6aa5467b961dca1e1e544b924fdb99e6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6aa5467b961dca1e1e544b924fdb99e6_JaffaCakes118
Size

74KB
MD5

6aa5467b961dca1e1e544b924fdb99e6
SHA1

86f365d4b9fb608113a84e1c0768fbd4cad1d154
SHA256

1162fb24c69314f317654322d4bcc0ee5b0ed330871e174a778c804a81b759f3
SHA512

0d19eef00b50963d2f0b05c7b1a7b04a7ac47a36f88b78cd925276d0818f5f1f9ee722797c069bf5c8e2167bd9a43d8be8874613cae0180920207573b358fee9
SSDEEP

1536:qiOY/tamEVdOACUmISjpxl1ZHvCa9O2wR8bQR8bkowhb:qlY/tBudOrISjplIKO2s8g8wom

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6aa5467b961dca1e1e544b924fdb99e6_JaffaCakes118

Files

6aa5467b961dca1e1e544b924fdb99e6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cc02991c3537eb146cbbb2f3aa8f51c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
LoadLibraryA
InterlockedExchange
GetModuleHandleA
SetLastError
CloseHandle
GetFileSize
MulDiv
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
InterlockedCompareExchange
Sleep
GlobalFree
GlobalHandle
GlobalUnlock
IsDebuggerPresent
FindClose

advapi32

RegCloseKey

user32

TranslateMessage
GetClientRect
SetCursor
SetRect
CopyRect
GetWindowRect
GetDC
IsWindow
GetParent
ReleaseDC
SetWindowTextA
SetDlgItemTextA
EndDialog
RedrawWindow
EnumChildWindows
InvalidateRect
UpdateWindow
DestroyWindow

gdi32

RealizePalette
GetStockObject
DeleteObject
SelectPalette

mfc90u

ord1791
ord1792
ord2139
ord1442
ord3226
ord6376
ord5404
ord3682
ord6804
ord4174
ord6802
ord1641
ord2368
ord2375
ord2630
ord2612
ord2610
ord2628
ord2640
ord2617
ord2633
ord2638
ord2621
ord2623
ord2625
ord2619
ord2635
ord2615
ord971
ord967
ord969
ord965
ord960
ord5683
ord5685
ord6466
ord1728
ord4702
ord5154
ord3743
ord4603
ord6800
ord5512
ord2074
ord4664
ord4345
ord1751
ord1754
ord4405
ord1599
ord938
ord3803
ord4004
ord388
ord650
ord1254
ord5137
ord813
ord2326
ord4677
ord3035
ord3340
ord1144
ord933
ord1333
ord5603
ord286
ord6426
ord405
ord664
ord3360
ord2209
ord3399
ord4684
ord4906
ord6553
ord6439
ord4641
ord2090
ord5945
ord3009
ord5861
ord1462
ord5676
ord5606
ord2239
ord2204
ord6762
ord2867
ord2859
ord4994
ord5979
ord3922
ord2069
ord4031
ord567
ord768
ord5624
ord6496
ord6605
ord5418
ord4990
ord5495
ord5020
ord3396
ord6577
ord2592
ord2597
ord6755
ord4057
ord5973
ord5371
ord3488
ord1183
ord2106
ord3543
ord2465
ord5322
ord4693
ord1440
ord3681
ord5664
ord5601
ord1493
ord6411
ord3355
ord4378
ord5293
ord5296
ord1727
ord4805
ord4802
ord4820
ord4823
ord4807
ord5209
ord4599
ord4590
ord5214
ord4622
ord5224
ord4865
ord4866
ord4109
ord3852
ord4012
ord450
ord670
ord5618
ord4685
ord2138
ord3225
ord6375
ord4697
ord1380
ord2369
ord5657
ord2070
ord5598
ord4344
ord1681
ord4430
ord2650
ord2651
ord3287
ord5803
ord981
ord6381
ord3230
ord6379
ord3229
ord5338
ord3233
ord4553
ord4730
ord5451
ord5447
ord2860
ord2079
ord2445
ord5354
ord4985
ord1697
ord5448
ord3853
ord4586
ord4013
ord451
ord576
ord779
ord585
ord788
ord4720
ord4451
ord6181
ord6338
ord3381
ord6424
ord2340
ord2341
ord2189
ord3232
ord6579
ord5619
ord4670
ord4687
ord4698
ord5658
ord2071
ord4431
ord2652
ord980
ord6382
ord6380
ord4731
ord5452
ord5449
ord2080
ord1733
ord4126
ord4347
ord4996
ord5680
ord5663
ord6018
ord2771
ord2983
ord3112
ord4728
ord2966
ord3115
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4905
ord4681
ord3670
ord1048
ord290
ord3333
ord3033
ord4516
ord2537
ord280
ord5548
ord1572
ord3217
ord2447
ord6575
ord5650
ord3140
ord4127
ord6604
ord5567
ord617
ord341
ord996
ord457
ord799
ord3423
ord811
ord600
ord296
ord4441
ord6482
ord794
ord589
ord4043
ord4893
ord4890
ord801
ord4910
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord6741
ord5830
ord4213
ord2087
ord4800
ord5674
ord1272
ord1137
ord6044

msvcr90

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
memset
vsprintf_s
sprintf_s
strcat_s
strcpy_s
_time64
free
swprintf_s
wcscpy_s
__CxxFrameHandler3

ltkrnu

ord259
ord37
ord26
ord116
ord67
ord133
ord385

ltdisu

ord60
ord59
ord3
ord82
ord34
ord113
ord32

ltfilu

ord23
ord65
ord100
ord32

ltdlgfileu

ord5

ltdlgkrnu

ord5
ord1

ltimgefxu

ord10

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc02991c3537eb146cbbb2f3aa8f51c3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

mfc90u

msvcr90

ltkrnu

ltdisu

ltfilu

ltdlgfileu

ltdlgkrnu

ltimgefxu

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 7KB

.rsrc Size: 26KB - Virtual size: 26KB

.reloc Size: 6KB - Virtual size: 6KB

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 7KB

.rsrc
Size: 26KB - Virtual size: 26KB

.reloc
Size: 6KB - Virtual size: 6KB