6641d1a1b4be84df8d907747448744e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6641d1a1b4be84df8d907747448744e5_JaffaCakes118
Size

528KB
MD5

6641d1a1b4be84df8d907747448744e5
SHA1

0194adc90395a9e5b111029a72866f9f66235f0b
SHA256

541e94d3f3f26db908ea88f19010178e4992dbe100ddbfa119436be938033554
SHA512

06b3ade4ac3d1307e125da9902b0c4897deaf56e2b038c8b9c4167d94fb52f4a477cc65e61b8d89d4685ef3179d8214a6989aff5f8bbaf0cb55d217748b70845
SSDEEP

12288:hjQbXCjiFHsMvq4ZAu/lnlMPdzk3JvUujMGlEVOwyX:ObX4iFHhbmTlo3JvUCMGl9wy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6641d1a1b4be84df8d907747448744e5_JaffaCakes118

Files

6641d1a1b4be84df8d907747448744e5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

df6efe5c3b235a17c084ce89d9982ab1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\qdt.PDB

Imports

gdi32

CreateEnhMetaFileW
AbortPath
DeleteDC
SetFontEnumeration
CreateDCA
DeleteObject
CreateICW
GetDeviceCaps
SelectObject
GetObjectW
CreateMetaFileW

shell32

ShellAboutA
SHGetFileInfoW
DragQueryPoint

user32

DestroyWindow
DefWindowProcW
EnumWindowStationsW
SetKeyboardState
ShowCaret
CreateWindowExA
GetInputDesktop
SetScrollRange
MsgWaitForMultipleObjects
CopyImage
GetKeyState
DefDlgProcA
MessageBoxW
TrackPopupMenuEx
GetGUIThreadInfo
SetUserObjectSecurity
ShowWindow
OpenClipboard
DragDetect
FrameRect
IsCharAlphaA
MapVirtualKeyA
EditWndProc
DragObject
RegisterClassA
CreateDialogIndirectParamA
CopyRect
RegisterClassExA
FindWindowExA
GetCaretPos

comctl32

InitCommonControlsEx
ImageList_GetBkColor
DrawStatusText

kernel32

InterlockedDecrement
GetEnvironmentStringsW
GetProcAddress
InterlockedExchange
OpenMutexA
CompareStringA
FreeEnvironmentStringsA
GetFullPathNameA
EnterCriticalSection
HeapDestroy
HeapFree
FlushFileBuffers
WideCharToMultiByte
SuspendThread
HeapAlloc
MultiByteToWideChar
LeaveCriticalSection
ExitProcess
GetTickCount
GetModuleHandleA
InterlockedIncrement
FillConsoleOutputCharacterW
CreateProcessW
WriteFile
VirtualAlloc
DeleteCriticalSection
SetStdHandle
CloseHandle
GetSystemTimeAsFileTime
SetEnvironmentVariableA
GetModuleFileNameA
GetStartupInfoW
GetCommandLineW
GetTimeZoneInformation
TerminateProcess
LoadLibraryA
SetConsoleCP
GetStringTypeW
GetCurrentThreadId
TlsFree
VirtualUnlock
GetSystemTime
SetHandleCount
RtlUnwind
GetCPInfo
EnumResourceTypesA
WriteProfileStringA
QueryPerformanceCounter
FindFirstFileExA
GetAtomNameW
HeapReAlloc
GetCommandLineA
MoveFileExA
UnhandledExceptionFilter
InitializeCriticalSection
HeapCreate
GetShortPathNameA
CompareStringW
ReadFile
GetEnvironmentStrings
LCMapStringW
GetStdHandle
GetCurrentThread
GetFileType
GetLocalTime
FreeEnvironmentStringsW
TlsSetValue
TlsGetValue
GetStringTypeA
TlsAlloc
CreateMutexA
GetVersion
VirtualQuery
GetCurrentProcess
UnlockFile
GetCurrentProcessId
VirtualFree
IsBadWritePtr
GetStartupInfoA
SetLastError
SetFilePointer
GetModuleFileNameW
GetFileTime
GetLastError
LCMapStringA

Sections

.text
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256KB - Virtual size: 255KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df6efe5c3b235a17c084ce89d9982ab1

Headers

File Characteristics

PDB Paths

Imports

gdi32

shell32

user32

comctl32

kernel32

Sections

.text Size: 144KB - Virtual size: 142KB

.rdata Size: 256KB - Virtual size: 255KB

.data Size: 108KB - Virtual size: 124KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 144KB - Virtual size: 142KB

.rdata
Size: 256KB - Virtual size: 255KB

.data
Size: 108KB - Virtual size: 124KB

.rsrc
Size: 16KB - Virtual size: 15KB