetStdHandle
SetFilePointer
SetConsoleOutputCP
EnumCalendarInfoExA
FreeEnvironmentStringsW
GetDriveTypeW
LeaveCriticalSection
GetConsoleCP
ReadConsoleInputW
TlsGetValue
GetCPInfo
CloseHandle
GetShortPathNameA
IsBadWritePtr
MoveFileExW
EnterCriticalSection
FindResourceExW
GetSystemDefaultLangID
GetProcAddress
GetCurrentThreadId
TlsAlloc
GetCurrentProcess
GetPrivateProfileStructW
HeapFree
SetThreadIdealProcessor
MultiByteToWideChar
GlobalAddAtomA
GetCurrentProcessId
RaiseException
SetLocaleInfoW
TlsFree
GetLocaleInfoA
GetEnvironmentStringsW
GetLocaleInfoW
FlushFileBuffers
IsValidLocale
SetStdHandle
CreateMutexA
CompareStringA
GetLogicalDrives
GetTimeZoneInformation
WritePrivateProfileSectionA
SetFileAttributesW
GetStartupInfoA
GetStringTypeA
GetFileType
WriteFile
IsValidCodePage
InterlockedExchangeAdd
GetSystemTimeAsFileTime
LocalSize
VirtualLock
VirtualFree
lstrcmpiA
ReadFile
CreateFileA
GetLastError
WideCharToMultiByte
GetOEMCP
OpenFile
OpenMutexA
QueryPerformanceCounter
lstrlenA
GetWindowsDirectoryW
TerminateProcess
LCMapStringA
GetACP
UnhandledExceptionFilter
ExpandEnvironmentStringsW
GetCurrentThread
GetVersionExA
GetDateFormatA
InterlockedExchange
DeleteCriticalSection
HeapReAlloc
GlobalGetAtomNameW
lstrcpyA
GetConsoleOutputCP
EnumSystemLocalesA
GetLongPathNameA
GetTimeFormatA
SuspendThread
LockFileEx
CompareStringW
GetSystemInfo
GetTickCount
SetThreadAffinityMask
ExitProcess
TlsSetValue
GetStringTypeW
GetSystemDirectoryA
VirtualProtect
GetFileAttributesA
InitializeCriticalSection
GetModuleHandleA
SetCurrentDirectoryA
GlobalUnfix
GetUserDefaultLCID
WritePrivateProfileStructW
GetNamedPipeHandleStateA
FreeEnvironmentStringsA

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b8b5290b2c557a06b1109bb70448c21

Headers

File Characteristics

PDB Paths

Imports

user32

comctl32

kernel32

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 260KB - Virtual size: 257KB

.data Size: 100KB - Virtual size: 130KB

.rsrc Size: 120KB - Virtual size: 119KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 260KB - Virtual size: 257KB

.data
Size: 100KB - Virtual size: 130KB

.rsrc
Size: 120KB - Virtual size: 119KB