44c6ffdafdf9aa42a423e34cc91440f9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

44c6ffdafdf9aa42a423e34cc91440f9_JaffaCakes118
Size

476KB
MD5

44c6ffdafdf9aa42a423e34cc91440f9
SHA1

1f21c5aa142c4496827de45205b2066b28c300c2
SHA256

47d49f99e497c93ebeb61c509dc689f62560bb418beda84626425a066bb1463b
SHA512

fab2bdeaac5a4b51a3bd49aae0274499436b2eef6e141a9d7269fbc4448f47323cf3442be9681a6e21a41a52b06e8c88e38359d04d866a5792517682c4759fd2
SSDEEP

6144:hfYZo8M9Dsy8zmuvSK64AuYOFqt0V13r7AlkTi9n8JazKGec+yet706eIc4aE:hfYZo8M9wy8iu33ku1brKwqE7A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
44c6ffdafdf9aa42a423e34cc91440f9_JaffaCakes118

Files

44c6ffdafdf9aa42a423e34cc91440f9_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5ec4fe54b3a561073a118d69e141f668

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

n:\ntjs\yrnxetob.pdb

Imports

user32

CreateWindowExW
RegisterClassA
MessageBoxA
GetWindowThreadProcessId
DefWindowProcA
GetWindowWord
CharLowerBuffA
InsertMenuItemA
MonitorFromRect
RegisterClassExA
TrackMouseEvent
DdeFreeDataHandle
CopyAcceleratorTableW
ShowWindow
SetParent
SetShellWindow
CharUpperW
DestroyWindow
VkKeyScanA
GetWindowTextLengthW
CheckMenuItem
SetWindowLongA
SendMessageTimeoutW

kernel32

SetLastError
GetEnvironmentStringsW
SetConsoleOutputCP
WritePrivateProfileStringA
lstrcmpiW
EnumCalendarInfoA
FileTimeToDosDateTime
TlsSetValue
FindFirstFileExA
GetLocaleInfoA
GetPrivateProfileSectionW
FindResourceExW
IsValidLocale
GetTimeZoneInformation
GetStringTypeA
GetSystemTime
SetConsoleTitleA
LocalReAlloc
GetCPInfo
GlobalFlags
GlobalFree
GetVersionExA
MultiByteToWideChar
GetPrivateProfileSectionNamesW
LocalFree
GetWindowsDirectoryA
EnumCalendarInfoExW
GetStartupInfoA
GetModuleHandleA
HeapValidate
WritePrivateProfileStructW
EnumSystemLocalesA
WriteConsoleOutputCharacterA
CompareStringW
LockFile
lstrcpynW
SetConsoleCP
CreateMutexW
GetDateFormatA
GetDriveTypeW
SetHandleCount
VirtualAlloc
CreateMailslotA
SetConsoleActiveScreenBuffer
GetStdHandle
CompareStringA
VirtualFree
GetCurrentThread
GetCurrentThreadId
EnumSystemCodePagesA
TerminateProcess
GetOEMCP
FreeEnvironmentStringsA
HeapSize
SetEnvironmentVariableA
TlsGetValue
LCMapStringA
GetStringTypeExW
GetCurrentProcess
GetCommandLineA
CloseHandle
HeapReAlloc
GetProcAddress
LockFileEx
GetCurrentProcessId
IsBadWritePtr
GetTickCount
GetProfileSectionA
GetLogicalDriveStringsW
GetFileAttributesExA
DeleteFileA
GetProfileSectionW
InitializeCriticalSection
GetUserDefaultLCID
GetPrivateProfileStringW
DosDateTimeToFileTime
GetLocaleInfoW
GetConsoleTitleA
CreateMutexA
GetFileType
GetCurrencyFormatW
GetCurrentDirectoryA
VirtualProtect
GetModuleFileNameA
GetSystemInfo
DeleteCriticalSection
LoadResource
WaitNamedPipeW
FreeEnvironmentStringsW
GetStartupInfoW
UnlockFileEx
LoadLibraryA
TlsFree
GetLastError
MoveFileExA
GetCommandLineW
GetThreadContext
SetFilePointer
SetConsoleCursorPosition
SetThreadContext
GlobalAddAtomW
InterlockedExchange
OpenMutexA
HeapAlloc
VirtualQuery
GetCalendarInfoW
QueryPerformanceCounter
GetProcessHeaps
GetShortPathNameA
CreateDirectoryExW
GetThreadTimes
UnhandledExceptionFilter
EnumResourceTypesA
GlobalDeleteAtom
ReadFile
TlsAlloc
EnumDateFormatsExW
ExitThread
InitializeCriticalSectionAndSpinCount
GetModuleFileNameW
GetTimeFormatA
FreeResource
EnterCriticalSection
LCMapStringW
GetACP
HeapFree
FlushFileBuffers
GetEnvironmentStrings
IsValidCodePage
WriteFile
WriteProfileSectionW
GetStringTypeW
WriteConsoleInputW
HeapCreate
HeapDestroy
GetCompressedFileSizeW
SetStdHandle
WideCharToMultiByte
FlushViewOfFile
ExitProcess
RtlUnwind
CreateProcessW
GetSystemTimeAsFileTime
LeaveCriticalSection

comctl32

ImageList_DragShowNolock
DestroyPropertySheetPage
ImageList_AddMasked
DrawInsert
InitCommonControlsEx
ImageList_DragEnter
ImageList_LoadImageW
ImageList_GetDragImage
ImageList_GetImageRect
ImageList_Draw
ImageList_SetFlags

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ec4fe54b3a561073a118d69e141f668

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 256KB - Virtual size: 253KB

.data Size: 108KB - Virtual size: 133KB

.rsrc Size: 20KB - Virtual size: 17KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 256KB - Virtual size: 253KB

.data
Size: 108KB - Virtual size: 133KB

.rsrc
Size: 20KB - Virtual size: 17KB