5eb2df2a44a4537967f4f7477d61d599_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5eb2df2a44a4537967f4f7477d61d599_JaffaCakes118
Size

47KB
MD5

5eb2df2a44a4537967f4f7477d61d599
SHA1

5b6ecfe718fd2ebbbe7f4b246c711418107aee4d
SHA256

57943389c7324aa4f81831c74650103633d63933a3e7615b0e172bb067d4af8c
SHA512

fea4df3e5ee6c2985c628f3b2a64cc16671687c50045ac0615782857145f62f4e49fc9ffba6bb1ed9ae7e5129f27c761ec3b967cf0acd1e531b151afee1ca05a
SSDEEP

768:SG9UocgONjfcz11NZCMJeMOP80HXus2i/hn0y/f:SG9UobGbch1NZex/hnPn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5eb2df2a44a4537967f4f7477d61d599_JaffaCakes118

Files

5eb2df2a44a4537967f4f7477d61d599_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a7c163f147ca9d3f767943e3d37adae4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\zWhkjEy\xqawayonhwcuc\jfmtnEwiopq\IuaEeUVq.pdb

Imports

msvcrt

_controlfp
wcstombs
atoi
__set_app_type
__p__fmode
islower
swprintf
__p__commode
_amsg_exit
_initterm
_acmdln
bsearch
exit
isupper
_ismbblead
fwrite
gmtime
strspn
puts
_XcptFilter
iswxdigit
_exit
_cexit
strtol
__setusermatherr
__getmainargs

kernel32

SearchPathW
GlobalReAlloc
IsBadWritePtr
GetTempPathW
TerminateThread
GlobalMemoryStatus
ReleaseMutex
PulseEvent
SetErrorMode
SetFileAttributesA
GetSystemTimeAsFileTime
HeapWalk
lstrcatA
OpenFile
SetCommMask
GetTickCount
GetModuleHandleA
GetModuleFileNameA
SetCurrentDirectoryA
CloseHandle
FindNextFileW

comctl32

ImageList_ReplaceIcon
ImageList_AddMasked
DestroyPropertySheetPage

user32

GetClassInfoW
LoadMenuW
GetClipCursor
ShowWindow
SetMenuItemBitmaps
GetDC
GetSysColorBrush
InvalidateRgn
GetDCEx
TrackPopupMenuEx
GetFocus
CharNextA
DestroyCaret
SwitchToThisWindow
GetSysColor
SetRectEmpty
GetDlgItemInt
GetUserObjectInformationA
GetMessagePos
FindWindowW
HideCaret
IsZoomed
GetMenuItemCount
CallWindowProcA
CharPrevW
GetDlgItemTextW
BeginPaint
ScrollWindowEx
DrawTextExW
ClipCursor
SetParent
DialogBoxParamW
DefDlgProcA
RegisterClassW
GetMenuItemID
ShowCaret
SetPropW
VkKeyScanW
DestroyWindow
MessageBoxExW
GetCursorPos
DragObject

gdi32

PolyBezier
RealizePalette
SetViewportExtEx
CombineRgn
StretchBlt
FillRgn
GetSystemPaletteUse
GetTextExtentPointW
IntersectClipRect
SetLayout
CreateSolidBrush
SetBitmapDimensionEx
MoveToEx
CreateHatchBrush
StartDocW
GetPaletteEntries
RemoveFontResourceW

comdlg32

GetFileTitleW
GetOpenFileNameA
FindTextW

shlwapi

StrStrIA
StrToIntExW

Exports

Exports

?OnProcessExW@@YGXEPAJHPAF~U
?InstallKeyboardW@@YGJHPAJ~U
?FindSystemEx@@YGXJEJPAM~U
?HideDataExW@@YGPAENM~U
?CopyScreenOriginal@@YG_NHMJPAG~U
?ValidateClassOriginal@@YGFM~U
?ValidateListItemW@@YGHF~U
?KillMediaTypeA@@YGPAHEEE~U
?GenerateDateExA@@YGIG~U
?InsertMainStructDlhSi@@YGKGH@Z
?CancelFilePathOriginal@@YGGPAFJIPAG~U
?CloseArgument@@YGMFIPADD~U

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.redt
Size: 1024B - Virtual size: 631B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rimp
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdbg1
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rit
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdbg2
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rvar
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rpt
Size: 1024B - Virtual size: 744B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hdata
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7c163f147ca9d3f767943e3d37adae4

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

comctl32

user32

gdi32

comdlg32

shlwapi

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.redt Size: 1024B - Virtual size: 631B

.rimp Size: 2KB - Virtual size: 2KB

.rdbg1 Size: 512B - Virtual size: 28B

.data Size: 2KB - Virtual size: 1KB

.rit Size: 1024B - Virtual size: 516B

.rdbg2 Size: 512B - Virtual size: 74B

.rvar Size: 512B - Virtual size: 44B

.rpt Size: 1024B - Virtual size: 744B

.hdata Size: 512B - Virtual size: 224B

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 2KB - Virtual size: 22KB

.text
Size: 21KB - Virtual size: 21KB

.redt
Size: 1024B - Virtual size: 631B

.rimp
Size: 2KB - Virtual size: 2KB

.rdbg1
Size: 512B - Virtual size: 28B

.data
Size: 2KB - Virtual size: 1KB

.rit
Size: 1024B - Virtual size: 516B

.rdbg2
Size: 512B - Virtual size: 74B

.rvar
Size: 512B - Virtual size: 44B

.rpt
Size: 1024B - Virtual size: 744B

.hdata
Size: 512B - Virtual size: 224B

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 2KB - Virtual size: 22KB