3f3c82e115c86b2a66170e7ff4be5b45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3f3c82e115c86b2a66170e7ff4be5b45_JaffaCakes118
Size

732KB
MD5

3f3c82e115c86b2a66170e7ff4be5b45
SHA1

0510c1549da40db443af069c686b349631787a62
SHA256

40f161f2c4dea7b8b23e0824f819e4efaaf70179d2dd8aa7bfa4e079fbc3667a
SHA512

67efc700b7ef411d29d5be9cbf4749a71d755a98a8d3b65f0e3801358ca999ece2855ed5c02523f2533581eb970a78797d3030461870cd7d2b97a206fb75202a
SSDEEP

12288:l7w++bHeZl2QYbh0sXQ7UwK5Ma09jlb2J+XRLk3TVsEgWwCRia:dw+tZhYbhtXQ79YJSLkje1pa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3f3c82e115c86b2a66170e7ff4be5b45_JaffaCakes118

Files

3f3c82e115c86b2a66170e7ff4be5b45_JaffaCakes118
.exe windows:4 windows x86 arch:x86

227b426f9e33dcac3c271aa8a23f96f9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\xemeiaal\sel\gkdpu\xfaqkmeb.pdb

Imports

user32

DrawCaption
GetWindowLongA
ShowWindow
WINNLSGetIMEHotkey
RegisterClassA
GetCursorPos
DlgDirSelectExW
SetCapture
GetGUIThreadInfo
GetDlgItemInt
InSendMessage
ChildWindowFromPointEx
LoadKeyboardLayoutA
TileWindows
GetKeyboardLayout
GetScrollPos
AnyPopup
CreateWindowExA
ReuseDDElParam
EnumChildWindows
SwitchDesktop
GetCursor
CascadeChildWindows
InflateRect
LoadIconA
CharLowerBuffW
ChangeMenuA
GetTabbedTextExtentA
DrawMenuBar
EnableScrollBar
CreateMDIWindowA
DefWindowProcA
ScrollWindowEx
DrawTextExA
ToUnicode
RegisterClassExA
SetSystemCursor
ScreenToClient
GetWindowTextLengthA
MessageBoxA
CharNextW
RegisterDeviceNotificationW
GetClassLongA
GetDlgCtrlID
GetWindowTextA
SetCaretBlinkTime
IsMenu
CountClipboardFormats
GetCaretBlinkTime
SetParent
DestroyWindow
CallMsgFilter
UpdateWindow
WaitForInputIdle

advapi32

CryptDuplicateKey
CryptSignHashA
CryptGenKey
ReportEventA
CryptDestroyKey
LookupPrivilegeValueA
CryptGetProvParam
CryptSetProvParam
CryptAcquireContextW
LookupAccountSidW
InitiateSystemShutdownA

comctl32

CreateToolbar
DrawInsert
InitCommonControlsEx
DrawStatusTextA
ImageList_Draw
ImageList_GetDragImage
ImageList_SetFlags

kernel32

WideCharToMultiByte
GetCurrentThreadId
SetConsoleCtrlHandler
SetEnvironmentVariableA
DeleteCriticalSection
FreeEnvironmentStringsW
GetModuleFileNameA
GetLocalTime
HeapDestroy
InterlockedIncrement
lstrcmpW
GetCalendarInfoA
LCMapStringA
SetVolumeLabelA
SetFilePointer
LocalLock
GetTimeZoneInformation
WriteFile
GetEnvironmentStringsW
SetConsoleActiveScreenBuffer
GetCommandLineW
HeapFree
SetConsoleMode
lstrlen
GetPrivateProfileSectionNamesA
FlushFileBuffers
GetOEMCP
LeaveCriticalSection
CompareStringW
GetStartupInfoW
TlsFree
GetCurrentThread
GetTickCount
TerminateProcess
InitializeCriticalSection
IsValidCodePage
QueryPerformanceCounter
lstrcmpiA
VirtualFreeEx
SetThreadPriority
GetPrivateProfileSectionA
FindAtomW
ReadConsoleA
WritePrivateProfileStructW
GetEnvironmentStrings
FindNextChangeNotification
SetLastError
InterlockedDecrement
RtlMoveMemory
InterlockedExchangeAdd
TlsGetValue
TlsAlloc
UnhandledExceptionFilter
IsBadReadPtr
GetLastError
GetStringTypeW
GetModuleFileNameW
VirtualAlloc
TransmitCommChar
GetDateFormatA
GetSystemTime
GetStdHandle
SetHandleCount
GetFileType
EnumResourceTypesA
LoadLibraryA
HeapAlloc
InitializeCriticalSectionAndSpinCount
HeapCreate
RtlFillMemory
CreateMutexA
SetStdHandle
MoveFileExA
GetStringTypeA
RtlUnwind
WritePrivateProfileSectionW
EnumSystemCodePagesW
HeapReAlloc
VirtualFree
GetProcessHeap
SetSystemTime
LCMapStringW
IsBadWritePtr
GetVersion
CreateMailslotA
WritePrivateProfileStructA
TlsSetValue
GetProcAddress
WaitNamedPipeA
GlobalSize
GetThreadLocale
LockResource
GetCurrentProcessId
GetStartupInfoA
CompareStringA
EnterCriticalSection
FreeEnvironmentStringsA
CreateToolhelp32Snapshot
IsValidLocale
VirtualQuery
ExitProcess
GetCurrentDirectoryA
GetCurrentProcess
InterlockedExchange
MultiByteToWideChar
CloseHandle
ConnectNamedPipe
GetCPInfo
OpenMutexA
ReadFile
GetSystemTimeAsFileTime
GetModuleHandleA
GetCommandLineA
GlobalGetAtomNameW

wininet

InternetShowSecurityInfoByURLW
SetUrlCacheEntryGroup
InternetQueryDataAvailable
FindNextUrlCacheEntryA

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 453KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

227b426f9e33dcac3c271aa8a23f96f9

Headers

File Characteristics

PDB Paths

Imports

user32

advapi32

comctl32

kernel32

wininet

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 456KB - Virtual size: 453KB

.data Size: 136KB - Virtual size: 140KB

.rsrc Size: 60KB - Virtual size: 56KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 456KB - Virtual size: 453KB

.data
Size: 136KB - Virtual size: 140KB

.rsrc
Size: 60KB - Virtual size: 56KB