461619063871d49f3a62be89f8b79a61_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

461619063871d49f3a62be89f8b79a61_JaffaCakes118
Size

78KB
MD5

461619063871d49f3a62be89f8b79a61
SHA1

f0f2e55875c6a747951165f59a6d98883ee6a946
SHA256

71e700d48573c5839f6d00a54288737ef7f7f1dce21dce67471a79111b6132c2
SHA512

c44bd38d294559f6101c60904ca167157f33f909a21b6a22d876c344ca41b8b8628025a8fc5b522cf88466ae9b893da729e14cf3f6b4ab89f771426d0ecc4b10
SSDEEP

1536:GDnJhql7QhcYUtczzWiP2Bdt4VVQeUmOsJsiZND:MnJhsoUqziiWYb3U0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
461619063871d49f3a62be89f8b79a61_JaffaCakes118

Files

461619063871d49f3a62be89f8b79a61_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2febd74ca95380ceee26267cf9ccbe42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\SzMusBaR\ChpQUwu\bveBLsbqSu\RjfnWexyvAS.pdb

Imports

user32

FindWindowA
MoveWindow
GetMessageExtraInfo
DrawAnimatedRects
CheckMenuRadioItem
LoadBitmapA
OemToCharBuffA
CreatePopupMenu
DrawIconEx
SetFocus
VkKeyScanA
SendMessageTimeoutA
TileWindows
PostMessageA
CheckMenuItem
RegisterWindowMessageW
ReplyMessage
GetAsyncKeyState
LoadBitmapW
SetMenuItemBitmaps
EndDialog
GetDCEx
DefFrameProcA
DestroyWindow
SetWindowTextW
BeginPaint
SetWindowRgn
SetClassLongW
wsprintfA

msvcrt

exit

gdi32

GetTextExtentPointW
CreateCompatibleBitmap
LineTo
AddFontResourceW
CreateFontA
TranslateCharsetInfo
GetDeviceCaps
CreateDiscardableBitmap
GetDIBits
RectVisible
OffsetViewportOrgEx
CreatePalette
SetBitmapDimensionEx
GetTextExtentPointA

shlwapi

PathRelativePathToA

comctl32

ImageList_Remove
ImageList_Read
DestroyPropertySheetPage

kernel32

lstrlenW
lstrcmpiW
GetShortPathNameA
QueryDosDeviceW
CreateSemaphoreW
GetCommandLineA
FoldStringW
GetNumberFormatA
GlobalUnlock
SetFileAttributesA
lstrcpyA
FlushFileBuffers
GetFileAttributesExW
CreateFileMappingA
WaitForSingleObjectEx
HeapWalk

ntdll

strcspn
memset

comdlg32

GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW
GetSaveFileNameA

Exports

Exports

?_qYNTAN_YVFFGTfv__s@@YGJ_ND@Z
?pk___yt_CBLU@@YGXPAE@Z
?cDW__ww_@@YGKPAD@Z
?W__K_Gphyjamv@@YGPAHIPAG@Z
?wbuspWSSB_AbrlzgVV@@YGGPAE@Z
?_RAIKWnzyxxj_g__@@YGPAIPAH@Z
?V_R___ZFXZV@@YGJN@Z
?AEYAU_taili_rtcrff@@YGPAJDD@Z
?w_hwubzajop_diYMJXwmo_@@YGDPAD@Z
?__ja_cuLnmx@@YG_NJ@Z
?_trNKE_WMYCBXBawYH_ij@@YGEN@Z
?qq_jmMPCu@@YGGPAM@Z
?_slxrWL_S@@YGMPAJPAH@Z
?nU__BQVU_sqx@@YGPANPAFPAE@Z
?_lwv_zfqvlvmH_U_LFGzo@@YGDPA_N@Z
?VUOE__HCWOHH_@@YGXFPAM@Z
?aob_fupWNKmwwyhzErslIL@@YGJD@Z
?NVHVMkow_PQXNRL_@@YGKFF@Z
?V_B_UYz@@YGHDPAG@Z
?_FCI_FYI@@YGPAMDG@Z
?W_ZTUYITXA_OLP_GFO@@YGIPAJI@Z
?LKBM_awlk_tdx__lz@@YGPAGGPAM@Z
?if_zxlpkVD_SNSVni@@YGNI@Z
?VF_XDniew_qslmB@@YGKIPAE@Z
?Q_Ww_zt_flzfk@@YGDF@Z
?_yprzIQZRvr__jegugaZ@@YGEFH@Z
?QVFAYS_TBG_I_@@YGIJ@Z
?_wyrYRJRkimg@@YGFDPAD@Z
?Tbt_jg_g@@YG_NPAM@Z
?QxvxsesefAz@@YGNKF@Z
?unr_EHNSV__Ohsb@@YGJPA_NE@Z
?Z_GT_SUehcgk_k@@YGPAXD@Z
?ZHCZ_DNRFMQKXH___pzyt@@YGNPAI@Z
?qaXQSV_@@YGFJ@Z
?ZOYBApIM_FEg_lt_ATY@@YGPAHPAMJ@Z
?s_wrypcHRpn_z@@YGPAHPAFH@Z
?_QDZPJ_CO@@YGFPAE_N@Z
?b_UZ__Vh@@YGPAMI@Z
?xEIhkmXO@@YGMPANJ@Z
?izxahBNSPWIWE___A@@YGIJ@Z
?_TS_NDBV_BAY@@YGNNJ@Z
?ddoWUx_xe_ib@@YGFK@Z
?NFD__EC_PTPCD_I_U_@@YGIPAF@Z
?LLF_ZaaafgOOSJF__@@YGDPAGJ@Z
?bdpooQILVZSNYqsX@@YGXM@Z
?NPb_wb_uF_H_ZQ@@YGHI@Z
?jOAfnpfoto@@YGIE@Z
?KGZAZUCABdn@@YGIG@Z
?BQ_RAW__Mo@@YGPA_NHE@Z
?ATF__fuqww_a_zgbhlr@@YGPA_NPAJ@Z
?OYYP__HD_VVZJGSP@@YGPAHIN@Z
?NGANHMCQPxi_ywmp_@@YGMG@Z
?WXHHOfAR@@YGHDPAN@Z
?XNSSWXRQ@@YGHJ@Z
?hvsuTOHH_EBO_E_X_SLU@@YGIJ@Z
?V_R_PEU_DN@@YGMH@Z
?msonqrFGFFbtjVDQ_OAq@@YGGIPA_N@Z
?U_BA_PK@@YGKIPAH@Z
?FG_FWVOU__ZQ@@YGPA_NPAGPA_N@Z
?beLSB_RYa_qrx@@YGXMH@Z
?n_ld_e_NJY_Q_@@YGPAXK@Z
?P_C_WA___NWUO_TY@@YGPAEF@Z
?z_gcACFJ____CrHbaAF__F@@YGPADPAE@Z
?__OE_Mr_tUMNJYNVH_B_U@@YGDGI@Z
?__Q_L__HHP__OFFLx@@YGNE@Z
?ri_auTAN@@YGXEPAI@Z

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.export
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ldata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 527B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2febd74ca95380ceee26267cf9ccbe42

Headers

File Characteristics

PDB Paths

Imports

user32

msvcrt

gdi32

shlwapi

comctl32

kernel32

ntdll

comdlg32

Exports

Exports

Sections

.text Size: 49KB - Virtual size: 48KB

.idata Size: 3KB - Virtual size: 2KB

.export Size: 13KB - Virtual size: 12KB

.data Size: 6KB - Virtual size: 37KB

.ldata Size: 1KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 527B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 49KB - Virtual size: 48KB

.idata
Size: 3KB - Virtual size: 2KB

.export
Size: 13KB - Virtual size: 12KB

.data
Size: 6KB - Virtual size: 37KB

.ldata
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 527B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB