83e6dce5612bfcf981d35127082b964f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

83e6dce5612bfcf981d35127082b964f_JaffaCakes118
Size

573KB
MD5

83e6dce5612bfcf981d35127082b964f
SHA1

1ef7cfee9deaca0cb778ebd382c7c8ef8cb47bc3
SHA256

a0d630ecb7157d114523f50dfa34e5b360fc5e0ba5efd687b6de75fadcc2d665
SHA512

92cc261cd6b6210faae8232d585c0ba0491e46f00341ba530fd278a7e76110604414e8863528b2b685d3c4d34d25601ce8e27d1762b1a5f3fd0575651af96959
SSDEEP

12288:UWVtl9g05q7EnSrLMOuYY+cvZBul5otom6j:Ukz9g3+YsZB25oL6j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83e6dce5612bfcf981d35127082b964f_JaffaCakes118

Files

83e6dce5612bfcf981d35127082b964f_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4749e4366bc6eea723a452b4b189408b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\kosh\hsozpyx.pdb

Imports

user32

IsZoomed
MessageBoxA
CreateWindowExA
RemovePropW
DdeReconnect
SwapMouseButton
DestroyMenu
EnumDisplaySettingsA
GetTopWindow
CharToOemW
GetScrollPos
MoveWindow
SetWindowTextA
ReplyMessage
DrawEdge
ShowWindow
AnyPopup
DefWindowProcA
RegisterClassA
RealGetWindowClass
RegisterClassExA
PtInRect
EnableWindow
SetClassWord
DestroyWindow
CreateWindowStationW
GetGUIThreadInfo
DefMDIChildProcA
BroadcastSystemMessageA
DdeFreeStringHandle
TileChildWindows
CreateDialogIndirectParamW
MonitorFromRect

gdi32

CreatePolygonRgn
GetCurrentPositionEx
AddFontResourceW
EnumFontFamiliesExA
GetSystemPaletteUse
SetGraphicsMode
GetFontLanguageInfo
InvertRgn
CreatePatternBrush
CreatePalette
CreateEnhMetaFileW
StrokeAndFillPath
SetRectRgn
SetPixelFormat
EnumFontFamiliesExW
GetDIBits
SetROP2
GetCharWidthA
GetTextFaceW
DrawEscape
ArcTo
RectInRegion
GetOutlineTextMetricsW
RealizePalette
GetMapMode

comdlg32

GetSaveFileNameA
GetFileTitleW
LoadAlterBitmap
FindTextA

advapi32

CryptSetProviderW
RegOpenKeyExW
CryptReleaseContext
CryptGetKeyParam
RegEnumValueA
CryptEnumProvidersA
RegFlushKey
InitiateSystemShutdownA
CryptGetDefaultProviderA
InitiateSystemShutdownW
RegConnectRegistryW
LookupPrivilegeNameA
RegCloseKey
CryptDuplicateKey
CryptEnumProviderTypesA

shell32

SHBrowseForFolderA
ShellExecuteA
SHGetDesktopFolder
ExtractAssociatedIconA

kernel32

TlsFree
TryEnterCriticalSection
FreeEnvironmentStringsA
GetCommandLineA
GetOEMCP
ExitProcess
LocalUnlock
WideCharToMultiByte
CompareStringA
GetSystemTimeAsFileTime
ConvertDefaultLocale
FlushFileBuffers
GetCurrentProcess
SetHandleCount
GetTimeZoneInformation
InterlockedDecrement
LoadLibraryA
QueryPerformanceCounter
TerminateProcess
lstrlenA
InterlockedExchange
SetEnvironmentVariableA
VirtualAlloc
SetFilePointer
InterlockedIncrement
GetStartupInfoA
GetProcAddress
GetSystemTime
GetCurrentThread
RtlUnwind
GetTickCount
UnlockFileEx
GetLocalTime
GetVersion
MultiByteToWideChar
CreateMutexA
OpenMutexA
SetStdHandle
VirtualFree
LCMapStringA
TlsAlloc
IsBadWritePtr
InitializeCriticalSection
HeapDestroy
GetFileType
GetEnvironmentStrings
GetModuleHandleA
GetEnvironmentStringsW
UnhandledExceptionFilter
LCMapStringW
WriteFile
GetConsoleCursorInfo
LeaveCriticalSection
HeapReAlloc
GetStdHandle
GetPrivateProfileIntW
GetModuleFileNameA
HeapCreate
GetLastError
DeleteCriticalSection
EnterCriticalSection
LocalReAlloc
GetCurrentProcessId
GetStringTypeW
HeapAlloc
GetCurrentThreadId
ReadFile
GetCPInfo
FreeEnvironmentStringsW
TlsSetValue
SetLastError
LocalShrink
GetACP
GetStringTypeA
CompareStringW
TlsGetValue
CloseHandle
HeapFree
VirtualQuery

comctl32

ImageList_GetDragImage
InitCommonControlsEx
CreateStatusWindowW

Sections

.text
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 111KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4749e4366bc6eea723a452b4b189408b

Headers

File Characteristics

PDB Paths

Imports

user32

gdi32

comdlg32

advapi32

shell32

kernel32

comctl32

Sections

.text Size: 150KB - Virtual size: 149KB

.rdata Size: 240KB - Virtual size: 239KB

.data Size: 111KB - Virtual size: 131KB

.rsrc Size: 70KB - Virtual size: 70KB

.text
Size: 150KB - Virtual size: 149KB

.rdata
Size: 240KB - Virtual size: 239KB

.data
Size: 111KB - Virtual size: 131KB

.rsrc
Size: 70KB - Virtual size: 70KB