8261d0a95505b130ede14b3c4cabe6ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8261d0a95505b130ede14b3c4cabe6ba_JaffaCakes118
Size

900KB
MD5

8261d0a95505b130ede14b3c4cabe6ba
SHA1

fa355b5b8f7a72644680d433b2794b7b8380d9ee
SHA256

1258002429e11491654a33ac0a7b646974e9ba2a8383bf20260c1902b90cc9fa
SHA512

3a0bdc874fc8cea4732959766805eebd3bd60f9a7bceb770937562a24a88bdbdefe503f4fb8a62d5b4afa5c37310aa7de4783844eabe522045406c3d876dac2d
SSDEEP

12288:OF3Vn909TnCVq+hlKDCRX15PjG7qshMig4MVApADg8benpW98h9WSbwv:IJ909GnvK6X15PS2shM9QADL98h0T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8261d0a95505b130ede14b3c4cabe6ba_JaffaCakes118

Files

8261d0a95505b130ede14b3c4cabe6ba_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5ed5988d3f75f6dafe2615fbeef414d2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\eaerjhkv\mhh\xbhea\geaggkwesi\szdewzqnr\wxesbjkirv.pdb

Imports

shlwapi

PathIsUNCA
PathFindFileNameA
UrlUnescapeA
PathFindExtensionA
PathRemoveExtensionA
PathStripToRootA
PathAppendA
PathFileExistsA
PathIsRelativeA

gdi32

StartPage
SetWindowExtEx
SelectObject
GetDeviceCaps
CreateBitmap
PolyBezier
SetBkMode
Polygon
GetTextCharsetInfo
ExtFloodFill
GetBkMode
OffsetRgn
ExtTextOutW
SetPixel
SetBkColor
SetStretchBltMode
GetClipBox
ExtCreatePen
StretchDIBits
SelectPalette
EndPage
CreateSolidBrush
BeginPath
SetViewportExtEx
Ellipse
GetViewportExtEx
GetRegionData
SetTextAlign
AbortDoc
GetStockObject
GetTextMetricsW
CreateRectRgn
RestoreDC
DeleteDC
SetWindowOrgEx
GetTextMetricsA
CreatePen
RectVisible
TextOutW
CombineRgn
SetTextColor
SetROP2
GetTextColor
GetPixel
ExcludeClipRect
CreateCompatibleDC
CreateDIBSection
CreatePatternBrush
PtInRegion
OffsetViewportOrgEx
SetBrushOrgEx
RealizePalette
GetObjectW
Escape
EndPath
CreateDCW
SetPolyFillMode
Rectangle
Arc
BitBlt
RectInRegion
CreateFontIndirectW
PtVisible
SetAbortProc
StretchBlt
LineTo
GetTextExtentPoint32W
EqualRgn
SetMapMode
GetBkColor
RoundRect
GetRgnBox
CreatePolygonRgn
EndDoc
SelectClipRgn
CreateCompatibleBitmap
CreateEllipticRgn
MoveToEx
DeleteObject
IntersectClipRect
DPtoLP
ExtSelectClipRgn
SaveDC

kernel32

GetOEMCP
HeapFree
WriteFile
GetConsoleCP
GetEnvironmentStringsW
HeapValidate
LoadLibraryW
GetCurrentThreadId
IsDebuggerPresent
GetLastError
GetTickCount
GetFileType
TlsSetValue
HeapCreate
GetModuleFileNameA
SetCurrentDirectoryA
GetStringTypeA
GetProcessHeap
RaiseException
CreateFileA
GetCommandLineA
FreeEnvironmentStringsA
CloseHandle
SetUnhandledExceptionFilter
TerminateProcess
WideCharToMultiByte
GetStartupInfoW
TlsGetValue
InterlockedExchange
IsValidCodePage
GetModuleHandleW
ExitProcess
GetCurrentProcess
VirtualAlloc
HeapDestroy
WriteConsoleA
WriteConsoleW
VirtualFree
RtlUnwind
GetConsoleMode
LeaveCriticalSection
FlushFileBuffers
GetProcAddress
SetFilePointer
SetStdHandle
SetEnvironmentVariableA
SetHandleCount
MultiByteToWideChar
GetVersionExA
GetConsoleOutputCP
GetModuleFileNameW
SetLastError
GetDateFormatA
CompareStringW
FreeEnvironmentStringsW
OutputDebugStringW
GetModuleHandleA
InterlockedDecrement
GetTimeFormatA
GetStringTypeW
ReadFile
HeapReAlloc
LCMapStringA
TlsFree
GetCPInfo
TlsAlloc
LCMapStringW
SetConsoleCtrlHandler
DebugBreak
QueryPerformanceCounter
EnterCriticalSection
InitializeCriticalSection
CompareStringA
UnhandledExceptionFilter
GetCurrentThread
VirtualQuery
DeleteCriticalSection
GetACP
CreateMutexW
GetCommandLineW
GetEnvironmentStrings
lstrcmpA
GetSystemTimeAsFileTime
GetLocaleInfoA
OutputDebugStringA
GetTimeZoneInformation
GetStartupInfoA
GetCurrentProcessId
InterlockedIncrement
GetStdHandle
HeapAlloc
LoadLibraryA
IsBadReadPtr
DuplicateHandle

shell32

SHGetSpecialFolderLocation
DragFinish
ExtractIconExW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW

user32

LoadCursorW
SendMessageW
SetWindowTextW
CreateWindowExW
FrameRect
GetMenuItemID
IsChild
DestroyIcon
ChildWindowFromPointEx
GetWindowLongW
GetActiveWindow
PeekMessageW
KillTimer
GetWindowPlacement
IsClipboardFormatAvailable
GetWindowTextW
GetUpdateRect
GetCapture
UpdateWindow
SetTimer
GetKeyState
SetScrollPos
GetFocus
ReleaseCapture
ScreenToClient
GetDlgItem
OpenClipboard
DestroyWindow
RegisterWindowMessageW
IsWindowVisible
FillRect
LoadStringW
DestroyMenu
SetWindowRgn
InflateRect
IsRectEmpty
SetClipboardData
CreateMenu
IsWindowEnabled
SetScrollInfo
GetLastActivePopup
ClientToScreen
SetRectEmpty
RegisterClassExW
EnableWindow
PostQuitMessage
DefWindowProcW
InvalidateRect
LoadIconW
GetParent
IsZoomed
RegisterClassW
SetMenu
GetMenuItemCount
ShowWindow
IntersectRect
GetDesktopWindow
MessageBoxW
DispatchMessageW
SetCapture
DrawTextW
GetSystemMetrics
ReuseDDElParam
GetSubMenu
FindWindowW
CopyRect
SetCursor
SetWindowLongW
GetWindow
CreateWindowExA
IsIconic
SetWindowTextA
RedrawWindow
DrawFocusRect
DeferWindowPos
ReleaseDC
SetFocus
LoadMenuW

advapi32

FreeSid
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyA
SetServiceStatus

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter
SetPrinterA
ord204
GetPrinterA

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 508KB - Virtual size: 505KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ed5988d3f75f6dafe2615fbeef414d2

Headers

File Characteristics

PDB Paths

Imports

shlwapi

gdi32

kernel32

shell32

comdlg32

user32

advapi32

winspool.drv

Sections

.text Size: 220KB - Virtual size: 219KB

.rdata Size: 508KB - Virtual size: 505KB

.data Size: 108KB - Virtual size: 135KB

.rsrc Size: 60KB - Virtual size: 58KB

.text
Size: 220KB - Virtual size: 219KB

.rdata
Size: 508KB - Virtual size: 505KB

.data
Size: 108KB - Virtual size: 135KB

.rsrc
Size: 60KB - Virtual size: 58KB