5b80e2511e99b95e2b9237fb90687786_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5b80e2511e99b95e2b9237fb90687786_JaffaCakes118
Size

119KB
MD5

5b80e2511e99b95e2b9237fb90687786
SHA1

da4b5b38d1415b27c023ba7066904cdfa71b714f
SHA256

1ad880ae661b1792772d7832225491a96d4ab7470bcdd9c77a0c82805f220ab9
SHA512

256e3b6cbd0e9867122f54a9a2d2a719929e3b38e24b8d35b46f6543a84d0b8e36a47bfc41b4ee8a9a387e7706395f38979de3d99cf6a303659f7e43b55a0776
SSDEEP

3072:hsw6uK7VGeYUpBNxu1Y3sydMnrffOTLoqJ3I3zj8:hn4YUPNx3MSTUgYD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5b80e2511e99b95e2b9237fb90687786_JaffaCakes118

Files

5b80e2511e99b95e2b9237fb90687786_JaffaCakes118
.dll windows:5 windows x86 arch:x86

858de09e130f42b17e418279df047082

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Y:\arzzcgFisociddLx\elUumPlguyBFcGcbRo\oxtHxHrqykbnbniQkiC\aZRWskuMuwbRTpo\oooWhnEjEiyMBYzwuv\vRegiVdPsAiknpi\qqPgbLJsaawzkn.pdb

Imports

user32

SetClassLongW
PeekMessageA
FrameRect
ShowOwnedPopups
IsWindow
DrawStateA
GetMenuItemID
ToUnicodeEx
LockWindowUpdate
PostThreadMessageW
HideCaret
CascadeWindows
SetMenuItemBitmaps
GetMenu
LoadBitmapA
SetLastErrorEx
PostMessageA
DialogBoxIndirectParamA
IsDialogMessageA
DialogBoxParamW
GetClassNameW
UnloadKeyboardLayout
SetUserObjectInformationW
MessageBoxExW
SendDlgItemMessageW
GetClassInfoA
TranslateAcceleratorA
IsCharLowerA
GetAsyncKeyState
GetClassInfoExA

comctl32

CreatePropertySheetPageW
ImageList_Remove
ImageList_GetIconSize
ImageList_Read
PropertySheetA

shlwapi

StrChrIW

shell32

ord196
ord195

kernel32

GlobalAddAtomW
GetModuleHandleW
lstrcpyW
GlobalFree
CreateNamedPipeA
FindResourceExW
IsBadStringPtrW
GlobalUnlock
CreateFileW
GetVersionExW
FileTimeToSystemTime
GetUserDefaultLangID
VirtualAlloc
GetCommProperties
GetShortPathNameW
OpenEventA

gdi32

SelectClipRgn
CreateFontA
SetBkMode
RectVisible
OffsetViewportOrgEx
Rectangle
SetDIBitsToDevice
TextOutW
EndPage
CreateHalftonePalette
GetMapMode
GetWindowOrgEx

Exports

Exports

AlphaBlend
?DufiluIOQF67uiofYIFYfUFyf@@YGKEPA_WG@Z

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

858de09e130f42b17e418279df047082

Headers

File Characteristics

PDB Paths

Imports

user32

comctl32

shlwapi

shell32

kernel32

gdi32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 27KB - Virtual size: 26KB

.mdata Size: 11KB - Virtual size: 11KB

.data Size: 14KB - Virtual size: 149KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 27KB - Virtual size: 26KB

.mdata
Size: 11KB - Virtual size: 11KB

.data
Size: 14KB - Virtual size: 149KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1KB - Virtual size: 1KB