606d08caeebcfb67a227ef359eb6e3a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

606d08caeebcfb67a227ef359eb6e3a7_JaffaCakes118
Size

84KB
MD5

606d08caeebcfb67a227ef359eb6e3a7
SHA1

ae665faade76838976647b274184461fb5056aac
SHA256

291ac73ea7f79aed8ffde7fa2278ebfb91162e705ab7a2d7400c58ce0812713a
SHA512

abf3d96efe96b2521fad617dd5226b74e11a784311b81e2fea59204de9d8f3ce48b0b2637bfd306a04c1b8603a35066cc592e3c19392ef1ef2b86f0d7fa69bbf
SSDEEP

1536:yBaNRQVEc08kdPSWaDvGudWKtjRBjVzTqndExY8j6eUCymNvtcGHRMiKTLmZd9o:HNuztkBS5D+kRnpTJeeUCfvu6MNLmZj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
606d08caeebcfb67a227ef359eb6e3a7_JaffaCakes118

Files

606d08caeebcfb67a227ef359eb6e3a7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e9e757180e0b0aa08a8ec1de5592452a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\GjEXplwIdiuQ\pdzESqNvB\eFVNQhlh\xMjUgviOanhj.pdb

Imports

shlwapi

PathRelativePathToA
ChrCmpIA

ntdll

memset

user32

IsZoomed
SetWindowPlacement
LoadBitmapW
DrawMenuBar
GetCursorPos
GetWindowLongA
GetKeyboardLayoutList
SetActiveWindow
GetUserObjectInformationW
LoadImageA
DrawStateW
CreateDialogParamW
EqualRect
GetScrollRange
CopyRect
wvsprintfW
LoadAcceleratorsW
GetSysColorBrush
SetPropW
DestroyCursor
EndDialog
ChildWindowFromPointEx
GetDCEx
OpenDesktopW
PostMessageA
GetClassInfoW
LoadCursorW
GetActiveWindow
OemToCharA
GetMessageW

kernel32

GetDateFormatA
lstrcmpiW
GetLocalTime
Sleep
GetFileAttributesExW
GlobalFindAtomW
VirtualAlloc
VerifyVersionInfoW
CreateMutexA
lstrlenW
GetVersionExW
lstrcpyA
ReleaseMutex
GetCommState
GetCurrentDirectoryW
lstrcmpA

msvcrt

exit

gdi32

OffsetViewportOrgEx
BitBlt
ScaleViewportExtEx
SetDIBits
RoundRect
GetTextExtentPoint32A
SetBkColor
GetLayout
SetBkMode
CreatePatternBrush
TextOutW
GetDeviceCaps
LPtoDP

Exports

Exports

?__JKSOdqwrKqb_qyrp@@YGPAGG@Z
?jwo_cnfpqTaj_V@@YGX_NF@Z
?pvTnmpbXM____K_VhpyKUE@@YGXPADN@Z
?NJFUO_qJ_P_OQcfs_daWm@@YGPAEE@Z
?BO_ZlCPOVODM_YPS_NC@@YGEJ@Z
?KFXAJUGI_DNG@@YGXPAN@Z
?bov_hvbpqnv__s_xM@@YGNHH@Z
?nznIUZ_WOM_MJAEH@@YGX_NH@Z
?M__BC__L_Hz@@YGEIPAM@Z
?OWM_y_ne_nEGm_ef__kxZ_@@YGXF@Z
?YXRTDAE@@YGMGH@Z
?D_QrkmbjDINtP@@YGKPAF@Z
?___IDCka_W_DS_K_RUNRXe@@YGNDJ@Z
?eoyye_epVQKAE@@YGPAIPAIPAK@Z
?K_MHznG_ddzox@@YGJJ@Z
?__HFBO_XFPEN_@@YGPAGI@Z
?klzs_kXEHVQIgmxseN_LQ_@@YGDPA_NM@Z
?FXZLB_ERO@@YGDEPAG@Z
?eVIALGo_qDwbo_bsi@@YGMII@Z
?izzt_mkciN_TW@@YGXDN@Z
?EOOCF_VXDBcjfJF@@YG_NHG@Z
?IWl_umi_xrtpAZOVuaiGQp@@YG_NH@Z
?I_T_O_A_J__CP_@@YGMPAN@Z
?nhh_q_egvvy@@YGDDF@Z
?kkr_n_PGGnp@@YGXPAH@Z
?xzlix__xjnPGM_HECT@@YGDPAFPAG@Z
?w__ngar_as__yUFVMJ_@@YGPAXH@Z
?E_AZQ_uarffnofluwk@@YGGIH@Z
?bt__fwEYW_ys__g@@YGPAGDPAH@Z
?leutSFItaroz@@YGHFN@Z
?_JEQVDS__Y__Z_VE_j@@YGPAEE@Z
?z_oPMM_Pm__@@YGFD@Z
?lfsb__QMKYNz_zsfup@@YGPAFPAE@Z
?_ru_lmos@@YGPAHPAJI@Z
?WMqwfhe_@@YG_NPADH@Z
?zmt_kk_FQ__H_O@@YGPA_NDPAI@Z
?dxjgJMZ_EGotA@@YGHEPAJ@Z
?GLZjqryrfKjy@@YGMM@Z
?hmktlILKI_Bzh__sjpBR@@YGKJI@Z
?niqm_KIS_FPYQVFQfk@@YGJPAMN@Z
?yx_bjy_qkIAXljsIETA@@YGPAFJ@Z
?X_D_VW_@@YGPAKPAMPAJ@Z
?LSL_ex___hixvdoRVT_OH@@YGFJ@Z
?__nvsyYQ_etvm__UWD__@@YGPAXH@Z
?ilw_k_rp_svtmcDL__@@YGIF@Z
?Qo__iqPKSUSleyastoO__@@YGEH@Z
?Wht_phcGq_y_j_brc@@YGFH@Z
?E_SOARAOUQKEigqT@@YGPAMG@Z
?_Z__AMP@@YGJI@Z
?_Jczabd_HVAJMZU@@YGKPAI@Z
?_HEQFKPPc_g@@YGPAJDG@Z
?W_JG_oUMDLgab_t_AGDOPx@@YGIHF@Z
?_pzJUUFi_cc____WSZDRav@@YGKD@Z
?JJX_Iizht_l__BLYMXSAGS@@YGPAKPAG@Z
?ANPY_k__nndXTmsl@@YGPAXJ@Z
?JU_C_XZP@@YGMFPA_N@Z
?_XL_dir_Nt__V@@YGXPAED@Z
?_T_YJBIwW@@YGKPA_NJ@Z
?___acMFtzeuK_Y_Fylpmv@@YGXPAF@Z
?AA_JFTIJEVRID_Ffi@@YGF_N@Z
?nbmaj_dtywl_qjix__oyo@@YGKG@Z
?NDVD_LZCImu_jwO_Qq_m_@@YGPAGFE@Z
?FO_DU_Q_MF_EJZVQA_ML@@YGXDG@Z
?_faq_i_WRECONBAc@@YGJPAFI@Z
?UQT_Ruy___vjzFXFUQV@@YGPAJIK@Z

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.export
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ldata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 491B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9e757180e0b0aa08a8ec1de5592452a

Headers

File Characteristics

PDB Paths

Imports

shlwapi

ntdll

user32

kernel32

msvcrt

gdi32

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 52KB

.idata Size: 3KB - Virtual size: 2KB

.export Size: 14KB - Virtual size: 13KB

.data Size: 7KB - Virtual size: 139KB

.ldata Size: 1KB - Virtual size: 1KB

.rdata Size: 512B - Virtual size: 491B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 53KB - Virtual size: 52KB

.idata
Size: 3KB - Virtual size: 2KB

.export
Size: 14KB - Virtual size: 13KB

.data
Size: 7KB - Virtual size: 139KB

.ldata
Size: 1KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 491B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB