78fa9b681639d2d242b6d3262222f748_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

78fa9b681639d2d242b6d3262222f748_JaffaCakes118
Size

170KB
MD5

78fa9b681639d2d242b6d3262222f748
SHA1

d87de6fa61d1b1c30f8c70a95f3bf71a932e8ba0
SHA256

8b87f9f1733c13bcb5bd7968914864faef8a4e25434b208a5d70866b03e464e7
SHA512

271a599927beca40992fdfe53ef49f17482869f5aa4cf165cdc6319052edd441326cc26e660eac1cd0ae14a15434ca21ed6d4cced1da6f13b563ecbe549a6cf6
SSDEEP

3072:LTEgbn20YwYYpHs9K9IJbx23sBEUHhY2lTRDliqxv5nkjtU0yRmYGUynFFWBlJ:kgbnGRmIW3s6UHhYGffm4RBGt/WBl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
78fa9b681639d2d242b6d3262222f748_JaffaCakes118

Files

78fa9b681639d2d242b6d3262222f748_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8eea2d0e3440dc5626c30d47f747ab98

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\kjusBtaFyfZsv\dUuUhmt\ZveDijvRoxi\aiBlNUDogZ.pdb

Imports

user32

GetDC
UnloadKeyboardLayout
GetSysColor
SetDlgItemTextW
GrayStringW
InSendMessage
MoveWindow
EnableScrollBar
GetMessagePos
OemToCharBuffA
FindWindowA
LoadIconW
CreateIconFromResource
MapDialogRect
TranslateAcceleratorW
GetClipCursor
ScreenToClient
GetParent
FindWindowExA
LoadIconA
CharPrevW
SendDlgItemMessageA
ShowWindowAsync
GetMenuItemID
ActivateKeyboardLayout
ExitWindowsEx
GetUserObjectInformationA
LoadMenuA
SystemParametersInfoA

comdlg32

GetOpenFileNameA
PrintDlgW
GetOpenFileNameW
ChooseFontW

gdi32

CreateBitmap
GetDIBColorTable
TranslateCharsetInfo
GetClipBox
EndPage
GetViewportOrgEx
GetNearestPaletteIndex
ScaleViewportExtEx
SetViewportExtEx
GetObjectA
SetLayout
PolyBezier
GetTextExtentPoint32A

comctl32

ImageList_GetImageCount
CreateStatusWindowW
ImageList_Draw
ImageList_ReplaceIcon

msvcrt

exit

kernel32

GlobalFree
ReleaseMutex
IsBadWritePtr
lstrcmpiW
SetThreadAffinityMask
GetHandleInformation
GetProcAddress
HeapAlloc
GetModuleHandleA
CreateNamedPipeA
GetSystemTimeAsFileTime
lstrlenW
GetPriorityClass
GetModuleHandleW
lstrcpyA

ntdll

strcspn
memset

Exports

Exports

?__qwUREB_T@@YGHK@Z
?JC_MQCXZL_fj@@YGKJ@Z
?LWb_wnoPJc_uA@@YGEPADK@Z
?_rzprqj@@YGFK@Z
?_O_UBFLkpszuA_@@YGPADPAE@Z
?RSSBBkop_nL_V@@YG_NPAE@Z
?A__BAJrm_kxv_@@YGXEG@Z
?biXa_ymsw__ED__HL@@YGDPAM@Z
?pdaNMC_G_NJ_UIDAFUVD_@@YGIH@Z
?BFKKGGWZN@@YGHPAFG@Z
?ueyvavyxlh@@YGHPAF@Z
?KXPEqqogaw_Gnaksnwp_@@YGPAGK@Z
?__sl_b_cvkhyh__le_@@YGPAEHPAD@Z
?_WTOk_sLMY_MHkpH@@YGEJPAK@Z
?TYGJ_Etjf@@YGFKPAJ@Z
?TYNd_w_eKMKJqb___g_hm@@YGJE@Z
?__wzzgtiYP_Llp@@YGPAFFN@Z
?J_A_P_F_LGupnqx_@@YGEPAE@Z
?xqybl_____l__xwP@@YGGPAEPAD@Z
?_MBQNXQyFQ_NPJ_ONo@@YGDJPAJ@Z
?z__rno_r__@@YGDD@Z
?GYIRHlzv_cQecystggigy@@YGPANM@Z
?M_GGOYODQWT_C@@YGPAJPAD@Z
?_JH_RDGJQOXp_ig@@YGPAGIPAH@Z
?R_BRrc_@@YGJPAM@Z
?wsbx_rt_EYJ__YR_jgr_O_@@YGXFK@Z
?PFd_gxbMZHnuwhxn_@@YGPAJJH@Z
?pCwb_o__x_tqWDxbf@@YGPAIPAFPAM@Z
?_qlq_r__xIZ_@@YGXH@Z
?qtxcF_xEON@@YGDPAH@Z
?YE_NU_Dwxfzf_m@@YGJPAK@Z
?IWQj_gY_jFZwtgqa@@YGFPAG@Z
?NXNAV_M_p_iPAtw@@YGPAHPAGPAM@Z
?ikqsN_LQ_BUT_JfbbGtkuC@@YGKED@Z
?_qXRe_zs@@YGFPAD@Z
?mrodbUNTSRUNE_@@YGGJG@Z
?HFF_SO_led_xr@@YGFGJ@Z
?_cztzVFYGU_m_njbe@@YGGPADM@Z
?_Kz__rub_kipehklxblt@@YGPAXHE@Z
?pIZBZOl_qa@@YGDJ@Z
?bbENRXB@@YGPADEJ@Z
?_NRigiwz_L_gs@@YGDI@Z
?_Y_Pkn_vJNSIK_tvn_@@YGKDK@Z
?CKABzljFHwzBVkcny_ok@@YGPAJEF@Z
?LRS_tvnk@@YGXH@Z
?zrRL_O_B__UBKBODFk@@YGGE@Z
?XNruqyLCLUFle@@YGMM@Z
?A_BPA_CA_@@YGXPAI@Z
?xqztyn___bqw_xg_p@@YGXEPAH@Z
?drk_rfkc_jN_@@YGFPAJPAI@Z
?X___USbve@@YGJJE@Z
?aqpway__KGVD_YP_B@@YGME@Z
?JOZMETNBT__e_WXODz@@YGDN@Z
?GOOKFL_jip@@YGIPAE@Z
?jiliVVOYL_@@YGNPAF@Z
?i_A__BS_P_MHROuj@@YGPAJPAG@Z
?q_wsycoiohwn@@YGGPAHPAH@Z
?_ueptnpZXZ__GOTC_xlyX_@@YGPAJI@Z
?Z_GPIP_t_p_ccdlb__rU@@YGPAGI@Z
?QUyp_ABMNO@@YGXDPAH@Z
?pnf_ipdj___ts_OFZM@@YGXPAJI@Z
?Axcu_tsdyi_m@@YGPAKM@Z
?_U_P_DMwzp_eqE_Y@@YGFKPAI@Z
?TL_XWCBILI@@YGPADPADH@Z
?LodpjruatU_OQdhc_@@YGPAXK@Z
?hwD_FAEAkcj__skLNb__sz@@YGXM@Z
?iw_ycoxdo_swlJEULIw@@YGPAFPAD@Z
?__N_JLJzpts_yR@@YGNJ@Z
?I_SA_GN@@YGX_N_N@Z
?CQ_XIrtfrioeWHGCYQPcq@@YGEIK@Z
?_pp_bn_R@@YGPAIH@Z
?dEDPQTi_@@YGEPAN@Z
?pjcSR_YRXUKM@@YGPAGI@Z
?__Bi_mX_VXG_Xv_eabt@@YGPA_NKI@Z
?zvmEYV_MJI__@@YGPAFPAG@Z
?wvzgtnc_yj_jMOMdx_@@YGKPAG@Z
?BThcoammkaswl_xv@@YGEG@Z
?DUUXS_BSYS_su@@YGXPAG@Z
?DVRRNFGAE__vd@@YGFPAJ@Z
?XADXGQACZ__UP@@YGXPAII@Z
?_swyJRXOGKJNU_b_xydnj@@YGFPAF@Z
?_bb_hqqUUPOK@@YGPAJE@Z
?SZPXD_k_qmoEZTMWqxc_Z@@YG_NGPAI@Z
?QDX__Q__W_JTVZ_EN@@YGEPAI@Z

Sections

.text
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ldata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 311KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.export
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 515B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8eea2d0e3440dc5626c30d47f747ab98

Headers

File Characteristics

PDB Paths

Imports

user32

comdlg32

gdi32

comctl32

msvcrt

kernel32

ntdll

Exports

Exports

Sections

.text Size: 98KB - Virtual size: 97KB

.idata Size: 10KB - Virtual size: 10KB

.ldata Size: 2KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 311KB

.export Size: 14KB - Virtual size: 13KB

.rdata Size: 1024B - Virtual size: 515B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 98KB - Virtual size: 97KB

.idata
Size: 10KB - Virtual size: 10KB

.ldata
Size: 2KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 311KB

.export
Size: 14KB - Virtual size: 13KB

.rdata
Size: 1024B - Virtual size: 515B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB