8db33efd5d1c3989440c7de6860bd633_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8db33efd5d1c3989440c7de6860bd633_JaffaCakes118
Size

328KB
MD5

8db33efd5d1c3989440c7de6860bd633
SHA1

d18516cc18a1902011dee88c2df75f9d18261cf1
SHA256

aacbc19b15eff9d502f14b73230679f2e6a13ee0265f619afc17963875ecc63f
SHA512

4af8e413439e218af19d7bfc8d87c51e85b9b8876628b50727efbc2a09dcdd6d648e028601306fd854161a3272bc60b73c0aad1a72d38f56b69376791dbf0e23
SSDEEP

6144:6uL+32YjktIVxv3S4jDYBt27nnPj3OJCstDurBU70E67V10QzIKuK8st:JL+3nnVxv3S4XitwLOhhq40E67Vl8yt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8db33efd5d1c3989440c7de6860bd633_JaffaCakes118

Files

8db33efd5d1c3989440c7de6860bd633_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a1f0156145f7fb0102c2a207d9d433a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\GEXORKH\ECHBCM\AOJXARRQ\XEBSWUO.PDB

Imports

user32

LoadCursorFromFileW
ShowWindow
CreateWindowExW
DefWindowProcW
MessageBoxW
RegisterClassExA
RegisterClassA

comctl32

InitCommonControlsEx

shell32

SHFileOperation
ExtractAssociatedIconExW
SHQueryRecycleBinW
SHAppBarMessage

gdi32

CopyMetaFileA
PolyDraw
GetTextExtentPoint32A
GetBitmapDimensionEx
RoundRect
SetMapperFlags
IntersectClipRect

kernel32

SetHandleCount
GetEnvironmentStrings
OpenMutexA
GetSystemTimeAsFileTime
LocalLock
GetModuleFileNameW
GetCPInfo
GetTickCount
GetStdHandle
CommConfigDialogA
MoveFileA
TerminateProcess
FlushFileBuffers
GetProfileStringA
HeapCreate
IsBadWritePtr
GetCurrentProcessId
GetStringTypeW
GetThreadPriorityBoost
DeleteCriticalSection
GetModuleFileNameA
InterlockedExchange
TlsSetValue
VirtualQuery
SetConsoleCursorPosition
GetProcAddress
OpenSemaphoreA
ReadFile
GetVersion
CompareStringW
EnumResourceTypesA
GetVersionExW
CreateMutexA
GetFileType
FreeEnvironmentStringsA
GetCommandLineW
QueryPerformanceCounter
VirtualAlloc
WriteFile
SetStdHandle
FreeEnvironmentStringsW
SetFilePointer
TlsFree
MultiByteToWideChar
WriteConsoleOutputCharacterW
InitializeCriticalSection
FormatMessageA
GlobalGetAtomNameA
GetFileTime
LCMapStringA
GetCurrentProcess
GetStartupInfoW
HeapReAlloc
TlsGetValue
VirtualFree
GetStartupInfoA
HeapDestroy
CreateDirectoryW
GetEnvironmentStringsW
GetCommandLineA
GetTimeZoneInformation
CompareStringA
GetCurrentThreadId
SetLastError
lstrlen
RtlUnwind
EnumCalendarInfoW
GetLastError
LoadLibraryA
SetEnvironmentVariableA
CreateMailslotW
EnterCriticalSection
GetEnvironmentVariableW
TlsAlloc
InterlockedDecrement
LeaveCriticalSection
LCMapStringW
GetModuleHandleA
HeapAlloc
UnhandledExceptionFilter
InterlockedIncrement
GetStringTypeA
WideCharToMultiByte
GetCurrentThread
SetCriticalSectionSpinCount
CloseHandle
GetLocalTime
HeapFree
GetSystemTime
ExitProcess
CreateMutexW

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1f0156145f7fb0102c2a207d9d433a7

Headers

File Characteristics

PDB Paths

Imports

user32

comctl32

shell32

gdi32

kernel32

Sections

.text Size: 193KB - Virtual size: 192KB

.rdata Size: 34KB - Virtual size: 64KB

.data Size: 90KB - Virtual size: 90KB

.rsrc Size: 9KB - Virtual size: 9KB

.text
Size: 193KB - Virtual size: 192KB

.rdata
Size: 34KB - Virtual size: 64KB

.data
Size: 90KB - Virtual size: 90KB

.rsrc
Size: 9KB - Virtual size: 9KB