3ee59faf5ab62c8ccd03460719d9dd9a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3ee59faf5ab62c8ccd03460719d9dd9a_JaffaCakes118
Size

360KB
MD5

3ee59faf5ab62c8ccd03460719d9dd9a
SHA1

34d2d587b33b5513f9a6961939b565e5e8ddc9aa
SHA256

9bf92ec2b9488b106f206650a020144d5eb361cdcc96515f684dfb79980671f6
SHA512

db954c02a1b4bb59f9df4950137bd7df33aecb5eff6652c74d7c5cd3a6904e597f017e073636253e496f367022d51a5eb5e84b2175ee7864950ddd9e83b75b48
SSDEEP

6144:V3mua9vJQ+q5vAe9DOxIKiXTwvhX56mh3I0pYsl8OjQmGqEBqHOt47I8AWQMjz2G:JulJQBUxILXQJ5683NprUmGqEBqHOt4V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3ee59faf5ab62c8ccd03460719d9dd9a_JaffaCakes118

Files

3ee59faf5ab62c8ccd03460719d9dd9a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

42d573f50e3fc5be8e22f46421d7a5b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\koofu\hefue.pdb

Imports

user32

RegisterClassExA
InternalGetWindowText
TranslateMDISysAccel
CharPrevW
SendIMEMessageExA
DestroyWindow
CreateWindowExW
RegisterClassA
EnumPropsA
DefWindowProcA
MessageBoxW
LoadIconW
ImpersonateDdeClientWindow
MonitorFromPoint
CharUpperW
ShowWindow
DdeNameService
GetClassNameW

advapi32

CryptDecrypt
AbortSystemShutdownA
GetUserNameA
RegQueryValueA
CryptHashSessionKey
CryptSignHashW

kernel32

CloseHandle
GetModuleHandleA
LoadLibraryA
WideCharToMultiByte
MultiByteToWideChar
EnumResourceNamesW
HeapCreate
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
GetLocalTime
GetEnvironmentVariableA
SetHandleCount
GetSystemDefaultLangID
RtlUnwind
ExitProcess
TerminateProcess
VirtualFree
GetCurrentProcess
GetEnvironmentStringsW
HeapDestroy
GetStringTypeA
CompareStringA
GetModuleFileNameA
HeapReAlloc
GetStartupInfoA
ReadFile
FreeEnvironmentStringsW
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetVersionExW
HeapAlloc
GetConsoleTitleA
SetStdHandle
GetOEMCP
LCMapStringW
GetEnvironmentStrings
IsBadWritePtr
GetVersion
CompareStringW
GetStdHandle
WriteFile
SetLastError
TlsFree
CompareFileTime
LCMapStringA
TlsGetValue
GetVersionExA
GetCurrentThreadId
CreateMutexA
OpenMutexA
GetTimeZoneInformation
GetModuleHandleW
GlobalFindAtomA
FreeResource
VirtualAlloc
VirtualQuery
GetSystemTimeAsFileTime
GetLocaleInfoW
GetLastError
WriteConsoleOutputA
QueryPerformanceCounter
FreeEnvironmentStringsA
SetEnvironmentVariableA
SetTimeZoneInformation
GetStringTypeW
GetSystemTime
CreateDirectoryW
TlsAlloc
FlushFileBuffers
GetLogicalDriveStringsW
SetFilePointer
GetCurrentThread
GetCommandLineA
GetACP
lstrcpynW
Sleep
LeaveCriticalSection
GetProcAddress
UnhandledExceptionFilter
GetTickCount
GetCurrencyFormatW
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
DeleteCriticalSection
TlsSetValue
HeapFree
WaitForSingleObject
GetFileType

comctl32

InitCommonControlsEx
CreatePropertySheetPageA

shell32

SHGetFileInfo
SHFileOperation
DragQueryFileW

wininet

InternetTimeToSystemTimeW
HttpOpenRequestA
InternetDial
FtpSetCurrentDirectoryA

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

42d573f50e3fc5be8e22f46421d7a5b5

Headers

File Characteristics

PDB Paths

Imports

user32

advapi32

kernel32

comctl32

shell32

wininet

Sections

.text Size: 113KB - Virtual size: 113KB

.rdata Size: 55KB - Virtual size: 83KB

.data Size: 89KB - Virtual size: 88KB

.rsrc Size: 102KB - Virtual size: 101KB

.text
Size: 113KB - Virtual size: 113KB

.rdata
Size: 55KB - Virtual size: 83KB

.data
Size: 89KB - Virtual size: 88KB

.rsrc
Size: 102KB - Virtual size: 101KB