5ee170ee850193c5951746b55667b2b4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5ee170ee850193c5951746b55667b2b4_JaffaCakes118
Size

120KB
MD5

5ee170ee850193c5951746b55667b2b4
SHA1

72550172a3ef6cf1bf59cf162430346f5185ee67
SHA256

54aafe2c66abf4f5945211cee035153b74a6e66a44a71681546e548b5f674c84
SHA512

ab28b2ecbc48c1bbdb05dcb0a77a99e258404972044385c61572a1ad209c3244dd31829831cb83b0c6aee0e8fd92022a4e931c919b1f7b5b0421d5c030acf4fe
SSDEEP

3072:AwG2SAjxJCx5Xw0ham3I0nuZ1o2u3I3gkgTgL:xSAx8x5g0Z35Z2uYdIg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5ee170ee850193c5951746b55667b2b4_JaffaCakes118

Files

5ee170ee850193c5951746b55667b2b4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

2e733f686fc43871e5a298f08fe0862d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

M:\cSKbtAusgowmo\kfcGyWcPdKvkrddFqeWbku\yjWGQkQkfdilVF\ngyeIqVgttf\EwaadzZsnvOuuQvt\qfhwjgrvgiAfoqWgwgz.pdb

Imports

user32

InvalidateRgn
GetClipCursor
DrawStateA
SetScrollRange
SetWindowTextW
AdjustWindowRect
TabbedTextOutW
SetCursorPos
SetDlgItemTextA
CopyAcceleratorTableW
KillTimer
IsCharAlphaW
InSendMessage
DrawEdge
GetMenuState
ClipCursor
SetPropW
GetShellWindow
keybd_event
GetWindowTextLengthW
GetNextDlgTabItem
InvalidateRect
AdjustWindowRectEx
SetMenuItemBitmaps
CharToOemBuffA
RegisterWindowMessageW
ShowOwnedPopups
IsDlgButtonChecked

kernel32

TlsSetValue
EnumResourceNamesW
LocalReAlloc
lstrcpyW
EnumSystemLocalesA
FlushFileBuffers
ReleaseSemaphore
SetHandleInformation
CloseHandle
FindResourceExW
CreateEventA
GetModuleHandleW
GetFileAttributesExA
FileTimeToLocalFileTime
CreateWaitableTimerA
GetTempFileNameW

comctl32

ImageList_Draw
ImageList_ReplaceIcon
InitCommonControlsEx
PropertySheetW

shlwapi

StrChrIW

gdi32

GetRgnBox
SetDIBits
GetTextMetricsW
EnumFontFamiliesExW
GetTextMetricsA
SetTextAlign
StartPage
GetBitmapBits
WidenPath
SetBitmapBits
TextOutA
GetDeviceCaps

shell32

ord195
ord196

Exports

Exports

AlphaBlend
?DufiluIOQF67uiofYIFYfUFyf@@YGKEPA_WG@Z

Sections

.text
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e733f686fc43871e5a298f08fe0862d

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

shlwapi

gdi32

shell32

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 63KB

.rdata Size: 27KB - Virtual size: 27KB

.mdata Size: 11KB - Virtual size: 11KB

.data Size: 14KB - Virtual size: 150KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 63KB - Virtual size: 63KB

.rdata
Size: 27KB - Virtual size: 27KB

.mdata
Size: 11KB - Virtual size: 11KB

.data
Size: 14KB - Virtual size: 150KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1KB - Virtual size: 1KB