49a127daada22e799342094e110005bc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

49a127daada22e799342094e110005bc_JaffaCakes118
Size

748KB
MD5

49a127daada22e799342094e110005bc
SHA1

9a063a75f186f6b4439030c5b1378b6d895d12d9
SHA256

421e84f2e0b157fd38e05f3e9f1bd12052059ab6dd77fb5a73b5e187bab3856f
SHA512

9b186ec70b5f4366687f01e3c0bc2db7d821a93ff518c14ae04fe3f081cf6e07ee8c2244cccb07cf6fa982c727b3b195a5392648b138535719c32ef4890a3489
SSDEEP

12288:G6HnKRLLSmR3H6xucNfkpqDYamd86RYS72wwGFe3p42lkyYQqd4ny:lHKRLLSY5ekpEAoS72wwOEK2lkIqd4ny

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
49a127daada22e799342094e110005bc_JaffaCakes118

Files

49a127daada22e799342094e110005bc_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3a07d081fb2a2efab8a1f309ca164a5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\GNCXI.PDB

Imports

user32

MessageBoxIndirectA
RegisterClassA
ChangeClipboardChain
DefDlgProcA
MessageBoxExW
CopyImage
DispatchMessageW
VkKeyScanW
SubtractRect
DdeGetData
IsWindow
CascadeChildWindows
SystemParametersInfoW
GetWindowTextA
GetSysColor
LoadIconW
DestroyWindow
RegisterWindowMessageW
DrawIconEx
DefMDIChildProcW
ShowWindowAsync
GetMonitorInfoW
WINNLSGetEnableStatus
MessageBoxA
DlgDirSelectExA
ChangeDisplaySettingsExW
SetWindowContextHelpId
GetComboBoxInfo
GetSystemMetrics
SetKeyboardState
GetClipCursor
DefWindowProcW
SystemParametersInfoA
CharLowerW
SendNotifyMessageW
EqualRect
GetCapture
GetTitleBarInfo
EnumWindowStationsA
SetWindowLongW
DrawEdge
MsgWaitForMultipleObjectsEx
EnumDesktopsW
DdeClientTransaction
CreatePopupMenu
InsertMenuA
UnregisterDeviceNotification
ShowWindow
SetSystemCursor
InSendMessageEx
GetWindowDC
CreateWindowExW
EnumWindows
GetAncestor
SetDoubleClickTime
GetMenuItemRect
CopyAcceleratorTableW
RegisterClassExA
SetMessageQueue
HideCaret
DlgDirSelectComboBoxExW
GetCursorPos
GetUserObjectInformationA
CreateIconFromResourceEx
PostThreadMessageA
SetCaretPos
DeferWindowPos
ToUnicodeEx
GetClipboardFormatNameA
CharToOemA
GetWindowRect
ShowCaret
IsCharAlphaA
CloseWindowStation
SetRect

comctl32

ImageList_Remove
DestroyPropertySheetPage
DrawInsert
ImageList_GetImageInfo
InitCommonControlsEx
ImageList_GetIconSize

kernel32

GetCurrentProcessId
VirtualFree
WaitForMultipleObjectsEx
EnumCalendarInfoExA
GetFileType
InitializeCriticalSection
CloseHandle
OpenWaitableTimerW
GetModuleFileNameA
GetExitCodeThread
GetCommandLineA
SetLastError
HeapValidate
CreateMutexA
PulseEvent
GetStdHandle
FreeEnvironmentStringsA
RtlUnwind
FindFirstFileExW
SetSystemTime
GetLocaleInfoA
FlushFileBuffers
LCMapStringA
GetPrivateProfileSectionNamesW
GetProcessShutdownParameters
GetTickCount
EnumSystemLocalesA
GetVolumeInformationW
ReadFile
GetPrivateProfileStringW
EnterCriticalSection
GetDateFormatA
TlsAlloc
GetTimeFormatA
GetEnvironmentVariableW
SetConsoleCP
UnhandledExceptionFilter
EnumSystemLocalesW
FindClose
FreeResource
SetConsoleMode
CreateDirectoryW
GetCurrentThreadId
GetTimeZoneInformation
LCMapStringW
WriteProfileStringW
GetMailslotInfo
WriteFile
GetCurrencyFormatA
SystemTimeToTzSpecificLocalTime
GetSystemInfo
GetCurrentThread
UnlockFile
IsValidLocale
HeapSize
lstrcmpW
SetComputerNameA
IsBadWritePtr
CompareStringA
FlushViewOfFile
lstrcpy
LoadLibraryA
MultiByteToWideChar
VirtualProtect
GetConsoleOutputCP
SetConsoleScreenBufferSize
SetThreadIdealProcessor
VirtualQuery
GetNamedPipeInfo
QueryPerformanceCounter
GetStartupInfoA
GetUserDefaultLCID
GlobalUnlock
LeaveCriticalSection
AllocConsole
TransmitCommChar
DeleteCriticalSection
GetOEMCP
GlobalFix
HeapReAlloc
GetACP
GetEnvironmentStringsW
GetModuleHandleA
GetSystemTimeAsFileTime
HeapDestroy
HeapFree
lstrcpyW
SetEnvironmentVariableA
IsValidCodePage
InterlockedExchange
TerminateProcess
GetCurrentProcess
EnumTimeFormatsA
SetStdHandle
SetFilePointer
GetTempFileNameW
TlsGetValue
SetConsoleTextAttribute
CompareStringW
GetPrivateProfileSectionW
GetEnvironmentStrings
GetLongPathNameW
GetLogicalDriveStringsW
GetStringTypeW
WriteConsoleOutputCharacterW
GetLocaleInfoW
GetLastError
ExitProcess
FreeEnvironmentStringsW
GetComputerNameW
HeapAlloc
GlobalAddAtomW
TlsSetValue
OpenMutexW
HeapCreate
GetVersionExA
GetCPInfo
RtlZeroMemory
GetCurrencyFormatW
GetStringTypeA
TlsFree
FindFirstFileExA
EnumSystemCodePagesA
WritePrivateProfileSectionW
GetProcAddress
VirtualAlloc
WideCharToMultiByte
SetHandleCount
FoldStringW
VirtualFreeEx
WriteConsoleOutputCharacterA
GetThreadSelectorEntry
OpenMutexA

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a07d081fb2a2efab8a1f309ca164a5a

Headers

File Characteristics

PDB Paths

Imports

user32

comctl32

kernel32

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 456KB - Virtual size: 452KB

.data Size: 140KB - Virtual size: 156KB

.rsrc Size: 48KB - Virtual size: 44KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 456KB - Virtual size: 452KB

.data
Size: 140KB - Virtual size: 156KB

.rsrc
Size: 48KB - Virtual size: 44KB