5f1e737a20435b647d2c34342f830586_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5f1e737a20435b647d2c34342f830586_JaffaCakes118
Size

53KB
MD5

5f1e737a20435b647d2c34342f830586
SHA1

daed8b69f22aff48051e859e436f45ced8a279d4
SHA256

5f6e229745b6da05526dca76a836c1d6634baac584887f77f1bd45e0970ed166
SHA512

c57a18ca1cea7b7e134c7d5146a39d6274b98f27a71b9d1562c46f0700f72310eb4e6095fddb6d648b02b22e77e0c53002f64817f21bac7680a62b0163cbbd37
SSDEEP

1536:AuN4K87wge3WZ4xJDbApJQUq6g2iFgxNXsO2+:R8n4xBCTygxA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f1e737a20435b647d2c34342f830586_JaffaCakes118

Files

5f1e737a20435b647d2c34342f830586_JaffaCakes118
.exe windows:5 windows x86 arch:x86

327ac5a47cc1879349f2c3da603666b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Y:\wvlfusIfxbFye\ZhhcHcxwccagqx\aSaeSqyvzvez\otoyoZYe.pdb

Imports

user32

GetTopWindow
AllowSetForegroundWindow
GetNextDlgGroupItem
SetPropW
MoveWindow
MessageBoxExW
DefWindowProcA
IsChild
DialogBoxParamA
SwitchToThisWindow
ClientToScreen
LockWindowUpdate
SendNotifyMessageW
WindowFromPoint
MapDialogRect
ReplyMessage
AdjustWindowRectEx
GetScrollInfo
DestroyWindow
SetWindowTextW
EnumChildWindows
GetClassInfoExW
RegisterHotKey
GetWindowTextA
LoadCursorW
DefFrameProcA
OemToCharBuffA
GetFocus
FindWindowExA

shlwapi

StrSpnA
ChrCmpIW
UrlGetPartW

msvcrt

exit

ntdll

memset

kernel32

QueryPerformanceCounter
lstrcmpiW
lstrcatA
GetComputerNameExW
IsDBCSLeadByteEx
lstrlenW
TlsSetValue
GlobalAddAtomW
GlobalSize
LocalFree
lstrcpynW
SearchPathW
GlobalCompact
SetMailslotInfo
SetLocalTime
SetFilePointer
CompareStringW
SetTimerQueueTimer

gdi32

SetViewportOrgEx
Escape
DeleteObject
CreateSolidBrush
ResizePalette
RectInRegion
GetBitmapBits
GetClipBox
GetViewportOrgEx
CreateEllipticRgnIndirect
GetFontData
SetBrushOrgEx
Polygon

Exports

Exports

?QOSWDejrRjbLSHFLM__E_@@YGKHH@Z
?ssHEIDDOLD_@@YGPAXPAG@Z
?__azJBD__GJT@@YGKM@Z
?_wekwwB_xl_QD@@YGXEPAG@Z
?omn_JTDN@@YGG_N@Z
?hs_UJIC_XFGjblI@@YGDPADPAE@Z
?CUXtamihHDgKREho@@YGFMPAI@Z
?MZdf_iBCR_bjmAZ_CTIB@@YGPAXPAHPAK@Z
?GHGm__xpmgi_n@@YGPANE@Z
?WCQyzzgERn_fukIDCQO@@YGPAKPAKPAN@Z
?F_D_OMUBA_PWugqJRS_Z@@YGPAHH@Z
?p_vampisqhtTN@@YGED@Z
?WCDDinpNF@@YGGPAM@Z
?obrJSkawARQVhh_eg__i@@YGPAXDPAJ@Z
?WCUhg__mi_hi_le_xb@@YGDPAJ@Z
?b__dbyk_y_t_x__jTSX@@YGPAEPAI@Z
?usnsa_askpbtvi_wZN@@YGFG@Z
?__k_hj__maYD@@YGPAINF@Z
?_avpz_rk_daMZTOB@@YGFPAEPAJ@Z
?XTL_LR_SG@@YGPA_NN@Z
?_AQKJnQAN_Wbrgo_mmO_@@YGKH@Z
?gklpea_@@YGKPAK@Z
?__XQBMAHSIltibr_pb_x@@YGDDPAJ@Z
?YYGszds_yh@@YGXJ_N@Z
?CUEZM___WYNauhv_@@YGJN@Z
?IXdtj__s_t_eSXBP@@YGDE@Z
?n_bgb_xd_m@@YGPAKEF@Z
?emz_rtHW@@YGKH@Z
?LEVCLI_JKa_doPZIo@@YGHPAII@Z
?_ZNUJKVOAUIZHZLU@@YGPAMN@Z
?_ff_bx_xdjd_s_k_Ivi@@YGKMD@Z
?e_e__hwtyoe_qOH@@YGPAEPAI@Z
?WOYZ_aqe@@YGXIPAJ@Z
?X_Wkdfywo_yzjzxRO@@YGPAEI_N@Z
?ZMDJBBB_gtqk__qqinjtj@@YGHPAI@Z
?_toY_SNJVMH_WBHWZA@@YGM_ND@Z
?K_Q_o_vwdv_yfbmq@@YGPAMHE@Z
?FVR_nxrw_gPK_Wi@@YGPAHF@Z
?__RJQ__G@@YGPA_NPAK@Z
?_qd_ucg_zk_wzdeu_hj@@YGPAJJH@Z
?_AYAB_XTaezyjasfeh@@YGDMPA_N@Z
?GF_INUOCX_BUMR@@YG_NH_N@Z
?lN__S_F@@YGJJ@Z
?T___T_NCHX_VZBPJ@@YGDD@Z
?Z__H_XU_pnlioc_h@@YG_NM@Z
?_UYOtyAB_NGtm_r@@YG_NPAI@Z
?_YTZKBEHuJJH__Z_El@@YGFHPAH@Z
?nAOCSL_DNLCHcqsupg@@YGPADPAM@Z
?QJ_Vc_wxu_k@@YGIJE@Z
?L_yfHEQj_cuNHJQHDOLI@@YGPAXE@Z
?GJRLDEQXR@@YGHMPAD@Z
?D_H_N_HD__xbpaKSc_v@@YGXHPAM@Z
?j_foAHQ_T_TY@@YGXPAK@Z
?VMSXfgegiVHRxobzSUbwk@@YGKE@Z
?HZLWKQ_ITSIia@@YGJI@Z
?PBGEIIXEK@@YGPADJ@Z
?tk__gkoy_bwjZMt@@YGPAJI@Z
?Fjq_wr_vVBYFW@@YGPAXNE@Z
?_VPqh_vWEX_YBO@@YGXJ_N@Z
?uyb__DA_GRY_jqhklsjbo@@YGPAEEPAD@Z
?ac___twm__U@@YGEPAH@Z
?_ATyumel___f_x_rpe__Iu@@YGXPAH@Z
?_tvYOQZRLat@@YGMPAMJ@Z
?_rfoISNL_Asd@@YGHJ@Z
?_NIA_YIB_MOVW_F_@@YGPADJ@Z
?FZ_o___ptskwb@@YGXJ@Z
?s_n_oki___db_@@YGIPAD@Z
?__s_Eoh_lR@@YGHM@Z
?ndtxb_rv_no@@YGXKF@Z
?d_mdmFURyH_gt@@YGHPADE@Z
?kvNpvldq@@YGPAIKM@Z
?FMHPunBDM_Q_QLMHQZ@@YGXKJ@Z
?KLUAe_mvuroowa@@YGXE@Z
?MTY_ZIXDBDIIde_uuz@@YGPADKPAN@Z
?BVAYULOZSV_VI@@YGPAXJ@Z
?_cIPNnjD_u_h@@YGJF@Z
?_rpx__usu@@YGXH@Z
?qK__NQEas_vqpZFMZ@@YGNPAHH@Z
?wS_Ilq_e_t@@YGXDPAF@Z
?evautg_yyknzwBi@@YGPAJKM@Z
?chfsejfnPSTV_ZQFB@@YGPAIK@Z
?_LUKBVX@@YGJPAIN@Z
?qgcam__hp_mpwAFhp@@YGPAMPAE@Z
?xdz_ctqy@@YGPAIMJ@Z
?Y_YZLLENLOZXR__DIH@@YGPAIGJ@Z
?dzvt_lafey__wp_weW@@YGPADHH@Z
?fssV__S_@@YGGPAFK@Z
?mal_fStjtnugq__lip___K@@YGPAEPAGPAM@Z
?wcaXY_FORX@@YGPAEIF@Z
?CZU_KB_btSQKT@@YGNFPAK@Z
?_IY_FFpch_jtqz_i@@YGPADDPAE@Z
?YywyHVSgl_eLRsv__ea@@YGPAD_NM@Z
?ivraZ_X@@YGKDPAF@Z
?aow__c_hauti@@YGPAHEPAI@Z
?xk_nb_VAJH@@YGXPA_NJ@Z
?K_ITSNVw_qoscwh_@@YGMJPAF@Z
?BSESE_b_onltmM_ezpx_vl@@YGPAXE@Z
?i_pi_yYKHPVcvrxa@@YGPAEKG@Z
?zstiu_STWFI_G__Fx@@YG_NDPAK@Z
?tjv_zSJUBNQM@@YGPADIK@Z
?yaq_bhW_TA@@YGPAJGG@Z
?PLTPB_ADK_GdhoaG_PL@@YGKJN@Z
?_P_IH_X@@YGDPAM@Z

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ldata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

327ac5a47cc1879349f2c3da603666b7

Headers

File Characteristics

PDB Paths

Imports

user32

shlwapi

msvcrt

ntdll

kernel32

gdi32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.ldata Size: 2KB - Virtual size: 1KB

.data Size: 5KB - Virtual size: 5KB

.rdata Size: 512B - Virtual size: 348B

.crt Size: 17KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 23KB - Virtual size: 23KB

.ldata
Size: 2KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 5KB

.rdata
Size: 512B - Virtual size: 348B

.crt
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 3KB