a9c83561a3b2a52d6fb2becad311987d_JaffaCakes118

General

Target

a9c83561a3b2a52d6fb2becad311987d_JaffaCakes118
Size

181KB
MD5

a9c83561a3b2a52d6fb2becad311987d
SHA1

e7f0687cdca561c79c998794665e972080e110cc
SHA256

2a669599d99c39ea361e85d4e3779f2a66ead53935b50e2d34a86c8166b9b89c
SHA512

7a17be82426e2f1f8b7e5830137dce61092aedd10775dd0911a2025aa01c7ff64983553b73c09acd9c52e606a28249267750ab7e70b7b9549f423025ec315259
SSDEEP

3072:spN+wRReEAPbFFQCJ92AVsvBYvvWZAY/+nXNy9xQuYeSfRD0dyBeldA28Q/KhkWB:UN+wveJPbvQCL2AVbvvQiXNMxQuYeOR/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a9c83561a3b2a52d6fb2becad311987d_JaffaCakes118

Files

a9c83561a3b2a52d6fb2becad311987d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

e7a5ab8e2bb2cf532c695962381ecf63

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\ekfoyfwY\thcw\yeyjkY\jkNgzdg.pdb

Imports

gdi32

SetROP2
GetFontData
GetRgnBox
CreateHalftonePalette
LPtoDP
StretchBlt
LineTo
TextOutA

kernel32

GetThreadContext
CompareStringW
GetProcAddress
GetThreadPriority
FileTimeToSystemTime
SetThreadExecutionState
EnumResourceTypesA
LockFile
GetModuleHandleW
lstrcmpiA
lstrlenW
FileTimeToLocalFileTime

user32

ShowWindow
ChangeMenuW
SystemParametersInfoW
BeginPaint
GrayStringW
GetScrollPos
CharUpperBuffW
RedrawWindow
CloseDesktop
LoadIconW
GetWindow
VkKeyScanW
GetActiveWindow
CreateDialogParamW

ntdll

_aullrem

Exports

Exports

?TqZJfnjwVtP@@YGPAXKPAM@Z
?fwdqtOvGCkelclkj@@YGPAFJ@Z
?rOscnkoQxdfrwficlqnwt@@YGFD@Z
?wlMWrEhoiPhLcvy@@YGXPAID@Z

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 142KB - Virtual size: 210KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 210B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.crt
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7a5ab8e2bb2cf532c695962381ecf63

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

user32

ntdll

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 25KB

.data Size: 142KB - Virtual size: 210KB

.edata Size: 512B - Virtual size: 210B

.crt Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 25KB - Virtual size: 25KB

.data
Size: 142KB - Virtual size: 210KB

.edata
Size: 512B - Virtual size: 210B

.crt
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 3KB - Virtual size: 3KB