b0337101f4e61aa8fcc75863bdffcc67_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b0337101f4e61aa8fcc75863bdffcc67_JaffaCakes118
Size

464KB
MD5

b0337101f4e61aa8fcc75863bdffcc67
SHA1

df7e2ae7d56a14de493242fa7244723d2b1dda43
SHA256

882562198e204984ea75faee62e7424b0637ceb2b6a2a5c007b1594ad1dde66b
SHA512

cb76bf2fe9cce0e01eb3c66c115ec91e225ce1b5be82bd49b09f85bc6df8441528d357aa5f71116603508be1cec77d5982cdc1dc2e37081c2ecceddb40958b35
SSDEEP

12288:kyQPQ1pk33izxPfpd8PTkyvZfATICLHCPm5H07t:SPspk3OxPfpd8LkyhfYICD2YU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b0337101f4e61aa8fcc75863bdffcc67_JaffaCakes118

Files

b0337101f4e61aa8fcc75863bdffcc67_JaffaCakes118
.exe windows:4 windows x86 arch:x86

098f5dff9e7ad7352fa615ed619a0230

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\hceto\zxc\azrewzbl\ebndgjqsh.pdb

Imports

gdi32

SetAbortProc
GetKerningPairs
ExtFloodFill
CreateMetaFileA
CreateHalftonePalette
StartDocW
GetWorldTransform
CloseFigure
CreateICA
GetFontLanguageInfo
CreatePenIndirect
GdiSetBatchLimit
EnumFontsA
GetDCOrgEx
GetPath
SetViewportOrgEx
SetBoundsRect
StretchBlt

comctl32

InitCommonControlsEx

kernel32

GetStartupInfoA
FreeEnvironmentStringsA
ReleaseSemaphore
CloseHandle
HeapAlloc
InterlockedDecrement
OpenWaitableTimerA
VirtualQuery
GetSystemTimeAsFileTime
SetHandleCount
OpenMutexA
WriteConsoleOutputA
ExitProcess
CreateMutexA
VirtualAlloc
GetProcessShutdownParameters
SetStdHandle
FlushFileBuffers
GetSystemTime
WaitCommEvent
HeapFree
GetDateFormatW
InitializeCriticalSection
EnterCriticalSection
GetModuleFileNameA
WaitNamedPipeA
GetProcAddress
DeleteAtom
RtlMoveMemory
InterlockedIncrement
HeapDestroy
GetCurrentProcess
FindNextFileA
UnhandledExceptionFilter
GetTickCount
GetLastError
GetFileType
MultiByteToWideChar
TlsAlloc
TlsSetValue
InterlockedExchange
QueryPerformanceCounter
OpenProcess
SetEnvironmentVariableA
GetCurrentProcessId
GetStdHandle
TerminateProcess
IsBadWritePtr
GlobalFix
WriteFile
GetLocalTime
lstrlenA
FreeEnvironmentStringsW
GetEnvironmentStrings
LCMapStringA
GetStartupInfoW
SetLastError
CompareStringW
LCMapStringW
GetProcessAffinityMask
TlsGetValue
GetVersion
DeleteCriticalSection
GetCurrentThreadId
GetEnvironmentVariableW
GetCPInfo
MoveFileW
ReadFile
GetCommandLineW
GetEnvironmentStringsW
LeaveCriticalSection
GetShortPathNameW
GetModuleHandleA
HeapReAlloc
WriteConsoleInputW
HeapCreate
TlsFree
GetStringTypeW
GetCommandLineA
RtlUnwind
VirtualFree
LoadLibraryA
WideCharToMultiByte
SetFilePointer
GetModuleFileNameW
GetTimeZoneInformation
GetStringTypeA
CompareStringA
GetCurrentThread

user32

CharToOemA
WaitMessage
CloseWindowStation
DdeQueryStringW
MapDialogRect
DdeQueryConvInfo
EnumClipboardFormats
WaitForInputIdle
OpenWindowStationA
SendIMEMessageExA
TranslateAcceleratorA
CopyIcon
GetCursorPos
RegisterClassExA
PostThreadMessageA
SetWindowRgn
LoadBitmapW
RegisterClassA
SetWindowContextHelpId

Sections

.text
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

098f5dff9e7ad7352fa615ed619a0230

Headers

File Characteristics

PDB Paths

Imports

gdi32

comctl32

kernel32

user32

Sections

.text Size: 336KB - Virtual size: 336KB

.rdata Size: 16KB - Virtual size: 22KB

.data Size: 102KB - Virtual size: 102KB

.rsrc Size: 8KB - Virtual size: 8KB

.text
Size: 336KB - Virtual size: 336KB

.rdata
Size: 16KB - Virtual size: 22KB

.data
Size: 102KB - Virtual size: 102KB

.rsrc
Size: 8KB - Virtual size: 8KB