48465b0cc97bde0033a8a039d598491e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48465b0cc97bde0033a8a039d598491e_JaffaCakes118
Size

174KB
MD5

48465b0cc97bde0033a8a039d598491e
SHA1

5909ff6ce9ec464e7c1e77f60af4d0166d871acd
SHA256

0e43d7e485f4223a5e279f0d883cb156444819a2d47b0215c518663ccd34df00
SHA512

0c63ee3944afd03c19703445172b4ab8c6b71425cd76ae197abba9775f148a685d59566ffe7c79855906d1b0f838dc8ca05622ab3ddfe7f7e51198c32893c355
SSDEEP

3072:fu6VxDf6qL/jqSnA8QcuExUz1PPv5g1q4v68JgMZAKLtCa4coC:2etDLLqSZQcl6tr4v68JgMbxCaboC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48465b0cc97bde0033a8a039d598491e_JaffaCakes118

Files

48465b0cc97bde0033a8a039d598491e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0a49c89eeebc1b40c7024245ac3345b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\yiMZhuIBkAtkWH\tcfmjowOiz\txrhgNEM\LgjyuqXryaGyRn.pdb

Imports

msvcrt

_controlfp
free
__set_app_type
__p__fmode
setlocale
__p__commode
isspace
wcscpy
clearerr
fputc
ungetc
perror
strerror
wcsncpy
_amsg_exit
wcstol
_initterm
_ismbblead
isprint
_XcptFilter
srand
_exit
strtol
towupper
mbtowc
strspn
isdigit
memset
_cexit
__setusermatherr
floor
__getmainargs
wcscmp
islower
atoi
iswdigit
strtok

kernel32

GetFileType
FindNextChangeNotification
lstrcmpA
MulDiv
SetEvent
FreeLibrary
LockFile
DeleteFileA
CreatePipe
FindCloseChangeNotification
ConnectNamedPipe
GetCommModemStatus
GetTimeZoneInformation
WinExec
lstrcpyW
CompareStringW
LocalLock
GetHandleInformation
FindFirstFileW
GetCompressedFileSizeW
GetTempFileNameW
InitializeCriticalSection
SetupComm
ResetEvent
CloseHandle
DeleteFileW
OpenEventW
GetModuleFileNameA
IsBadStringPtrW
GetNumberFormatA
SystemTimeToFileTime
FindClose
LoadLibraryExW
FoldStringW
SetFileAttributesA
FreeResource
GetPriorityClass
CompareFileTime
GetCommandLineW

comdlg32

ReplaceTextW
PageSetupDlgW
FindTextW
GetSaveFileNameA

shlwapi

UrlGetLocationA

user32

CreateCursor
IsCharAlphaA
DestroyAcceleratorTable
SetRectEmpty
MessageBoxExW
IsMenu
GetClassInfoA
SetRect
GetScrollRange
MoveWindow
GetNextDlgTabItem
LoadCursorW
OemToCharA
ReleaseDC
ReplyMessage
MonitorFromPoint
CharLowerA
DestroyCaret
IntersectRect
AttachThreadInput
SetMenuItemInfoW
SetMenu
GetDialogBaseUnits
GetUserObjectInformationA
CharLowerW
IsWindowEnabled
LoadCursorA
GetClassInfoExW
CharUpperBuffW
MonitorFromRect
GetMenuItemID
GetWindowPlacement
SendInput
CharPrevA
SystemParametersInfoW
MapDialogRect
DrawTextW
CheckMenuItem
GetKeyboardLayoutNameW
CreateAcceleratorTableW
GetCursorPos
AdjustWindowRectEx
PostThreadMessageA
LoadStringA
PostMessageW
GetSubMenu
IsIconic
SetFocus
TrackPopupMenu
GetScrollPos
DialogBoxIndirectParamA
OpenIcon
CopyAcceleratorTableW
GetKeyboardLayout
LoadImageW
MessageBoxA
SendNotifyMessageW
RegisterClassW
GetMessageExtraInfo
GetSysColor
RegisterWindowMessageW
CharUpperW
InvalidateRgn
EnumChildWindows
LoadAcceleratorsW
InvertRect
EqualRect
UnloadKeyboardLayout
CallWindowProcW
IsCharAlphaNumericW
SetWindowLongW
CharToOemW
DrawIconEx
SetMenuDefaultItem
GetSystemMetrics
IsCharAlphaW
GetMenuStringA
InSendMessageEx
BringWindowToTop
GetDCEx
SetScrollPos
FindWindowExA
wsprintfW
InSendMessage

Exports

Exports

?HistoryLoggingOn@@YGKDKPAX:O

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.eplan
Size: 512B - Virtual size: 91B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ainit
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdbg
Size: 512B - Virtual size: 109B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iplan
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.run
Size: 512B - Virtual size: 267B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0dat
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a49c89eeebc1b40c7024245ac3345b6

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

comdlg32

shlwapi

user32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.eplan Size: 512B - Virtual size: 91B

.ainit Size: 1024B - Virtual size: 852B

.rdbg Size: 512B - Virtual size: 109B

.data Size: 2KB - Virtual size: 185KB

.iplan Size: 4KB - Virtual size: 4KB

.run Size: 512B - Virtual size: 267B

.0dat Size: 139KB - Virtual size: 138KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.eplan
Size: 512B - Virtual size: 91B

.ainit
Size: 1024B - Virtual size: 852B

.rdbg
Size: 512B - Virtual size: 109B

.data
Size: 2KB - Virtual size: 185KB

.iplan
Size: 4KB - Virtual size: 4KB

.run
Size: 512B - Virtual size: 267B

.0dat
Size: 139KB - Virtual size: 138KB

.rsrc
Size: 2KB - Virtual size: 1KB