8717b2a9443aeab2b05998061f2f6119_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8717b2a9443aeab2b05998061f2f6119_JaffaCakes118
Size

188KB
MD5

8717b2a9443aeab2b05998061f2f6119
SHA1

905e1771df2597f2183fc387ea46b195a650ab0b
SHA256

681e1b102215ca48377aaab5a55515ce1c8e04f45c190984f8283ac047394edf
SHA512

7fd65b7a16e58482270203b44080f24456615bb1b0aab100cb54716599edc894eba26da088143b476d7b3b9b428a75b126ceaa4256982efbdd3a80d328e901c1
SSDEEP

3072:5+BkJyZ5cE+Skz0YYRw9TsnPcmCbNxl01NXZ6Fj+r7x/0DksVPJ8ojJo5kPjYc:5+B3ZUAwhsnkmCbMN6ix/0DDPtjJyQj7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8717b2a9443aeab2b05998061f2f6119_JaffaCakes118

Files

8717b2a9443aeab2b05998061f2f6119_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b8c37e60d83125793e9a2895437a4b6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files\Qym.pdb

Imports

user32

ReleaseDC
TranslateMessage
GetPropA
UnregisterHotKey
CreateMenu
DeferWindowPos
BeginDeferWindowPos
WindowFromPoint
LoadIconA
OffsetRect
EndDialog
CloseClipboard
GetMessageA
ValidateRect
GetClassInfoExA
EnumWindows
CallNextHookEx
GetWindowLongA
DrawTextA
DefWindowProcA
RegisterWindowMessageA
MapWindowPoints
GetSystemMetrics
DestroyMenu
BeginPaint
OpenClipboard
InvalidateRect
PostMessageA

gdi32

RectVisible
SelectClipRgn
CreateRectRgn
GetPixel
PtVisible
CreateFontA
CreateCompatibleDC
TextOutA
SetViewportOrgEx

comdlg32

CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA
GetFileTitleA
ChooseColorA

comctl32

ImageList_SetOverlayImage
DestroyPropertySheetPage
ImageList_Add
CreateToolbarEx
ord6
ImageList_Draw
ImageList_LoadImageA
ord17

dbghelp

MiniDumpWriteDump

wintrust

WinVerifyTrust

lz32

LZDone
LZInit
LZSeek
LZStart

mgmtapi

SnmpMgrCtl
SnmpMgrRequest

kernel32

LoadLibraryA
IsBadCodePtr
HeapSize
IsBadWritePtr
HeapReAlloc
GetACP
VirtualFree
HeapCreate
GetSystemTimeAsFileTime
GetFileType
GetOEMCP
GetCPInfo
GetCurrentProcessId
InterlockedExchange
VirtualQuery
SetConsoleCtrlHandler
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
VirtualAlloc
SetHandleCount
GetEnvironmentStringsW
GetLastError
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
HeapDestroy
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
WriteFile
SetUnhandledExceptionFilter
HeapFree
HeapAlloc
GetVersionExA
GetCommandLineA
GetCurrentProcess
TerminateProcess
GetProcAddress
IsBadReadPtr
GlobalFree
GlobalAlloc
GetLocaleInfoA
WriteConsoleW
GetWindowsDirectoryA
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
ExitProcess

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 753KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b8c37e60d83125793e9a2895437a4b6c

Headers

File Characteristics

PDB Paths

Imports

user32

gdi32

comdlg32

comctl32

dbghelp

wintrust

lz32

mgmtapi

kernel32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 76KB - Virtual size: 753KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 76KB - Virtual size: 753KB

.reloc
Size: 8KB - Virtual size: 6KB