3e8ab3078e716eeef386f544222eb24c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3e8ab3078e716eeef386f544222eb24c_JaffaCakes118
Size

149KB
MD5

3e8ab3078e716eeef386f544222eb24c
SHA1

9cd5b4391330645bda9560eec4e4e737551a809b
SHA256

b71c15f68ab96c3dfdeaead8322451c03f15b22fc4ea0155264bfaf1ed4ef6ac
SHA512

9fa42521fb80529a841b11e319e1025cc3e6d0a073c6f45781f86702d41d63a8195b5add08ff1cb6c5d2d04b13d725acad271602d6ffbf065aa26c26fb107556
SSDEEP

3072:BbO0bvknDFy0zu6wr93Xp/M+gzoWe2n+be+txwc:o0SXz49HcoQn+b9tx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e8ab3078e716eeef386f544222eb24c_JaffaCakes118

Files

3e8ab3078e716eeef386f544222eb24c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

c3504941bd4de5780aeaa84a4a9617ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\rlgU\gkvrcg\lehtZ\ewlaUe.pdb

Imports

user32

GetClipCursor
LockWindowUpdate
GetMessageExtraInfo
SetUserObjectInformationW
LoadImageA
CharToOemBuffA
CallWindowProcW
RegisterWindowMessageA
ChildWindowFromPoint
EnableMenuItem
GetNextDlgTabItem
GetKeyNameTextW
CreateIconFromResource
LoadAcceleratorsW
DefWindowProcW
ScreenToClient
IsDialogMessageA
ShowOwnedPopups
DrawIcon
LoadMenuW
IsDlgButtonChecked
LoadStringA
RegisterWindowMessageW
SetWindowTextW
FindWindowW
CheckMenuItem
GetWindow
GrayStringW

kernel32

FindFirstFileA
GetCommTimeouts
RemoveDirectoryW
TlsSetValue
IsDBCSLeadByte
IsDBCSLeadByteEx
GetFileAttributesA
GlobalAlloc
GetFileAttributesExA
lstrcmpiW
lstrcatA
WaitForDebugEvent
FlushFileBuffers
GlobalFindAtomW
TlsFree
LoadLibraryExW

gdi32

CreatePen
SetWindowExtEx
GetTextExtentPointA
BitBlt
SetBitmapDimensionEx
SelectClipRgn
IntersectClipRect
GetTextCharsetInfo
CreateHatchBrush
MoveToEx
GetStockObject
CreateSolidBrush
CreateDIBitmap

ntdll

memset

shlwapi

UrlUnescapeA
UrlGetPartW
StrToIntW

Exports

Exports

?_PZvef__btEalu__rzc_@@YGPAXPAJ@Z
?_JBEYUD@@YGED@Z
?BMLW_Zt_l_@@YGPA_NPAF@Z
?KZBQNBDXK_Px_g@@YGNHPAM@Z
?YSvuqlK__C___A_IYJ@@YGFPAG@Z
?mttlj_e_d_wqpzf@@YGPAMJPAF@Z

Sections

.text
Size: 53KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3504941bd4de5780aeaa84a4a9617ef

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

gdi32

ntdll

shlwapi

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 212KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 33KB - Virtual size: 32KB

.xdata Size: 35KB - Virtual size: 34KB

.rsrc Size: 10KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 53KB - Virtual size: 212KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 33KB - Virtual size: 32KB

.xdata
Size: 35KB - Virtual size: 34KB

.rsrc
Size: 10KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 1KB