60cdc892279293463dd9ab58dbed6f13_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

60cdc892279293463dd9ab58dbed6f13_JaffaCakes118
Size

481KB
MD5

60cdc892279293463dd9ab58dbed6f13
SHA1

f3bc37194b33f1e57aff56cddf174056bd9d5c89
SHA256

786b229d653b9544c9d7abc8fce0f6bdc6a2d5dce259fa07cf9ce288d9528369
SHA512

7681fe3014d4522db6c20d322e143e03117f8474655e57afff5f611dc4f4f7e30fc1ee489c6cb26a030a94f9487d0300c38d617b4e00edcda6c3f779e066ce6e
SSDEEP

12288:T3FjwFQC+iWrH9hBvk++rAOJIv2y04njwL:TZB5imd7arJ82y0l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
60cdc892279293463dd9ab58dbed6f13_JaffaCakes118

Files

60cdc892279293463dd9ab58dbed6f13_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5f0f3c05675836dde48e5a485dfca312

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\uueoeejqd\evrs.pdb

Imports

comctl32

InitCommonControlsEx

gdi32

GetLayout
ExtCreateRegion
GetCharWidthFloatW
CreatePen
SetWindowExtEx
Chord
SetPaletteEntries

user32

RegisterClassA
PackDDElParam
GetClassLongA
GetClassInfoExA
CharToOemW
ShowOwnedPopups
CallMsgFilter
TabbedTextOutA
NotifyWinEvent
CreateDesktopW
ShowWindowAsync
RegisterClassExA
CharNextA
ShowScrollBar
TranslateMessage
MoveWindow
EndDeferWindowPos
PostQuitMessage

kernel32

HeapReAlloc
GetCommandLineA
TlsAlloc
IsValidLocale
VirtualAlloc
CloseHandle
GetStartupInfoW
TlsFree
GetStringTypeW
GetModuleFileNameA
HeapSize
HeapCreate
FreeEnvironmentStringsW
DeleteCriticalSection
lstrlen
OpenMutexA
RtlZeroMemory
FlushFileBuffers
FindNextChangeNotification
IsBadReadPtr
GetTickCount
GetFileType
SetLastError
GetModuleHandleA
VirtualQuery
GetSystemTimeAsFileTime
ExitProcess
GetEnvironmentStringsW
HeapDestroy
InterlockedExchange
GetStringTypeA
LockFileEx
IsValidCodePage
LeaveCriticalSection
GetCommandLineW
GetTimeZoneInformation
TlsGetValue
TlsSetValue
GetEnvironmentStrings
EnterCriticalSection
GetCurrentProcess
GetVersionExA
TerminateProcess
VirtualFree
GetCurrentProcessId
GetLastError
GetCurrentThreadId
ReadFile
GetUserDefaultLCID
GetStdHandle
lstrcpyn
SetHandleCount
RtlUnwind
LoadLibraryA
GetSystemInfo
HeapFree
UnhandledExceptionFilter
CreateMutexA
GetModuleFileNameW
SetFilePointer
EnumSystemLocalesA
CompareStringW
GetProcAddress
GetACP
FreeEnvironmentStringsA
GetCalendarInfoW
InitializeCriticalSection
VirtualProtect
SetStdHandle
SetEnvironmentVariableA
LCMapStringW
GetTimeFormatA
QueryPerformanceCounter
MultiByteToWideChar
GetOEMCP
WriteFile
HeapAlloc
GetCPInfo
WideCharToMultiByte
LCMapStringA
GetDateFormatA
GetLocaleInfoA
IsBadWritePtr
GetStartupInfoA
CompareStringA
GetCurrentThread
MoveFileW
GetLocaleInfoW

comdlg32

GetSaveFileNameA
LoadAlterBitmap

Sections

.text
Size: 299KB - Virtual size: 299KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f0f3c05675836dde48e5a485dfca312

Headers

File Characteristics

PDB Paths

Imports

comctl32

gdi32

user32

kernel32

comdlg32

Sections

.text Size: 299KB - Virtual size: 299KB

.rdata Size: 59KB - Virtual size: 69KB

.data Size: 103KB - Virtual size: 103KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 299KB - Virtual size: 299KB

.rdata
Size: 59KB - Virtual size: 69KB

.data
Size: 103KB - Virtual size: 103KB

.rsrc
Size: 18KB - Virtual size: 17KB