5d1d23c32107d4df0b498c6f1665c61f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5d1d23c32107d4df0b498c6f1665c61f_JaffaCakes118
Size

140KB
MD5

5d1d23c32107d4df0b498c6f1665c61f
SHA1

69db5150673ab97387539ecc38aef0994786e824
SHA256

2d291daf752cfc822db8c678051c3fa14c43f7a733233b8a8b817cc91dc505e5
SHA512

a490151d04360a9a3b3d2d97961aad94740c2f3c345cb09ebbd1b638903f8cb1a5f1905d84de0e99ffb77b45c2444865b9e4c9cdca30832b94eedc90007f2c78
SSDEEP

3072:+ZKJNJ9lh8ccZbNU7Clu1DAb0HqKBgc4DXKavdwvy:H0zZZvui+qK69XGy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5d1d23c32107d4df0b498c6f1665c61f_JaffaCakes118

Files

5d1d23c32107d4df0b498c6f1665c61f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b687d53c50e928ae58f34ccaaec8e9c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Zov\Bygavos\eke\Iqivysy\epa\Oqalyf\Badojo\esunim.pdb

Imports

kernel32

GetSystemTimeAsFileTime
SetSystemPowerState
FormatMessageA
GetCPInfo
MoveFileExA
GetCurrentProcessId
GetFileTime
GetModuleFileNameA
GetTimeFormatA
HeapWalk
HeapReAlloc
GetLocalTime
CreateFileA
HeapFree
HeapAlloc
GetProfileStringW
VirtualProtect
lstrcmpA
lstrlenA
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetSystemInfo
GetLocaleInfoA
VirtualQuery
InterlockedExchange
RtlUnwind
LoadLibraryA
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
HeapSize
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetEndOfFile
SetFilePointer
ExitProcess
GetProcAddress
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetLastError
ReadFile
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
CloseHandle
WriteFile

user32

GetSystemMetrics
TranslateMessage
LoadCursorA
SetFocus
RegisterClassExA
GetKeyNameTextA
GetWindowTextLengthA
GetClassInfoExA
CallWindowProcA
GetMessageA
GetCursorPos
GetFocus
AppendMenuA
MapWindowPoints
UnregisterHotKey
DestroyMenu
BeginPaint
EmptyClipboard
InvalidateRect
PostMessageA
ValidateRect
BeginDeferWindowPos
DeferWindowPos
CreateMenu
RegisterWindowMessageA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b687d53c50e928ae58f34ccaaec8e9c6

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

winspool.drv

Sections

.text Size: 40KB - Virtual size: 36KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 44KB - Virtual size: 141KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 40KB - Virtual size: 36KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 44KB - Virtual size: 141KB

.rsrc
Size: 4KB - Virtual size: 1KB