476a63a0672c7c8de1c790e659fabdf5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

476a63a0672c7c8de1c790e659fabdf5_JaffaCakes118
Size

336KB
MD5

476a63a0672c7c8de1c790e659fabdf5
SHA1

2dcbb8840c3d238a3c0a21ff6f5826c5f9771bae
SHA256

9776455f79281b13868196a49221a39417404243eeff0680e4b43610b2335829
SHA512

098f56dacdd2be28952ee70897c9fa7015aa18052b21c2042a8277617d3e3c63fd0595407350756c211efdc631a2c48a2820f61116d2b1c80b5368d9b7a14416
SSDEEP

6144:6BCy95uhZ6Ln7x7+D/B2+EIp1s33UoQESfzyPTjH2EuP0Q8OnH2:SCyahcB+IH3RQESfzyf230Q8On

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
476a63a0672c7c8de1c790e659fabdf5_JaffaCakes118

Files

476a63a0672c7c8de1c790e659fabdf5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

59a17ca7eeaa9539096426e3d74c08d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\yegvnol\okzkujzsni.pdb

Imports

user32

GetAncestor
CallMsgFilterA
CreateWindowStationA
ShowWindowAsync
GetInputDesktop
IsRectEmpty
CreateWindowExA
GetMenuItemInfoW
GetWindowInfo
GetCaretPos
RegisterClassA
MessageBoxIndirectW
ClipCursor
PostMessageA
SwitchDesktop
DestroyWindow
DrawTextExW
LoadAcceleratorsA
CharToOemBuffW
DrawAnimatedRects
GetLastActivePopup
RedrawWindow
RegisterClassExA
GetProcessDefaultLayout
InsertMenuA
GetClassNameA
CreateMenu
ChangeDisplaySettingsW
DefWindowProcA
AppendMenuW
RemovePropW
GetClipboardSequenceNumber
IsCharUpperW
CopyRect
MessageBoxW
DispatchMessageW
GetMenu
GetTopWindow
ShowWindow

comctl32

ImageList_Destroy
ImageList_GetImageInfo
ImageList_DragShowNolock
ImageList_Copy
_TrackMouseEvent
ImageList_Create
ImageList_Merge
CreateToolbar
ImageList_LoadImageA
CreateStatusWindowW
ImageList_DrawIndirect
InitCommonControlsEx
ImageList_DragMove
ImageList_SetFlags
ImageList_GetFlags
ImageList_Read
CreateStatusWindowA
ImageList_SetIconSize
ImageList_AddMasked
DrawStatusText

kernel32

GetACP
HeapCreate
LCMapStringA
GetCurrentThread
GetStartupInfoA
GetSystemTimeAsFileTime
CloseHandle
IsBadReadPtr
GlobalFix
CreateMutexA
TlsAlloc
GetStringTypeA
GetThreadContext
GlobalGetAtomNameA
RtlUnwind
VirtualAlloc
GetFileType
SetLastError
WriteConsoleOutputAttribute
LCMapStringW
GetLastError
GetModuleFileNameA
GetTempFileNameW
GetAtomNameA
IsValidLocale
OpenSemaphoreA
LeaveCriticalSection
IsDebuggerPresent
SetEnvironmentVariableA
OpenProcess
GetLocaleInfoA
GetLocaleInfoW
HeapFree
VirtualQuery
GlobalFlags
CompareStringA
FreeEnvironmentStringsW
TlsSetValue
FreeEnvironmentStringsA
SetLocaleInfoW
GetTempFileNameA
GetCurrentProcess
CommConfigDialogW
SetComputerNameA
GetConsoleMode
lstrcmpiW
GetCurrentProcessId
WideCharToMultiByte
CreateProcessA
HeapDestroy
TlsFree
VirtualProtect
GetPrivateProfileStructA
OpenMutexA
DeleteCriticalSection
TlsGetValue
GetDiskFreeSpaceExW
SetSystemTime
GetSystemInfo
IsValidCodePage
TerminateProcess
FlushFileBuffers
GetCurrentThreadId
SetCurrentDirectoryA
SetStdHandle
GetTickCount
GetSystemDirectoryA
GetVersionExA
QueryPerformanceCounter
EnumSystemLocalesA
VirtualFree
FillConsoleOutputAttribute
GetUserDefaultLCID
GetTimeFormatA
EnumSystemCodePagesW
MultiByteToWideChar
GetOEMCP
GetVolumeInformationW
MoveFileExW
CompareStringW
GetCPInfo
GetDateFormatA
GetEnvironmentStringsW
RemoveDirectoryW
GetTimeZoneInformation
SetVolumeLabelW
UnhandledExceptionFilter
InterlockedExchange
GetProcAddress
GetCurrencyFormatA
ExitProcess
HeapReAlloc
SetHandleCount
GetStdHandle
GetModuleHandleA
ReadFile
EnterCriticalSection
HeapSize
GetExitCodeThread
IsBadWritePtr
RtlMoveMemory
GetShortPathNameW
VirtualUnlock
CreateNamedPipeW
WriteFile
SetFilePointer
GetStringTypeW
GetCommandLineA
GetModuleFileNameW
LoadLibraryA
GetEnvironmentStrings
InitializeCriticalSection
LocalUnlock
SuspendThread
HeapAlloc

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

59a17ca7eeaa9539096426e3d74c08d9

Headers

File Characteristics

PDB Paths

Imports

user32

comctl32

kernel32

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 92KB - Virtual size: 89KB

.data Size: 88KB - Virtual size: 96KB

.rsrc Size: 76KB - Virtual size: 72KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 92KB - Virtual size: 89KB

.data
Size: 88KB - Virtual size: 96KB

.rsrc
Size: 76KB - Virtual size: 72KB