60b04236c5b05331fae4c8b6e3b9c79e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60b04236c5b05331fae4c8b6e3b9c79e_JaffaCakes118
Size

166KB
MD5

60b04236c5b05331fae4c8b6e3b9c79e
SHA1

3d91d9706e86c3c73ad093b4d84b174a04e8de1e
SHA256

2c41a6ea7749be9efa3d0d0feb0f34624a6ced450dacfb4c29ec2d1acae9c975
SHA512

dcfbb08c4c4b8a0f366bd48523829054b40bb5c7d50de519d1ce493fb3364b9c4b72aef2c4e24b83a8c73377928d0c518e6db013aa3079254623d2c7ffa2c635
SSDEEP

3072:Ww0HYmAMKU9j5id3l3p6ciWFRYOsDVRq6qlpWLWvkTy:dAkhobVIV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60b04236c5b05331fae4c8b6e3b9c79e_JaffaCakes118

Files

60b04236c5b05331fae4c8b6e3b9c79e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2a4d65e450d3cbd64618502dfc02e71f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

O:\AEXxRnRQafay\xklxrgE\lnurMee.pdb

Imports

ntdll

memset

user32

DefFrameProcW
DefDlgProcA
ShowWindow
MessageBoxExW
GetScrollPos
SetWindowTextA
GetMessageExtraInfo
ModifyMenuW
SwitchToThisWindow
GetNextDlgGroupItem
GetDlgItem
DrawStateW
ExitWindowsEx
GetMessageTime
GetNextDlgTabItem
WindowFromPoint
LoadIconW
InsertMenuItemW
DialogBoxIndirectParamA
InternalGetWindowText
RegisterHotKey
GetMenuStringW
CharLowerW
GetWindowTextA
SetActiveWindow
AppendMenuA
ActivateKeyboardLayout
GetClassInfoExW
ClientToScreen
GetWindowTextW

msvcrt

exit

kernel32

CreateWaitableTimerW
FindResourceW
VerifyVersionInfoW
lstrcatA
TlsGetValue
lstrlenW
SetCommState
SetHandleCount
GetTickCount
CompareStringW
GetStdHandle
FormatMessageA
VirtualFree
lstrcmpiW
SetLocalTime
GetThreadTimes
ReleaseMutex

gdi32

CreatePatternBrush
GetSystemPaletteUse
GetPixel
RestoreDC
EndPath
IntersectClipRect
CreateFontIndirectA
EnumFontsW
CreatePolygonRgn
GetTextMetricsA
EndDoc
ExtTextOutA
GetWindowOrgEx

shlwapi

StrSpnA
ChrCmpIW
UrlGetPartW

Exports

Exports

?_ek_jNX_Dbn_h_v_pgiti@@YGPAMNPAH@Z
?p_scprWM@@YGDE@Z
?whzibh_cV_RS_Q@@YGXJ@Z
?_WWPIAeS_A_W@@YGMPAD@Z
?PMYLSh___teiskjcJVT@@YGKHPAK@Z
?HLGSRAybEW___@@YGMPAN_N@Z
?QZKYFNGUXXOQ_@@YGGKG@Z
?__dGBFFKCu@@YGPAGJ@Z
?mu_iF_NJh@@YGPA_NEK@Z
?mw__HJHHTTLVAUmzvc@@YGNJF@Z
?KHPMCWINyiBJqCHFWYdig@@YGNPAI@Z
?_oJIAKDRXNHGO__AQI@@YGHPAIPAH@Z
?UDIvSTSWG__x_eo_yobgpv@@YGMKPAJ@Z
?APHBBASCGfxlunzc_n@@YGXF@Z
?UUIuixmAZSZN_fme@@YGKFD@Z
?mxnatoIGINT__Aab_xlx@@YGJF@Z
?ryxwFA_V_cl@@YGFPAKM@Z
?gnqrb_l_@@YGPAXHPAK@Z
?PR__Wvw@@YGFGG@Z
?LX_TKLG_DPYDN_XX_tg_hx@@YGXKG@Z
?IQRMIvriTv___ghdZE@@YGXEF@Z
?hxiz_hf_i_HCJFAjsniL@@YGPAEPA_N@Z
?lko_bo_huqUT@@YGIPAEPAH@Z
?_TLET__s@@YGIE@Z
?r_dql_mLEHWBY__cnhwSD@@YGEH@Z
?XxpxOZP_Fvocroxgiwhg_v@@YGPADD@Z
?___Q_IV_VJ_Iejv@@YGPADH@Z
?Mtwszwewfb__x@@YGXGN@Z
?HL__VRHpgkal_lbiIDPS@@YGHEF@Z
?miah_KABLjvirte@@YGPAJI@Z
?N_XDO_R@@YGFPAD@Z
?fnWI_Fapkm__eLZANm_@@YGIPA_N@Z
?_AJVPbKABW_R@@YGDPAF@Z
?ZFCREJHEpbZ_V@@YGXPAK@Z
?x_pb_qxhx__xB_CFMO@@YGPAMF@Z
?YGJTECW_@@YGPAEPAG@Z
?M_CODUR@@YGGHJ@Z
?z_dhPQYBNLcv@@YGDPAD@Z
?KXxtvrJ_YOX__Oja_ej@@YGFJ@Z
?ytIF_AF_oxa_u@@YGKPAM@Z
?FURRP_MHLicupj__xw_@@YGFPAF@Z
?vdymrtl_WGBIGd_j_TV@@YGKJE@Z
?ebgfVO_Z@@YGPAHGPAJ@Z
?CJ__E__YAn@@YGPAXPAD@Z
?STJ_HBE@@YGPAXH@Z
?fvzvLkN_L@@YGHPAJE@Z
?isP_mqvi_oavcR@@YGJPAGPAK@Z
?eTW_sbl_t_x@@YGXE@Z
?xad_rKWYD_SKOTJDTVISG@@YGDPAEI@Z
?Ep_wessX_UCFO@@YGPAHH@Z
?du_q____hp_@@YGIE@Z
?KTNMZow@@YGJPAI@Z
?vxjaxdgixxJBQM_V_vkm@@YGHPAK@Z
?OBTGY_U_@@YGGPAI@Z
?iFAcvc_N_P@@YGID@Z
?teyt__O@@YGKI@Z
?__y_b_kq@@YGHG@Z
?_mt__upoKGi__a__weJ@@YGPAEPAH@Z
?yfWXKOWWOX@@YGFDF@Z
?k_qZ_te@@YGEEPA_N@Z
?hmdo_nm_j_pkpbm_@@YGPANI@Z
?nhkeaatyLCFL_@@YGDE@Z
?mhy_tNHBVO_D__b@@YGMKPAM@Z
?xdjdkrd@@YGFPADM@Z
?bm_aspu@@YGDM@Z
?fX_UM_YCFK_Pi_YUKKLFQ@@YGPADJ@Z
?tck_sjn@@YGEPADE@Z
?_eNPI_T_ogxxf@@YGGF@Z
?P__ROK_Uyws@@YGPAHPAGPAE@Z
?G__NCLNMvzv@@YGPAXPAJ@Z
?it__q_dyfrkkfbqfj_ek@@YGMH@Z
?kqoyNHKahjaof_cLju@@YGXD@Z
?C_WRnrcj_t@@YGNPAKK@Z
?OSv_rkfwlxeGQXULlpvl@@YGHPAJ@Z
?cqi_WEYw_aup_m@@YGJGM@Z
?_jaG_M__jzioIGLYEPAQj@@YGHHPAH@Z
?_fun_g_jjth__nsmiwt@@YGXM@Z
?r_t_qmmVJjkrY_U_ALMTp@@YGPAGJ@Z
?kwbqq_t@@YGXI@Z
?cotGXCIT@@YGPAJPAGG@Z
?_xh_j_g_@@YGEDK@Z
?JE_JNFG_gs@@YGPAJK@Z
?Qppcvhp@@YGEGE@Z
?R_F_Xp_kblnDX@@YGDPAI@Z
?JCLZvlbz_o__ip@@YGPAXE@Z
?_pzk_bopm____kC_FG_Qf@@YGPAMH@Z
?ULM_T_V_@@YGPAXPAI@Z
?mxle_kjjZZCKkitmbh@@YGMDE@Z
?_POMNemy_c@@YG_NFPAH@Z
?XIVy_x_hyrpzkwk@@YGPAMHPAK@Z
?tw_wiSTXpyoy@@YGPADPAD@Z
?MJRMBqrtNKk__n_vPDx_u@@YGPAXED@Z
?LEawhJ_V_S_YCLD@@YGPAXPA_NK@Z
?rVEPJStzuouvd@@YGPADPAJ@Z
?LIHPJKCH_RGFw_rvrv@@YGKMPAN@Z
?_Ihl__oe_xb@@YGDPAK_N@Z
?dvyvC_ChjphoKOK_IR_B@@YGIPAD@Z
?XD_WUXdbg_z_zex@@YGPAHH@Z
?__XXzrxun_sVQW@@YGPAIJ@Z
?oagqr_EW_NR_nrphgZ_@@YGXPAGPAK@Z
?wkjcov_nh_e_nur_@@YGMHE@Z

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ldata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 38KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a4d65e450d3cbd64618502dfc02e71f

Headers

File Characteristics

PDB Paths

Imports

ntdll

user32

msvcrt

kernel32

gdi32

shlwapi

Exports

Exports

Sections

.text Size: 92KB - Virtual size: 92KB

.ldata Size: 2KB - Virtual size: 1KB

.data Size: 38KB - Virtual size: 163KB

.rdata Size: 512B - Virtual size: 348B

.crt Size: 28KB - Virtual size: 27KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 92KB - Virtual size: 92KB

.ldata
Size: 2KB - Virtual size: 1KB

.data
Size: 38KB - Virtual size: 163KB

.rdata
Size: 512B - Virtual size: 348B

.crt
Size: 28KB - Virtual size: 27KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 3KB