48466d29c0612da5e433b52cd9fe4010_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48466d29c0612da5e433b52cd9fe4010_JaffaCakes118
Size

501KB
MD5

48466d29c0612da5e433b52cd9fe4010
SHA1

668e1be7b9320552c837fdfb7760a39e9217d6b3
SHA256

4983db91ff740431351f801cd8d5423ab54eaf5c6b9c42dfadb2ef4de6b2a50c
SHA512

23c83f5c8a400a82eebc8870534618d8af0ed6d64c5fee4e962f50437672b1b0ca7ed1924e7f43e3774fdaa7fba953efe98445982c14afe4065264a30bf2226d
SSDEEP

12288:Z3LXGKPQaJaucaS33qLb1/tzyJJzzY/+OsLEhgy:bQQasS3ENtzyJJzzG+pQg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48466d29c0612da5e433b52cd9fe4010_JaffaCakes118

Files

48466d29c0612da5e433b52cd9fe4010_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0c84e6027f3e089f5008cf20385429b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\abe\oelsenbpo\llpnnge

Imports

user32

GetActiveWindow
UnloadKeyboardLayout
SendIMEMessageExW
RegisterClassExA
WINNLSEnableIME
CallNextHookEx
DdeDisconnect
GetNextDlgTabItem
OemToCharBuffA
GetWindowPlacement
GetWindowLongA
UnhookWinEvent
CreateCaret
ReplyMessage
RegisterClassA
RegisterClassExW
GetListBoxInfo
SetParent
CharPrevW
GetCaretPos

comdlg32

ReplaceTextA

kernel32

SetStdHandle
OpenFile
ReadConsoleInputA
LeaveCriticalSection
TlsFree
QueryPerformanceCounter
GetLocalTime
GetStringTypeA
GetLastError
LCMapStringA
InitializeCriticalSection
RtlUnwind
SetHandleCount
GetSystemTimeAsFileTime
GetFileType
DeleteCriticalSection
HeapCreate
LoadLibraryA
GetCurrentProcessId
HeapAlloc
SetLastError
CompareStringA
WritePrivateProfileStringW
GetLogicalDriveStringsW
HeapReAlloc
GetStdHandle
RemoveDirectoryA
HeapDestroy
HeapValidate
TlsAlloc
GetNamedPipeHandleStateA
CompareStringW
GetACP
FreeEnvironmentStringsA
InterlockedDecrement
TerminateProcess
CloseHandle
GetEnvironmentStringsW
TlsGetValue
OpenMutexA
GetTickCount
GlobalUnlock
LocalHandle
GetCurrentThreadId
TlsSetValue
GetModuleFileNameA
GetLocaleInfoA
EnterCriticalSection
MultiByteToWideChar
VirtualFree
GetCalendarInfoW
GetCurrentThread
SetEndOfFile
GetStringTypeW
ReadFile
ExitProcess
EnumCalendarInfoW
InterlockedIncrement
FreeEnvironmentStringsW
GetEnvironmentStrings
IsBadWritePtr
WriteFile
GetModuleHandleA
SetEnvironmentVariableA
InterlockedExchange
GetTimeZoneInformation
FlushFileBuffers
GetVersion
GetNumberFormatW
GetCurrentProcess
LCMapStringW
GetSystemTime
UnhandledExceptionFilter
GetStartupInfoA
GetCommandLineA
VirtualAlloc
WideCharToMultiByte
GetWindowsDirectoryA
VirtualQuery
HeapFree
SetFilePointer
CreateMutexA
GetOEMCP
GetProcAddress
GetCPInfo

comctl32

ImageList_GetDragImage
MakeDragList
InitCommonControlsEx
ImageList_Add

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c84e6027f3e089f5008cf20385429b6

Headers

File Characteristics

PDB Paths

Imports

user32

comdlg32

kernel32

comctl32

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 250KB - Virtual size: 258KB

.data Size: 114KB - Virtual size: 114KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 250KB - Virtual size: 258KB

.data
Size: 114KB - Virtual size: 114KB

.rsrc
Size: 15KB - Virtual size: 15KB