48533d749bf31c4987c8800f98dbb427_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

48533d749bf31c4987c8800f98dbb427_JaffaCakes118
Size

288KB
MD5

48533d749bf31c4987c8800f98dbb427
SHA1

5c3034d05e34ac729c02baf5a5f8b55440105ef1
SHA256

b8f7b5c2f090ac6da71df9b924ad0638de65c2b3f4f387e98e5c49e8c909e95a
SHA512

62ee3408b2d46a834978817490519b1ee01e64f12ef126fbd42d05bf94bdb0796795567a9b3b98ab3deb067cecffc0e63ff8d2cfc144c4d7fdeaa55d1ddfc868
SSDEEP

6144:8QGChXXstL2qzgXPed7wldk1kN/PtT96fYvf:TjXFqcmmkuB1T9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
48533d749bf31c4987c8800f98dbb427_JaffaCakes118

Files

48533d749bf31c4987c8800f98dbb427_JaffaCakes118
.exe windows:4 windows x86 arch:x86

faec4240a840a66b57f771063e1f606c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\xet\ooeorexy\oatnzeorb.pdb

Imports

wininet

IsUrlCacheEntryExpiredA
FtpGetCurrentDirectoryA
SetUrlCacheHeaderData

comctl32

ImageList_DragLeave
ImageList_LoadImageW
MakeDragList
ImageList_Read
CreateToolbarEx
DrawStatusText
DrawInsert
InitCommonControlsEx
ImageList_DragShowNolock
ImageList_LoadImage

kernel32

VirtualFreeEx
GetLocaleInfoA
TlsAlloc
InitializeCriticalSection
InterlockedExchange
GetCurrentProcessId
InterlockedCompareExchange
FreeEnvironmentStringsW
EnumSystemLocalesA
SetEnvironmentVariableA
SetHandleCount
HeapDestroy
OpenMutexA
LCMapStringW
HeapReAlloc
GetStartupInfoA
GetProcAddress
GetFileTime
IsValidCodePage
GetCommandLineA
SetStdHandle
GetSystemTimeAdjustment
RemoveDirectoryA
MultiByteToWideChar
VirtualQuery
RtlUnwind
LCMapStringA
FreeEnvironmentStringsA
GetFileType
CloseHandle
WideCharToMultiByte
GetTimeZoneInformation
GetLocaleInfoW
FileTimeToLocalFileTime
GetVersionExA
GetCurrentThreadId
GetPrivateProfileStructW
CompareStringW
GetTickCount
GetDateFormatA
GetStringTypeW
IsValidLocale
LoadLibraryA
GetLastError
GetSystemTimeAsFileTime
HeapAlloc
GetUserDefaultLCID
ConnectNamedPipe
LeaveCriticalSection
GetModuleFileNameA
GetSystemInfo
VirtualAlloc
HeapSize
CompareStringA
SetFilePointer
TerminateProcess
VirtualProtect
GetStdHandle
GlobalFree
TlsGetValue
SetLastError
GetTimeFormatA
EnumCalendarInfoExW
WriteFile
GetCurrentProcess
UnhandledExceptionFilter
ReadFile
TlsFree
GetModuleHandleA
GetEnvironmentStringsW
GetOEMCP
LocalUnlock
EnterCriticalSection
VirtualFree
IsBadWritePtr
FreeLibrary
GetStringTypeA
GetACP
TlsSetValue
InterlockedIncrement
GetCurrentThread
DeleteCriticalSection
FlushFileBuffers
GetCPInfo
HeapCreate
CreateMutexA
QueryPerformanceCounter
ExitProcess
ReadConsoleA
GetEnvironmentStrings
HeapFree
DebugBreak

user32

GetScrollRange
DdeFreeStringHandle
ExcludeUpdateRgn
DrawCaption
RegisterClassA
GetSysColor
GetPriorityClipboardFormat
ArrangeIconicWindows
TranslateAccelerator
RegisterClassExA
BlockInput
GetClipCursor
MonitorFromRect
RegisterWindowMessageA
DdeConnect
PostQuitMessage
DlgDirListComboBoxW
GetThreadDesktop
wvsprintfA
CopyImage
ReleaseDC
GetClassInfoExW
DrawTextExW
GetOpenClipboardWindow
CallWindowProcA
GetUpdateRect
GetNextDlgTabItem
SetClipboardData
IsCharAlphaA
GetGuiResources
CreateDesktopW
UnloadKeyboardLayout
UnregisterHotKey
CharUpperW
DragDetect
DdePostAdvise
OpenDesktopW
LookupIconIdFromDirectoryEx
RegisterDeviceNotificationW
UnpackDDElParam
TabbedTextOutW
SetCaretPos
AnimateWindow
DdeCmpStringHandles
FlashWindowEx
DestroyMenu
LoadBitmapA
MenuItemFromPoint
BringWindowToTop
RedrawWindow
IsIconic
InvalidateRect
ToAsciiEx
GetKBCodePage
GetProcessWindowStation
GetMenuBarInfo
SwapMouseButton
SetWindowRgn
SetTimer
SetWindowTextW
TrackMouseEvent
EnumDesktopsW
GetMessageA
ShowWindow
GetDlgItem
CreateWindowExA
BroadcastSystemMessageA
SetScrollInfo
ValidateRgn

gdi32

CreateDCW
CancelDC
GetDeviceCaps
DeleteDC
SetPaletteEntries
CreateICW
PathToRegion
ScaleViewportExtEx
SetEnhMetaFileBits
SelectObject
GetObjectW
SelectClipPath
DeleteMetaFile
GetCharABCWidthsFloatA
BeginPath

shell32

SHGetPathFromIDList
SHQueryRecycleBinW
SHGetSpecialFolderLocation
InternalExtractIconListA

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faec4240a840a66b57f771063e1f606c

Headers

File Characteristics

PDB Paths

Imports

wininet

comctl32

kernel32

user32

gdi32

shell32

Sections

.text Size: 76KB - Virtual size: 74KB

.rdata Size: 88KB - Virtual size: 84KB

.data Size: 92KB - Virtual size: 105KB

.rsrc Size: 28KB - Virtual size: 26KB

.text
Size: 76KB - Virtual size: 74KB

.rdata
Size: 88KB - Virtual size: 84KB

.data
Size: 92KB - Virtual size: 105KB

.rsrc
Size: 28KB - Virtual size: 26KB