4148fe9c523cd50e3dff408be0102ca6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4148fe9c523cd50e3dff408be0102ca6_JaffaCakes118
Size

523KB
MD5

4148fe9c523cd50e3dff408be0102ca6
SHA1

e6d5f9a2eb8310e825103d4cd10a99d1da7d9872
SHA256

6891d0f5d56d67437268251650a91ab2005cafc369e89eaaed75b2dd6063fd3e
SHA512

3ebaa24713caf5ff855fe20ef5283169818435203eeaf2354a38190d10fc46f32ad5641cf3728ffe3ee028b5d4caf880f046c6ac5819cbb0498491e234f07be1
SSDEEP

12288:BrHx23RBZzEjArRanRvv6GwExZVJN/oq3WcwrH:BrHD4aRvv6GwUbdBA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4148fe9c523cd50e3dff408be0102ca6_JaffaCakes118

Files

4148fe9c523cd50e3dff408be0102ca6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

547c255a3d748179ae766b4db8dd50f6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\RHEEJG\MEIJFYJSKZ\YIYEBTFW.PDB

Imports

user32

RegisterClassExA
ShowOwnedPopups
RegisterClassA
MessageBoxW
SetWindowsHookExW
ShowWindow
CreateWindowExA
EnableMenuItem

kernel32

Sleep
TlsGetValue
CompareStringW
IsDebuggerPresent
VirtualQuery
GetModuleHandleA
GetCommandLineA
GetEnvironmentStrings
HeapReAlloc
GetConsoleMode
GetStringTypeA
GetSystemTimeAsFileTime
TlsAlloc
TlsSetValue
SetConsoleCtrlHandler
FreeEnvironmentStringsA
GetDateFormatW
LCMapStringA
FlushFileBuffers
WideCharToMultiByte
GetACP
GetStringTypeW
HeapCreate
WriteConsoleW
GetDateFormatA
SetEnvironmentVariableA
SuspendThread
DeleteCriticalSection
ReadFile
FreeLibrary
GetCurrentThreadId
VirtualAlloc
HeapSize
OpenMutexA
LoadLibraryA
GetWindowsDirectoryW
SetStdHandle
ExpandEnvironmentStringsA
GetPrivateProfileStringW
GetConsoleOutputCP
RtlUnwind
GetCPInfo
HeapAlloc
GetLocaleInfoW
GetTimeFormatA
GetTimeZoneInformation
CreateMutexA
GetEnvironmentStringsW
SetFilePointer
ExitProcess
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
GetCurrentThread
GetUserDefaultLCID
QueryPerformanceCounter
GetVersionExA
LCMapStringW
IsValidLocale
CloseHandle
InterlockedIncrement
MultiByteToWideChar
GetFileType
GetConsoleCP
GetTickCount
EnumSystemLocalesA
SetLastError
UnhandledExceptionFilter
DeleteAtom
IsValidCodePage
GetStdHandle
RtlZeroMemory
FreeEnvironmentStringsW
WriteFile
GetCurrentProcessId
InterlockedExchange
VirtualFree
lstrcmpiW
InterlockedDecrement
GetNumberFormatW
GetLocaleInfoA
GetProcessHeap
HeapDestroy
CompareStringA
GetModuleFileNameA
CreateFileA
GetLastError
GetProcAddress
GetOEMCP
HeapValidate
EnterCriticalSection
SetUnhandledExceptionFilter
HeapFree
TlsFree
SetHandleCount
InitializeCriticalSection
GetStartupInfoA
WriteConsoleA

comdlg32

ChooseFontW
ChooseColorA
PageSetupDlgA

shell32

ShellExecuteA
DragQueryFileA
SHUpdateRecycleBinIcon
ShellExecuteW
SHQueryRecycleBinW

comctl32

InitCommonControlsEx

wininet

FindFirstUrlCacheContainerW
InternetSetDialState
InternetGetConnectedStateEx
IncrementUrlCacheHeaderData
GetUrlCacheHeaderData
InternetShowSecurityInfoByURLW

Sections

.text
Size: 329KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

547c255a3d748179ae766b4db8dd50f6

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comdlg32

shell32

comctl32

wininet

Sections

.text Size: 329KB - Virtual size: 329KB

.rdata Size: 60KB - Virtual size: 88KB

.data Size: 116KB - Virtual size: 115KB

.rsrc Size: 16KB - Virtual size: 16KB

.text
Size: 329KB - Virtual size: 329KB

.rdata
Size: 60KB - Virtual size: 88KB

.data
Size: 116KB - Virtual size: 115KB

.rsrc
Size: 16KB - Virtual size: 16KB