5e377a822efea80779d1362ba4f2b579_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e377a822efea80779d1362ba4f2b579_JaffaCakes118
Size

612KB
MD5

5e377a822efea80779d1362ba4f2b579
SHA1

5e41cd3cc563dc1df28f9607695f3600311edf3c
SHA256

2df4f4dbf9475837ae58468b6f367c631e871cff1238c0e85100097136230c8f
SHA512

5c60c50590b10a50407d83769b5d0f38eb628cab1536d1ebb73a6645fab049f25a4c4197baa3e51e6a4bf0cc9a08ee8996e6a4797481a06ae14bbe9650acb005
SSDEEP

12288:tVz9d/CrHUADi4IgGDAkPzhDQ4kaiNzFBRft14SDy:tVCZT4fz5FkaiNzFBRft14S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e377a822efea80779d1362ba4f2b579_JaffaCakes118

Files

5e377a822efea80779d1362ba4f2b579_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3bb06efa8fedc70d63928923141c4945

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\eaece\mmtwheai\ogadwaezjq\yhfso.PDB

Imports

user32

RegisterClassA
UnionRect
DestroyWindow
ShowWindow
ToUnicode
RegisterWindowMessageW
MapWindowPoints
LoadMenuIndirectA
CreateWindowExA
MessageBoxW
IsZoomed
RegisterClassExA
SetWinEventHook
DefWindowProcW
ChangeDisplaySettingsW

kernel32

IsValidCodePage
GetLocaleInfoA
CompareStringA
FreeEnvironmentStringsW
SetHandleCount
WriteConsoleA
WriteConsoleW
GetTickCount
GetConsoleCP
EnterCriticalSection
CreateMutexA
UnhandledExceptionFilter
GetConsoleMode
GetEnvironmentStrings
OpenWaitableTimerA
InterlockedExchange
SetStdHandle
HeapCreate
VirtualQuery
GetDateFormatA
CloseHandle
CompareStringW
ReadFile
InterlockedDecrement
LCMapStringA
VirtualFree
CreateFileA
GetCurrentProcessId
DeleteCriticalSection
OpenMutexA
TlsAlloc
GetLastError
GetOEMCP
ExitProcess
GetTimeZoneInformation
TlsSetValue
HeapAlloc
HeapReAlloc
GetCommandLineA
TlsGetValue
GetStringTypeW
GetLocaleInfoW
GetStdHandle
HeapFree
QueryPerformanceCounter
GetConsoleOutputCP
HeapDestroy
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
HeapLock
MultiByteToWideChar
GetCurrentProcess
GetACP
LeaveCriticalSection
WideCharToMultiByte
SetLastError
GetModuleFileNameA
HeapSize
SetConsoleCtrlHandler
GetStartupInfoA
EnumSystemLocalesA
GetUserDefaultLCID
LoadLibraryA
SetEnvironmentVariableA
LCMapStringW
GetFileType
FreeEnvironmentStringsA
GetStringTypeA
GetModuleHandleA
GetCPInfo
GetTimeFormatA
GetCurrentThreadId
VirtualAlloc
WriteFile
GetSystemTimeAsFileTime
GetProcAddress
InterlockedIncrement
RtlUnwind
SetFilePointer
GetEnvironmentStringsW
TlsFree
Sleep
FreeLibrary
SetUnhandledExceptionFilter
GetModuleHandleW
GetCurrentThread
IsDebuggerPresent
TerminateProcess
IsValidLocale
GetThreadLocale

comctl32

ImageList_SetFilter
ImageList_Replace
DrawStatusTextW
ImageList_DrawEx
ImageList_GetImageInfo
DrawStatusTextA
ImageList_BeginDrag
ImageList_GetImageRect
ImageList_GetFlags
DestroyPropertySheetPage
InitCommonControlsEx
DrawStatusText
ImageList_ReplaceIcon
ImageList_DragLeave

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bb06efa8fedc70d63928923141c4945

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 208KB - Virtual size: 234KB

.data Size: 114KB - Virtual size: 114KB

.rsrc Size: 52KB - Virtual size: 51KB

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 208KB - Virtual size: 234KB

.data
Size: 114KB - Virtual size: 114KB

.rsrc
Size: 52KB - Virtual size: 51KB