ad31d6c84adc0fcc5ea3c63df23c6e3e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ad31d6c84adc0fcc5ea3c63df23c6e3e_JaffaCakes118
Size

163KB
MD5

ad31d6c84adc0fcc5ea3c63df23c6e3e
SHA1

1db397f29a54ecad169d23e6120d585f7ac48cba
SHA256

4ea22c853b9f3871c0125c49fb89ad6dd492480e6525e170436be02f2ed73eca
SHA512

185b1fe9cbc03039f27f2f2f54d09371bfb01a29cb36e5671026ef2f17b34bc3e90edf27d4738f45133c17149733a99f97180de3e96298784454fae2ed4e9ad7
SSDEEP

3072:zzfpOcLFjruue/FFwo0RhzdbX1D9LhaQ+A1treZlpcbeWP:zzfpvL0ue/koOhzZpmQ+gti7cbeW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad31d6c84adc0fcc5ea3c63df23c6e3e_JaffaCakes118

Files

ad31d6c84adc0fcc5ea3c63df23c6e3e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

cd7e6484eac1dc7e017663789001bf6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\mwijejmIGjeb\DhxzvXJZkKHgP\HstVordabz.pdb

Imports

gdi32

Polyline
FillRgn
CreateRectRgnIndirect
MoveToEx
CreateFontIndirectW
CreateHatchBrush
CreatePenIndirect
ExtTextOutA
GetBitmapBits
GetDIBits
SetMapMode
GetTextCharsetInfo
GetTextMetricsA

ntdll

memset
strcspn

msvcrt

exit

comctl32

ImageList_AddMasked
PropertySheetA
PropertySheetW
DestroyPropertySheetPage
CreateStatusWindowW

shlwapi

UrlGetPartW
PathMatchSpecA

user32

DrawTextExW
GetWindowLongA
FrameRect
FindWindowA
GetWindowRect
GetSystemMetrics
GetWindowTextW
SendInput
DestroyAcceleratorTable
SetMenuDefaultItem
GetMessageW
GetDCEx
GetForegroundWindow
GetKeyboardLayoutNameW
BeginDeferWindowPos
CharPrevA
IsCharAlphaNumericW
GetWindowTextA
wvsprintfW
RemoveMenu
VkKeyScanW
ArrangeIconicWindows
GetSysColor
SetWindowTextA
SetMenu
TrackPopupMenu
ShowCursor
CreateCaret
GetMenuStringW
GetKeyNameTextW

kernel32

FindResourceExA
OpenSemaphoreW
LCMapStringW
CompareStringW
HeapUnlock
lstrlenW
HeapLock
lstrcpyA
CancelWaitableTimer
WaitForMultipleObjectsEx
FormatMessageA
SetThreadExecutionState
SetupComm
CreateEventW
EnterCriticalSection
DisconnectNamedPipe
lstrcmpiW
GetWindowsDirectoryA

Exports

Exports

?NNKQRIFszv_onm__nT_RX@@YGGKJ@Z
?gx_kse_VD__Q@@YGPAIPA_NPAF@Z
?ta__z___vBAG@@YGPAIPAN@Z
?crmwhGQTUU___I_@@YG_ND@Z
?r_qc_ZUZSKSOHAWt@@YGPADM@Z
?D_FMdeloptCWXN_WVUUKNL@@YGPA_NMI@Z
?ryepMOUORmbzjjnhh@@YGPAIPAK@Z
?dllu_tq_r@@YGMPAJ@Z
?SMSZruLCFh_cmpkla@@YGFPAM@Z
?SPo_r_isd_rt_t_@@YGIF@Z
?haoy_WQJHBjzLpXDCTR@@YGMMG@Z
?qtbhinqol_s__@@YGPAXK@Z
?hdpAAAZKNJF__WJTdkv@@YGXPAKD@Z
?_ly__fVNO_CTKcd__drrs@@YGPA_NFG@Z
?_d__zj_xIPOYEoHDSCVZ@@YGKMG@Z
?_xdxMBW_G_Y@@YGPAIG@Z
?zICTclWRTG_AK_PIDS@@YGDD@Z
?T__NEVc_gkf_B_PJJ_L_g@@YGPAEG_N@Z
?DEGJ_dlb_@@YGPADII@Z
?RNMhg_jBo___x_os@@YGMEI@Z
?lqppoBmd_wz@@YGXPA_N@Z
?Zqrgmzmiie@@YG_NM@Z
?DLJPSkskttzwfAFCT_Oi_@@YGXDG@Z
?OxohpbwecxeKS_@@YGPAJPAJ@Z
?rmsou_IFY@@YGEPAFF@Z
?hIG_MAA@@YG_NPAHF@Z
?_LKMrNyQCtsbcM_Ij@@YGEPAHPAE@Z
?SWNFZpswmmUvggewUTTBi@@YGKPAE@Z
?YFNRvlta_iLZRAQ@@YGNHG@Z
?_loRC_UP__UI_@@YGXPAI@Z
?fLKIO_K_I_UFz@@YGID@Z
?_PMuxa_cahht@@YGXPAN@Z
?bmflQljq__fz_@@YGDMPAK@Z
?gqv__dC_AY@@YGPAXNPAN@Z
?_azdkQTF@@YGFIPAI@Z
?_I_y_emTF@@YGPAGMK@Z
?b_uyxeoi_v@@YGGPAJ@Z
?PEE___W__UDMI____YlyQ@@YGPANPAM@Z
?_SA_G__R_rp_r__BJ@@YGPADH@Z
?QBg_len_@@YGDK@Z
?_f_noE__np_zb@@YG_NGD@Z
?KXJshmpQ_JYG@@YGDJ@Z
?tkspmkgp@@YGPAXPAG@Z
?w_snlQNY@@YGXPAIK@Z
?hb_t___cdLEMPPJVOZVS_O@@YGDGH@Z
?_NQN_yjatyuna_j_lyj_h@@YGJED@Z
?lnxLWojxpi_guugtxp@@YGDF@Z
?J_N_YWTx_ba@@YGPAXPAHJ@Z
?fX_xl_J__ZS__Qu__@@YGMJ@Z
?CI_SJY_T_H_jLUSPOs_pq@@YGMH@Z
?PQAIPPzW_hhy@@YGKPAED@Z
?JZkAHTLMB@@YGEMPAM@Z
?OGK_C_Oj_k__kd@@YGGKPAJ@Z
?qips_ixe@@YGEPAM@Z
?YSX_Y_uh__AXRGfi_qSJAY@@YGPAGPAH@Z
?XUmofsm_sfrmh__m_ffP@@YGPAKIPAI@Z
?ZGOZZQm_eyae_x@@YGPAGI@Z
?rtfvnsyQ_RiS_CZA__y_js@@YGGE@Z
?_FNB_OBCAv__x_zz__w_@@YGPAJMPAG@Z
?XN____U__RXy__@@YGFPAII@Z
?F_MqPlvbnj@@YGEM@Z
?O_PTzKBBC_NUKMqplpjqc@@YGXN@Z
?UwdPXDFUYABFIQSPW_OMmY@@YGXPAI_N@Z
?hlPDjsveamjbvMtnr_@@YGPAEFPAE@Z
?sjf_PJJV_NVetjU_EMXOS@@YGXNPAM@Z
?Y_RTX__m___@@YGPAXD@Z
?G__MVTOZG_Suqiwlo@@YGHH@Z
?DMRVX_DOY_HI@@YGMH@Z
?__Q_F_JEJIEUKWOhj@@YGEK@Z
?W_KPD_JDHYuK@@YGGII@Z
?lt_o_kxsr_qi_J@@YGPAHM@Z
?_XVEATQP_HRoz__elxxc__@@YGPAXEF@Z
?gp_kTMaTfiuZbvgwbapjE@@YGPAIE@Z
?t_wvmuFBshhx_I@@YGDPAFPAH@Z
?t_kjcnwAgt__jjk@@YGK_N@Z
?VAAJCY_r_qbpf_y_aj_x__@@YGPAJPAE@Z
?IQXlooGDCf@@YGGG@Z
?rYETwqiketvjDWFRwU@@YGDE@Z
?KHL_NUFOCJNAz@@YGNM@Z
?f_pj_ozg_yROGKrdk@@YGXPAFE@Z
?mnBCL_ZWKTwn_sFOD_W@@YGIPAD@Z
?_EKEV_G___SGre_hSNK@@YGDG@Z
?_z_QJ_____@@YGJK@Z
?BXI__R_K_CF_V_@@YG_ND@Z
?GQUOzw_Z_XW@@YGGMJ@Z
?_aqgLLRT_JS@@YGXGPAD@Z
?Z_F__QfpNhYSOo_iXHEbvx@@YGPA_NH@Z
?_TAUIJIZJ__P@@YGFDPAG@Z

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ldata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 37KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 527B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cd7e6484eac1dc7e017663789001bf6c

Headers

File Characteristics

PDB Paths

Imports

gdi32

ntdll

msvcrt

comctl32

shlwapi

user32

kernel32

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 93KB

.ldata Size: 2KB - Virtual size: 1KB

.data Size: 37KB - Virtual size: 165KB

.crt Size: 24KB - Virtual size: 23KB

.rdata Size: 1024B - Virtual size: 527B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 93KB - Virtual size: 93KB

.ldata
Size: 2KB - Virtual size: 1KB

.data
Size: 37KB - Virtual size: 165KB

.crt
Size: 24KB - Virtual size: 23KB

.rdata
Size: 1024B - Virtual size: 527B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 3KB