ab8cde1b6d6c9e506c49f8cb6ae4c508_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ab8cde1b6d6c9e506c49f8cb6ae4c508_JaffaCakes118
Size

528KB
MD5

ab8cde1b6d6c9e506c49f8cb6ae4c508
SHA1

bcb5243a4917fe55e23b6e0921a0939eb597fc39
SHA256

3234664ad7a7277fea095ca83fbf9f18449d126dfecd961eca6a12204248976a
SHA512

3acace6956e796620e615dde31b822b591a6aa8775561997aa98db4a60d0de875d53ad5dbd6cb625c4ffcf6de96b4b68463f4f40294b240188e69e908ac8baab
SSDEEP

12288:sMHME58uirclUsU4oY1gl/5T9HuT49yRS0d:s41Ohr+U4vMl9HOtRS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ab8cde1b6d6c9e506c49f8cb6ae4c508_JaffaCakes118

Files

ab8cde1b6d6c9e506c49f8cb6ae4c508_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8afa037df20f509446a7438d563583b5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\gymmyr\bsmxttvpe\zfaeuas.pdb

Imports

user32

OemToCharBuffW
CreateAcceleratorTableA
ActivateKeyboardLayout
GetPropW
EnumDisplaySettingsExA
ToAsciiEx
DdeQueryConvInfo
SwapMouseButton
DdeCreateStringHandleW
DdeClientTransaction
GetDlgItemTextA
DestroyAcceleratorTable
CharToOemBuffA
RegisterClassA
CascadeChildWindows
RegisterClassExA

kernel32

InterlockedDecrement
GetLastError
ReadFile
GetCurrentProcessId
GetConsoleCP
GetOEMCP
lstrcmpiA
OpenMutexA
TlsFree
HeapCreate
GetCurrentThread
SetHandleCount
SetFileTime
GetWindowsDirectoryW
SetLastError
GetModuleFileNameA
VirtualQuery
GetEnvironmentStrings
CloseHandle
LeaveCriticalSection
GetStartupInfoA
WriteFile
TerminateProcess
GetCurrentProcess
IsValidLocale
FreeLibrary
Sleep
GetConsoleMode
GetDateFormatA
GetStringTypeA
UnhandledExceptionFilter
EnumCalendarInfoExW
LoadLibraryA
InitializeCriticalSection
GetVersionExA
CompareStringW
HeapDestroy
FreeEnvironmentStringsW
HeapAlloc
GetCPInfo
FindFirstFileExA
VirtualFree
EnterCriticalSection
SetStdHandle
ReadConsoleW
GetLocaleInfoW
GetProcessHeap
SetFilePointer
WriteConsoleA
GetTickCount
GetFileType
GetStringTypeW
FreeEnvironmentStringsA
SetConsoleWindowInfo
QueryPerformanceCounter
GetTimeFormatA
GetThreadPriorityBoost
LCMapStringW
GetSystemTimeAsFileTime
lstrlenW
GetEnvironmentStringsW
GetCurrentThreadId
WriteConsoleW
LCMapStringA
GetStdHandle
GetLocaleInfoA
WideCharToMultiByte
IsValidCodePage
ExitProcess
GetProcAddress
SetUnhandledExceptionFilter
HeapFree
FlushFileBuffers
GetModuleHandleA
SetConsoleCtrlHandler
GetTimeZoneInformation
SetConsoleCursorPosition
InterlockedIncrement
DeleteCriticalSection
CompareStringA
HeapReAlloc
GetCommandLineA
VirtualAlloc
ResetEvent
EnumSystemLocalesA
GetStartupInfoW
CreateMutexA
SleepEx
GetUserDefaultLCID
SetEnvironmentVariableA
RtlUnwind
TlsAlloc
MultiByteToWideChar
GetConsoleOutputCP
SetThreadAffinityMask
LocalFileTimeToFileTime
GetCommandLineW
InterlockedExchange
CreateFileA
GetACP
HeapSize
IsDebuggerPresent
TlsSetValue
TlsGetValue

comctl32

InitCommonControlsEx

gdi32

GetPath
GetWinMetaFileBits

Sections

.text
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8afa037df20f509446a7438d563583b5

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

gdi32

Sections

.text Size: 374KB - Virtual size: 373KB

.rdata Size: 28KB - Virtual size: 48KB

.data Size: 107KB - Virtual size: 106KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 374KB - Virtual size: 373KB

.rdata
Size: 28KB - Virtual size: 48KB

.data
Size: 107KB - Virtual size: 106KB

.rsrc
Size: 18KB - Virtual size: 17KB