40e8b34abae84c141380aaaca17462db_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40e8b34abae84c141380aaaca17462db_JaffaCakes118
Size

55KB
MD5

40e8b34abae84c141380aaaca17462db
SHA1

ed7b8dcdbdcf90075cab19bd58d06baa4df0ff11
SHA256

172e3e2058caab7b117b964d70c33b1f6eb084e9af36e125b8533340e624dcde
SHA512

e1d5408730286b0cb69afa000cb9110fa2ee9d860c3a7d8884794096d471c15fc7ad1f1176c13f8bd8ea4991e67f7e86d78eea5c435ecfcc0076e33849598eb0
SSDEEP

768:PcS5YOgm6mxFJuhSa/ZjP7NPG7fIpe6iV/ddFtRBO9DOEwXHC0MbRmi7mxF:PlgPkJDa/Zj7N+rIpevLrOh+HrpdL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40e8b34abae84c141380aaaca17462db_JaffaCakes118

Files

40e8b34abae84c141380aaaca17462db_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e9d9d0a95b53b3f93f56704e7ba5fcc0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

crypt32

CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext

comdlg32

ReplaceTextW
FindTextW
GetSaveFileNameA

user32

GetFocus
LoadRemoteFonts
MoveWindow
IsIconic
ValidateRect
GetDC
SetRectEmpty
LoadImageW
TranslateMessage
TranslateAcceleratorA
DispatchMessageA
GetWindowRect
ShowWindow
GetCaretPos
IsWindowVisible
MBToWCSEx
IsWindowEnabled
GetSysColor
GetMessageW
BeginPaint
RedrawWindow
SetWindowPos
UnregisterDeviceNotification
PostMessageA
GetClientRect
DestroyWindow
TrackPopupMenuEx
MsgWaitForMultipleObjects
DispatchMessageW
EndPaint
GetClipboardFormatNameA
GetScrollPos
DrawMenuBar
CloseWindow
IsCharAlphaW

comctl32

PropertySheetW
ImageList_GetImageCount
ImageList_Write

gdi32

SelectPalette
CreateBrushIndirect
DrawEscape
GetBkMode
UpdateColors
StartPage
GetEnhMetaFileHeader
GetObjectA
CreateEllipticRgnIndirect
CreateSolidBrush
DeleteDC
CreatePen
SetBkColor

advapi32

SetServiceStatus
LsaAddAccountRights
ReadEncryptedFileRaw
CryptCreateHash
SetSecurityDescriptorGroup

kernel32

GlobalGetAtomNameW
DuplicateHandle
GlobalAddAtomW
OutputDebugStringA
TlsAlloc
GetThreadContext
GlobalFindAtomW
CreateWaitableTimerW
lstrcpyA
MoveFileW
lstrcatA
OpenEventA
GetTickCount
WaitForSingleObject
SystemTimeToFileTime
SizeofResource
SuspendThread
FreeResource
GetModuleHandleA
HeapAlloc
TlsSetValue
LocalSize
InterlockedExchange
InitAtomTable
GetProcessVersion
UnmapViewOfFile
SetSystemTimeAdjustment
GetACP
HeapValidate
TlsGetValue
TlsFree
WaitForDebugEvent
HeapFree
WriteConsoleOutputCharacterA
GetTapePosition
SetConsoleCP
OpenEventW
GetCommandLineA
LoadLibraryA
DosDateTimeToFileTime
CreateThread
GetOverlappedResult
ReadConsoleOutputCharacterA

msvcrt

memset
_vsnprintf
wcstod
atoi
fputc
wcstol
tolower
isalpha
ctime
exit

Exports

Exports

EnvTdgIlpivtken@16
YhiVgcsmQbpldra@16
_AddMessageToQueue@8
LiaJplmeIetdEkeh@16
KvrTyfawgyfu@4
_RemoveMessageFromQueue@12
IhjMegayclhtmluw@4

Sections

.code
Size: - Virtual size: 279KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9d9d0a95b53b3f93f56704e7ba5fcc0

Headers

File Characteristics

Imports

crypt32

comdlg32

user32

comctl32

gdi32

advapi32

kernel32

msvcrt

Exports

Exports

Sections

.code Size: - Virtual size: 279KB

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 250KB - Virtual size: 250KB

.reloc Size: 1024B - Virtual size: 672B

.code
Size: - Virtual size: 279KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 250KB - Virtual size: 250KB

.reloc
Size: 1024B - Virtual size: 672B