af38c55d3169d3f87320ca33432948d3_JaffaCakes118

General

Target

af38c55d3169d3f87320ca33432948d3_JaffaCakes118
Size

118KB
MD5

af38c55d3169d3f87320ca33432948d3
SHA1

25e908676509f465c66de60f15274c90898a013d
SHA256

9e630d971e5cee032d38c481fa31ba689ba004d644ca8e97572de0f07676c88e
SHA512

d191a3845112ac4bee2e20eaf4a9c9b86432aadb727e48df4dffdaddec8aa1acfd7f6321eb0ebf33e6560e778d1968d15412eeb00b5b3aa35cc6e64bc3f9f7a9
SSDEEP

3072:kswC8mndD/ht+NRFwyBx0k7JQRO9z+Uu3KOtgf+0zjCgrWpykS:P3RhARFwirQQY/gf+0zmTlS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
af38c55d3169d3f87320ca33432948d3_JaffaCakes118

Files

af38c55d3169d3f87320ca33432948d3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9937ae5bcb0632a3cd98a925d8dee7dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Y:\nhjps\qnrxxrAJ\Lneolt\ZmicDd\EtmlqdP.pdb

Imports

comctl32

ImageList_LoadImageW
ImageList_GetIcon
ImageList_ReplaceIcon

comdlg32

ChooseColorW
GetOpenFileNameA
GetFileTitleW

ntdll

_wtoi

shlwapi

StrToIntW
PathCanonicalizeW
StrStrIW
PathFindFileNameW

kernel32

_lcreat
GetCurrentProcess
TerminateProcess
lstrcpyW
lstrcatW
LCMapStringW
DeleteCriticalSection
LeaveCriticalSection
OpenFileMappingW
RemoveDirectoryW
SetNamedPipeHandleState

gdi32

GetTextColor
StartPage
GetObjectA
CreateHalftonePalette
GetNearestPaletteIndex
Rectangle

user32

ShowWindowAsync
MessageBoxExA
ArrangeIconicWindows
CharPrevW
RegisterClassExA
GetClientRect
SetWindowLongW
CreateWindowExW
GetWindowTextLengthW
GetMessagePos
GetDesktopWindow
GetClassInfoW
DrawMenuBar

Exports

Exports

?CreateProcessA@@YGXHPAEPAKKPAD@Z

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9937ae5bcb0632a3cd98a925d8dee7dc

Headers

File Characteristics

PDB Paths

Imports

comctl32

comdlg32

ntdll

shlwapi

kernel32

gdi32

user32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.data Size: 27KB - Virtual size: 358KB

.rdata Size: 87KB - Virtual size: 87KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 1024B - Virtual size: 1020B

.text
Size: 2KB - Virtual size: 1KB

.data
Size: 27KB - Virtual size: 358KB

.rdata
Size: 87KB - Virtual size: 87KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 1024B - Virtual size: 1020B