8cfb13fb16938cacbcca0aa064cc4171_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8cfb13fb16938cacbcca0aa064cc4171_JaffaCakes118
Size

345KB
MD5

8cfb13fb16938cacbcca0aa064cc4171
SHA1

b6ebd735b1919b61c5e10b5175cc2bbb0057c0ad
SHA256

a512d485dad00c9c8f4cef7cb2a6bf1945b3586dd9f1203cc5e10e763db26cf6
SHA512

cbf5e8ebfde34c02cc575130ebe9e5ec87b06f99ae590c3f70907c7def545438cef2a14f0397cc2abc5c92e73475f6a0e3538dc599dad736e7eff8921aaabf2b
SSDEEP

6144:xMJOCrQMRttOJ0Emg2BUtjHe2eNFr38YW7VT4SISFEMXTTnWCaLe5NE:xMJOMQM3tFfehHe2k38dkKVnWCaqE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8cfb13fb16938cacbcca0aa064cc4171_JaffaCakes118

Files

8cfb13fb16938cacbcca0aa064cc4171_JaffaCakes118
.exe windows:5 windows x86 arch:x86

94ebfe1cb48143348e7316ccb8c53849

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\azarov\yanukovich.pdb

Imports

kernel32

LoadLibraryA
CloseHandle
CreateFileW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryW
HeapReAlloc
LCMapStringW
GetConsoleMode
HeapSize
SetFilePointer
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
GetProcAddress
GetLastError
HeapCreate
GetProcessHeap
InterlockedDecrement
GetConsoleCP
HeapAlloc
GetStdHandle
WriteFile
ExitProcess
MultiByteToWideChar
GetStringTypeW
LocalFree
GetLocalTime
InterlockedIncrement
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
HeapFree
IsProcessorFeaturePresent
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetACP
GetOEMCP
IsValidCodePage
Sleep

user32

GetWindowRect
SendDlgItemMessageA
SetForegroundWindow
LoadStringA
GetParent
SetFocus
GetDC
GetForegroundWindow
SetWindowLongA
GetScrollInfo
MoveWindow
LoadMenuW
GetWindowLongA
GetDlgItem
EndDialog
SetWindowPos
EnumWindowStationsW
ShowWindow
PostMessageA
SetWindowTextA
UpdateWindow
EndMenu
FindWindowA
GetDlgItemTextA
SetDlgItemTextA
InvalidateRect

gdi32

SetDCBrushColor
DeleteObject
SelectObject
GetObjectA
GetStockObject
GetCurrentObject

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

94ebfe1cb48143348e7316ccb8c53849

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

oleaut32

Sections

.text Size: 76KB - Virtual size: 76KB

.rdata Size: 232KB - Virtual size: 231KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 76KB - Virtual size: 76KB

.rdata
Size: 232KB - Virtual size: 231KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 9KB - Virtual size: 8KB