b1216af79f3c8b927aab02e5934fcbd3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b1216af79f3c8b927aab02e5934fcbd3_JaffaCakes118
Size

224KB
MD5

b1216af79f3c8b927aab02e5934fcbd3
SHA1

8193e97494f5c1ead51ccca15984261c2e6fff4c
SHA256

9718db18dcfec4530a9d36a561f309eb5c8b0662b8e9401538b41847393e00bf
SHA512

c818daafece03b2f7fd40fa804b398aad4dbe7f6e6abb3029d558e69c246c26a2a50e91c029ca0e1b1eac70c07592a48779fa0343b78857528b8b694ab67e3c4
SSDEEP

6144:yS3qSkhvvAfIq34TfJfZ4LMVnYDXVGHvodU88T/y:f2q+fJfZ4gSXV/W8+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b1216af79f3c8b927aab02e5934fcbd3_JaffaCakes118

Files

b1216af79f3c8b927aab02e5934fcbd3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5daec56215167c15d9181d636816499d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\wsTGjQyWJzqfGdhXIfzgZf\axqOntgLuQirbgbe\tJRqgRKovgNSivR\zWhThifKWajg\CqWqqpCagnztSqshnxfb\PorYzpbutrb\iyrMdvtyurQqici\vcxxTccygvpbAqi.pdb

Imports

gdi32

CreateFontW
StartDocW
GetCharWidth32W
GetTextMetricsW
OffsetViewportOrgEx
GetTextExtentPointW
SetPaletteEntries
RealizePalette
TextOutW
SetViewportOrgEx
GetRgnBox
Escape
CreateDiscardableBitmap

shlwapi

StrChrW

kernel32

VirtualAlloc
GlobalFindAtomW
GetSystemWindowsDirectoryA
CreateWaitableTimerA
ConnectNamedPipe
lstrcpyA
GetModuleHandleW
FindResourceExW
GetWindowsDirectoryA
CompareStringW
DefineDosDeviceW
LocalFree
GlobalGetAtomNameA
IsValidLocale
GetProcAddress
CreateMailslotW

user32

OemToCharBuffA
DeferWindowPos
InsertMenuItemW
GetScrollPos
GetParent
FindWindowW
InSendMessageEx
IsZoomed
PostQuitMessage
RegisterWindowMessageA
DrawTextA
UnionRect
GetMenuCheckMarkDimensions
SetParent
GetClassLongA
OpenInputDesktop
SetClassLongW
SetTimer
IsRectEmpty
LockWindowUpdate
EnumThreadWindows
GetDlgItemInt
CreateIconIndirect
SetScrollInfo
GetDlgItem
GetDoubleClickTime
IsDialogMessageW
GetFocus
CreateDialogParamA

shell32

ord196
ord195

comdlg32

GetOpenFileNameW
ChooseFontW
GetSaveFileNameW

Exports

Exports

?DUIidJLdlukydILKDFyiuITFUf6utydyifdikgfgfdhgfd@@YGKEPA_WG@Z

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5daec56215167c15d9181d636816499d

Headers

File Characteristics

PDB Paths

Imports

gdi32

shlwapi

kernel32

user32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 137KB - Virtual size: 137KB

.rdata Size: 71KB - Virtual size: 70KB

.mdata Size: 11KB - Virtual size: 11KB

.data Size: 1KB - Virtual size: 165KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 137KB - Virtual size: 137KB

.rdata
Size: 71KB - Virtual size: 70KB

.mdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1KB - Virtual size: 165KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1KB - Virtual size: 1KB