4bf76ae8c542be508c55acb106463341_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4bf76ae8c542be508c55acb106463341_JaffaCakes118
Size

766KB
MD5

4bf76ae8c542be508c55acb106463341
SHA1

fb10172213b64d0dff6b2599458d8100ba3a1dcb
SHA256

7f4758423be663ec3fd1494923df4a609b57d91691f6dcb2a3b5355268f98599
SHA512

06fb9b452fe577292e003ed27660b93e029ab4d92223a9cdc703662121b24562b23483a1fbb9fcab97f62af40ac8ee89a97d56b69c8d9687bb53208c92864106
SSDEEP

12288:gLUD9CL4GLAxMorTsPXCMMdBl+0jxQiFBZ/pjFwHQByYtNBpFbZFidk3lyCDpZ:5D944iA2EiXWlDFT/pWHQ0Yd7adJCFZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bf76ae8c542be508c55acb106463341_JaffaCakes118

Files

4bf76ae8c542be508c55acb106463341_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c35a043152d0640749e1d395fbbbc620

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\oflyaozc\ehttog\lpsgdbs\lzacp.pdb

Imports

user32

GetPriorityClipboardFormat
DefWindowProcW
ShowWindow
SetDebugErrorLevel
CreateWindowExA
CountClipboardFormats
SendNotifyMessageA
DdeSetQualityOfService
DestroyWindow
MessageBoxW
UnregisterDeviceNotification
ReuseDDElParam
DrawStateW
ValidateRgn
GetAltTabInfo
FlashWindow
GetTopWindow
SetWinEventHook
RemoveMenu
CreateWindowStationA
SendMessageA
GetInputState
RegisterClipboardFormatA
EnumDisplayDevicesA
ArrangeIconicWindows
WaitMessage
CreateWindowExW
RegisterWindowMessageA
PostMessageW
ReplyMessage
DdeNameService
InsertMenuItemA
WaitForInputIdle
GetCursorInfo
UpdateWindow
TranslateMessage
DdeDisconnect
DdeAbandonTransaction
GetSysColor
ChangeClipboardChain
SetMenuItemInfoW
SetCaretPos
GetSysColorBrush
IsClipboardFormatAvailable
GetGuiResources
GetCursorPos
CharLowerBuffW
LookupIconIdFromDirectory
AttachThreadInput
DdeConnectList
GetWindowTextLengthW
DdeQueryConvInfo
GetWindowInfo
GetKeyboardLayoutNameW
LookupIconIdFromDirectoryEx
WINNLSEnableIME
RegisterClassA
DrawAnimatedRects
RegisterClassExA
BlockInput
GetDlgItemTextW
SetCursor

gdi32

CreatePolygonRgn
CreateDCA
EnumEnhMetaFile
OffsetWindowOrgEx

comctl32

MakeDragList
ImageList_LoadImage
ImageList_SetBkColor
ImageList_GetIcon
ImageList_Create
ImageList_AddMasked
InitCommonControlsEx
ImageList_DrawIndirect
DrawInsert
CreateStatusWindowW
DrawStatusText
ImageList_Add
CreateMappedBitmap
ImageList_SetIconSize
ImageList_GetBkColor
DrawStatusTextW
CreateToolbarEx
ImageList_EndDrag
ImageList_DrawEx

kernel32

EnumCalendarInfoW
GetProcAddress
IsValidCodePage
LoadLibraryA
GetCurrentThread
WideCharToMultiByte
GetSystemTime
MoveFileA
WriteFile
SetStdHandle
GetMailslotInfo
GetModuleFileNameW
GetEnvironmentStringsW
UnlockFileEx
SystemTimeToTzSpecificLocalTime
GetVersionExA
GetLastError
EnterCriticalSection
CompareStringA
GetDiskFreeSpaceExW
HeapDestroy
LoadModule
OpenMutexA
CreateFileMappingW
WriteProfileSectionW
GetStringTypeA
GetSystemTimeAsFileTime
lstrcpyA
CompareStringW
HeapReAlloc
GetCommandLineA
VirtualProtect
LCMapStringA
WriteProfileStringW
CloseHandle
SetHandleCount
GetCalendarInfoA
TlsSetValue
GetFileType
WriteConsoleInputW
SetFilePointer
GetUserDefaultLCID
GetTempFileNameW
InterlockedDecrement
LoadLibraryExW
GetCurrentThreadId
GetCurrentProcess
SetPriorityClass
SetFileAttributesW
TlsGetValue
DebugActiveProcess
SystemTimeToFileTime
HeapFree
SetLastError
VirtualQuery
FreeEnvironmentStringsA
MapViewOfFileEx
MultiByteToWideChar
GetProfileStringA
GetTimeZoneInformation
GetConsoleTitleA
GetCPInfo
GetOEMCP
DeleteCriticalSection
IsBadWritePtr
WaitForSingleObjectEx
LocalHandle
EnumSystemCodePagesW
GetModuleFileNameA
FlushFileBuffers
HeapAlloc
GetModuleHandleA
ExitProcess
FindFirstFileExW
LCMapStringW
GetStdHandle
GetThreadLocale
OpenWaitableTimerA
CreateFileMappingA
GetLocaleInfoA
EnumSystemLocalesA
VirtualAlloc
RtlMoveMemory
RtlUnwind
GetTimeFormatA
HeapSize
SetConsoleActiveScreenBuffer
EnumResourceTypesW
GetACP
FreeEnvironmentStringsW
QueryPerformanceCounter
InterlockedExchange
GetCurrentProcessId
SetEndOfFile
UnhandledExceptionFilter
GetEnvironmentStrings
GetTempPathA
OpenMutexW
GetExitCodeThread
TlsAlloc
GetSystemInfo
IsValidLocale
GetStringTypeW
TlsFree
HeapLock
FindResourceExA
GetStartupInfoA
GetTickCount
LeaveCriticalSection
GetComputerNameW
EnumDateFormatsW
GetEnvironmentStringsA
GlobalFix
GetDateFormatA
CreateMutexA
WaitNamedPipeA
ReadFile
GetLocaleInfoW
SetEnvironmentVariableA
HeapCreate
TerminateProcess
InitializeCriticalSection
VirtualFree
CopyFileExA

advapi32

AbortSystemShutdownA
RegQueryInfoKeyW
RegEnumValueW
ReportEventA

shell32

DragQueryFileAorW
ExtractAssociatedIconExW
ExtractIconExW
SHGetSpecialFolderPathW
SHBrowseForFolder

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 450KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 138KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c35a043152d0640749e1d395fbbbc620

Headers

File Characteristics

PDB Paths

Imports

user32

gdi32

comctl32

kernel32

advapi32

shell32

Sections

.text Size: 85KB - Virtual size: 84KB

.rdata Size: 450KB - Virtual size: 449KB

.data Size: 138KB - Virtual size: 166KB

.rsrc Size: 91KB - Virtual size: 91KB

.text
Size: 85KB - Virtual size: 84KB

.rdata
Size: 450KB - Virtual size: 449KB

.data
Size: 138KB - Virtual size: 166KB

.rsrc
Size: 91KB - Virtual size: 91KB