40ebfe8aa8e20ecd32b042218be16794_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

40ebfe8aa8e20ecd32b042218be16794_JaffaCakes118
Size

123KB
MD5

40ebfe8aa8e20ecd32b042218be16794
SHA1

56cb30ca6e1dde7292b0b4d23ae3c7d78c08bd07
SHA256

bde76f51d0a4e6cebef099a239d7b9d9a3d7dd3d82176b56e1983d1ee6bafe1f
SHA512

677b0fda94c3740f955ceca84ecf3e2e2f8c1ea650d74df9dd2011dc732b2c4007142914de79c92bd6c942e81a52388af551e096fbd385da9e45cdb8db137820
SSDEEP

3072:Hw+PZ05HW4GaSB31khGw2uYxhyjlF1gJdSqqZ73I3UyOv9hl:H72A1MMAr1OdbqZ7YCv9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
40ebfe8aa8e20ecd32b042218be16794_JaffaCakes118

Files

40ebfe8aa8e20ecd32b042218be16794_JaffaCakes118
.dll windows:5 windows x86 arch:x86

dd44708276295b4b7d6b6224b0b32e8d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\wvTfrqczvdAWy\essdxXhyrfaqnzwPmma\rquXUgBqbzroPfdjWZrq\tbUvhbnjhif\mWsQgsnzyCfjzSirK\wvApqSumqlSuNzccBanpLc\rBahdrdGvid\jTiFqkcrCzMNvqd.pdb

Imports

shlwapi

StrChrIW

gdi32

CreateBrushIndirect
GetTextExtentPointA
SetPixel
EndPath
CreateFontIndirectA
GetDeviceCaps
PatBlt
DeleteObject
CreateBitmap
LPtoDP
SetWindowOrgEx
IntersectClipRect

kernel32

FindResourceW
ConnectNamedPipe
GetSystemTimeAsFileTime
ReleaseMutex
EnumResourceNamesW
OpenEventA
GetProcAddress
GetFileInformationByHandle
IsDBCSLeadByteEx
GetModuleHandleW
CreateDirectoryA
FindResourceExW
TlsGetValue
GetComputerNameExA
CreateNamedPipeA
WaitForSingleObject
lstrcpyW

shell32

ord195
ord196

user32

ToUnicodeEx
SetWindowTextW
GetSystemMetrics
SendMessageTimeoutW
GetSysColorBrush
MonitorFromRect
SetUserObjectInformationW
SetMenu
SetWindowTextA
GetClassNameW
IsCharAlphaW
InSendMessage
CreateWindowExA
CharNextExA
GetIconInfo
SetActiveWindow
DrawAnimatedRects
GetLastActivePopup
GetDCEx
PostMessageA
SetRect
InSendMessageEx
DrawIcon
EnumThreadWindows
SystemParametersInfoW
SendMessageW
LoadMenuW
ArrangeIconicWindows

comctl32

ImageList_AddMasked
ImageList_Remove
ImageList_Read
ImageList_GetImageCount
CreatePropertySheetPageW

Exports

Exports

AlphaBlend
?DufiluIOQF67uiofYIFYfUFyf@@YGKEPA_WG@Z

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dd44708276295b4b7d6b6224b0b32e8d

Headers

File Characteristics

PDB Paths

Imports

shlwapi

gdi32

kernel32

shell32

user32

comctl32

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 28KB - Virtual size: 28KB

.mdata Size: 12KB - Virtual size: 11KB

.data Size: 15KB - Virtual size: 154KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 28KB - Virtual size: 28KB

.mdata
Size: 12KB - Virtual size: 11KB

.data
Size: 15KB - Virtual size: 154KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1KB - Virtual size: 1KB