681de31d3668ead82da2d7b1aad83808_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

681de31d3668ead82da2d7b1aad83808_JaffaCakes118
Size

47KB
MD5

681de31d3668ead82da2d7b1aad83808
SHA1

8ddd72b7c59620736f3bd4775a7b7621a8264d25
SHA256

7dc5e97217f5a2c8ad424f4f1b804a7e79395abc436e230de35d2a395d17de4f
SHA512

df763b19c1f93f09dd306cd87495816772ec60ff5457e7f440e4ba92484337fa1b07560f6062da6a82425500f7017cac5751ee53130e29ebcf56f27c85755f76
SSDEEP

768:dmNreA1DDe0O235/oQv9mtTqyq1xIFmb/icNjbI:u5e0OAFCqLN5Njb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
681de31d3668ead82da2d7b1aad83808_JaffaCakes118

Files

681de31d3668ead82da2d7b1aad83808_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ac5dc34e68f69c41eaeee95d5a37ffa5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\qqgkuqmd\majOxm\UfQhlrGp.pdb

Imports

shlwapi

PathMakePrettyW
StrSpnA

gdi32

GetPixel
CreateCompatibleDC
ExcludeClipRect
CreateCompatibleBitmap
RemoveFontResourceW

ntdll

_stricmp
memset

kernel32

IsBadReadPtr
FindFirstFileA
SetCommTimeouts
LeaveCriticalSection
lstrcmpiW
ExitProcess
InterlockedExchangeAdd
SetTimerQueueTimer
GetCurrentProcessId
InterlockedExchange
lstrcmpW

comctl32

ImageList_GetIcon
CreatePropertySheetPageW
ImageList_Write
PropertySheetW

user32

ShowWindowAsync
MonitorFromPoint
GetWindowTextLengthW
GetSystemMenu
GetSubMenu
DrawIcon
GetWindowPlacement
ChildWindowFromPoint
GetWindow
RegisterClassExW
GetMessageTime
GetScrollRange

comdlg32

PrintDlgW
GetSaveFileNameW

Exports

Exports

?V_RNUW_@@YGPAKKPAE@Z
?EXHN_s_h__s_yYBUSSLrE@@YGDPADH@Z
?xw__kaaT__qVIMy@@YGMPAHF@Z
?vmvMU_JDJW_CXVAPN@@YGPAGG@Z
?K___IrqqluBHC_Lfdyw_@@YGIJ@Z
?dljkru_flCN_NCN_tju_@@YGPANDE@Z
?UJGfpawmj_b_pr@@YGJFPAG@Z
?XYQVdiewgdd_@@YGXH@Z
?CUEunTFNIwxasdTbkkd_@@YGG_NPAM@Z
?_vfal_t_o_qv@@YGGPAG@Z

Sections

.code
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.import
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac5dc34e68f69c41eaeee95d5a37ffa5

Headers

File Characteristics

PDB Paths

Imports

shlwapi

gdi32

ntdll

kernel32

comctl32

user32

comdlg32

Exports

Exports

Sections

.code Size: 23KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 40KB

.rdata Size: 2KB - Virtual size: 2KB

.edata Size: 512B - Virtual size: 480B

.import Size: 1KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 2KB - Virtual size: 1KB

.code
Size: 23KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 40KB

.rdata
Size: 2KB - Virtual size: 2KB

.edata
Size: 512B - Virtual size: 480B

.import
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 1KB