61c720c24db4b7e79397573280b5fa82_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

61c720c24db4b7e79397573280b5fa82_JaffaCakes118
Size

178KB
MD5

61c720c24db4b7e79397573280b5fa82
SHA1

f95399b8453de96db2413ef69baea501de1a5ee6
SHA256

0f01647f6d67ea14ff88dd2ab20a9b8b76d14c2e28ce3393f4ec1d62f66a9ef0
SHA512

c042e2c5064fa49cc1ba095bd6a7da89ac8aff20a0f230d4b64290226279bfc7f7baa756f153e644b3ceef8f27d8379d575b1323f0c4cf5fe792fd9ef16237d7
SSDEEP

3072:5lznOJWOm0YpmRpLCOlcN9k3boEz+H9yE9oEcPVHO3YFftpu85Sevr0v:LOBDrYNNG3boo+Hl9oEMhMYFft1SO0v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
61c720c24db4b7e79397573280b5fa82_JaffaCakes118

Files

61c720c24db4b7e79397573280b5fa82_JaffaCakes118
.exe windows:5 windows x86 arch:x86

50440b202d46cde95740146d08c1feab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\hSdGq\rfzub\ieFF.pdb

Imports

shlwapi

UrlUnescapeA
StrCmpNW
UrlGetPartW
StrSpnW

user32

ClipCursor
InvalidateRect
GetClientRect
LoadStringW
KillTimer
GetActiveWindow
UpdateWindow
TranslateAcceleratorA
CharToOemA
IsWindow
FindWindowExA
DrawMenuBar
SetScrollInfo
SystemParametersInfoW
SendMessageW
GetWindowDC
UnionRect
SetLastErrorEx
IsDialogMessageA
CreatePopupMenu
ShowCursor
InvalidateRgn
DefFrameProcW
LoadImageA
LoadBitmapW
SwitchToThisWindow
CharLowerA
MapDialogRect
IsDialogMessageW
ModifyMenuW

comdlg32

FindTextW
ChooseColorW
PrintDlgW
GetOpenFileNameW

gdi32

GetSystemPaletteUse
WidenPath
GetSystemPaletteEntries
CreatePen
GetTextAlign
GetRgnBox
GetDIBColorTable
CreateFontIndirectW
GetFontData
GetTextColor
ExcludeClipRect
SetViewportExtEx
EnumFontsW

kernel32

MoveFileA
CreateRemoteThread
GetCurrentProcessId
FormatMessageW
lstrcmpiW
IsBadCodePtr
lstrcatA
ReadFile
EnumSystemLocalesA
Sleep
SetEvent
GetTickCount
HeapReAlloc
GetFileTime
GetACP
GetThreadContext

Exports

Exports

?___WELEDIIZ_Ehhw_k@@YGPA_NPAEH@Z

Sections

.text
Size: 92KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50440b202d46cde95740146d08c1feab

Headers

File Characteristics

PDB Paths

Imports

shlwapi

user32

comdlg32

gdi32

kernel32

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 332KB

.data Size: 2KB - Virtual size: 1KB

.sdata Size: 25KB - Virtual size: 25KB

.rdata Size: 48KB - Virtual size: 47KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 92KB - Virtual size: 332KB

.data
Size: 2KB - Virtual size: 1KB

.sdata
Size: 25KB - Virtual size: 25KB

.rdata
Size: 48KB - Virtual size: 47KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 1KB - Virtual size: 1KB