6858da2dbc19d64105da9eec731767e7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6858da2dbc19d64105da9eec731767e7_JaffaCakes118
Size

532KB
MD5

6858da2dbc19d64105da9eec731767e7
SHA1

10198f4853f594992b8b7c8fd6bbea9135fb8681
SHA256

15c2d8e814d101aab59f8892e8825eac7eee1f8586e95bd6ee8387d22be1f804
SHA512

72219b05fd00160b1ea20667171b986685ee9a416078dd333495138c6d5494d2f922fd3ff421e77b989cfd99fadd59b924b7d2aacf6ba4c3cedd40ac7817d1d0
SSDEEP

12288:oFlB7tsFcZTlskH+m2eR/EvfzHxY7/C33+sET9:oFlB7t0MTb6nTxY763m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6858da2dbc19d64105da9eec731767e7_JaffaCakes118

Files

6858da2dbc19d64105da9eec731767e7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a10799831b9317bb4b9006915dd1935b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\vdbckrek\rldjto\kgroqjeen.PDB

Imports

wininet

IsUrlCacheEntryExpiredW
GetUrlCacheEntryInfoExW
InternetCombineUrlW

user32

EnumDesktopWindows
GetCursorInfo
CloseWindow
GetClassNameA
ShowWindow
CharNextW
CreateWindowExW
RegisterClassA
EndPaint
WINNLSEnableIME
SetMenuItemInfoW
DestroyWindow
SetRectEmpty
SetWindowPos
CharLowerA
DdeConnect
RegisterWindowMessageA
DefWindowProcA
UnregisterDeviceNotification
SetCursor
RegisterClassExA
DdeImpersonateClient
SetParent
LoadStringW
CreateAcceleratorTableW
MessageBoxW

gdi32

CopyEnhMetaFileW
EnumFontFamiliesExA
CreateDCW
GetTextExtentPointA
SaveDC
GetDeviceCaps
GetObjectA
GetObjectW
EndPath
DeleteObject
AngleArc
GetTextMetricsA
GetAspectRatioFilterEx
EqualRgn
PtVisible
DeleteDC

advapi32

RegRestoreKeyW
LookupPrivilegeDisplayNameA
ReportEventA
CryptSetProviderW
RegEnumValueW
CryptGetUserKey
CryptCreateHash
CryptSetProvParam
RegEnumKeyA
LookupAccountSidW

kernel32

GetDateFormatA
GetPrivateProfileIntA
TlsGetValue
GetStringTypeW
VirtualLock
EnumResourceTypesA
DeleteFileA
GetPrivateProfileStructA
TerminateProcess
InterlockedExchange
InitializeCriticalSection
CompareStringA
UnhandledExceptionFilter
HeapFree
GetTimeZoneInformation
SetStdHandle
lstrcpyA
GetFullPathNameW
ReadFile
GetCompressedFileSizeA
IsBadReadPtr
EnumDateFormatsExW
VirtualAlloc
HeapCreate
CloseHandle
EnumCalendarInfoW
GetLastError
SetFilePointer
HeapReAlloc
SetEnvironmentVariableW
GetStringTypeA
InterlockedDecrement
GetLongPathNameW
WritePrivateProfileSectionW
FreeLibraryAndExitThread
VirtualQuery
GlobalUnlock
DeleteCriticalSection
GetSystemTime
OpenMutexA
GetTimeFormatW
CreateFileMappingW
GetModuleHandleA
ExitProcess
GetCompressedFileSizeW
GetLongPathNameA
GetCPInfo
CreateWaitableTimerW
GetStdHandle
FindResourceExW
InterlockedIncrement
LockFile
LoadLibraryW
FreeEnvironmentStringsA
ReadConsoleInputA
SetPriorityClass
GetFullPathNameA
QueryPerformanceCounter
IsBadWritePtr
GetPrivateProfileStructW
GetCurrentThread
RemoveDirectoryA
WriteFile
FreeEnvironmentStringsW
SystemTimeToTzSpecificLocalTime
GetModuleFileNameA
RaiseException
VirtualFree
lstrcpyW
LoadLibraryA
GetLocaleInfoW
GetConsoleCursorInfo
GetExitCodeThread
SetEnvironmentVariableA
GlobalGetAtomNameW
LCMapStringA
GetFileType
GetCurrentProcess
TlsSetValue
GetLocalTime
CompareStringW
DeleteAtom
GetCurrentProcessId
GetProcAddress
EnterCriticalSection
GetCommandLineA
GetTickCount
lstrcpyn
FindAtomA
SetCurrentDirectoryW
SetHandleCount
FindNextFileA
EnumResourceLanguagesW
SetLastError
LCMapStringW
ContinueDebugEvent
FlushFileBuffers
GetStartupInfoA
SetThreadPriority
GetTempPathW
MultiByteToWideChar
GetStringTypeExA
LeaveCriticalSection
RtlUnwind
HeapDestroy
WideCharToMultiByte
GetProfileIntA
GetEnvironmentStrings
TlsAlloc
CreateMutexA
LoadModule
TlsFree
GetACP
GetEnvironmentStringsW
HeapAlloc
CreateDirectoryW
GetOEMCP
GetVersion
GetCurrentThreadId
GetSystemTimeAsFileTime
lstrcmpi

comctl32

InitCommonControlsEx
CreatePropertySheetPageW
DrawStatusTextA
ImageList_SetOverlayImage
CreateStatusWindowA
CreatePropertySheetPage
ImageList_SetImageCount
ImageList_Create

comdlg32

LoadAlterBitmap

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 244KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a10799831b9317bb4b9006915dd1935b

Headers

File Characteristics

PDB Paths

Imports

wininet

user32

gdi32

advapi32

kernel32

comctl32

comdlg32

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 244KB - Virtual size: 240KB

.data Size: 112KB - Virtual size: 136KB

.rsrc Size: 28KB - Virtual size: 26KB

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 244KB - Virtual size: 240KB

.data
Size: 112KB - Virtual size: 136KB

.rsrc
Size: 28KB - Virtual size: 26KB