b2702b3584969b315d3ddbc48b014d24_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2702b3584969b315d3ddbc48b014d24_JaffaCakes118
Size

574KB
MD5

b2702b3584969b315d3ddbc48b014d24
SHA1

9ca4282434cc52dba58d2754639f6a18c008b62c
SHA256

2663584c7436316c92596fa6438cfea500652ece3a51c27225c484a9e9238c70
SHA512

1aba5399a113535ed7dab13c0bc3d2f911b7d0299b0fd5f58d5dae7c54fe02553f93cfd2dddc190e697dc377afdd1708f98b78a39f240ea8d8bf5ab778511037
SSDEEP

12288:2OLcEBAchxICLH97wV0Ltsqgvt2S35mjTlU+iXTP5qickXwyK:2OtmcvICLH9o6spvP4jkbckXwX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2702b3584969b315d3ddbc48b014d24_JaffaCakes118

Files

b2702b3584969b315d3ddbc48b014d24_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e56ae43a34f6fa4f086a3e6bd3804c6a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\efdhbfadpn\sor\osbssdoikc\xdo.pdb

Imports

user32

IsCharLowerW
GetMenuContextHelpId
SetUserObjectInformationA
SendNotifyMessageA
DdeDisconnect
KillTimer
DrawTextW
DeleteMenu
ValidateRect
SubtractRect
GetActiveWindow
DestroyWindow
SetParent
RegisterClassA
InsertMenuW
DefWindowProcW
IsClipboardFormatAvailable
PeekMessageW
CreateIcon
GetMessageExtraInfo
WaitForInputIdle
UnregisterClassA
UnregisterDeviceNotification
ToAscii
DdeQueryNextServer
OpenClipboard
CreateAcceleratorTableW
RegisterClassExA
ShowCaret
EnumDisplaySettingsExW
GetNextDlgTabItem
FindWindowExW
GetWindowModuleFileNameW
GetClassNameW
GetDialogBaseUnits
GetUserObjectInformationA
PackDDElParam
MessageBoxIndirectA
DdeSetUserHandle
IsCharAlphaW
LoadCursorFromFileW
RegisterHotKey
GetClassNameA
TranslateMDISysAccel
OpenDesktopW
BroadcastSystemMessageW
ShowWindow
CreateWindowExA
IsCharUpperW
GetUserObjectInformationW
GetGUIThreadInfo
MessageBoxW
GetScrollPos
MessageBoxExW
SetWindowsHookA
OemToCharBuffA
SetFocus
IsIconic

kernel32

GetModuleHandleA
GetDiskFreeSpaceExA
GetStringTypeW
GlobalReAlloc
GetLogicalDriveStringsW
DeleteFileA
GetLongPathNameA
SetEnvironmentVariableA
HeapDestroy
CompareStringA
DeleteCriticalSection
TlsAlloc
GetConsoleCP
GetSystemInfo
SetHandleCount
GetProfileSectionA
OpenFile
InterlockedCompareExchange
IsValidCodePage
SetStdHandle
GetPrivateProfileStringA
HeapSize
GetLocaleInfoA
SetCurrentDirectoryW
GetStdHandle
LeaveCriticalSection
GetUserDefaultLCID
OpenMutexA
CreateMutexA
GetStartupInfoA
GetPrivateProfileSectionW
FreeEnvironmentStringsW
RemoveDirectoryW
CreatePipe
IsBadWritePtr
CompareFileTime
GetSystemTimeAsFileTime
EnumSystemLocalesA
GetEnvironmentStrings
GetLastError
VirtualQuery
GetPrivateProfileSectionNamesW
VirtualProtect
GetCurrentProcessId
EnumTimeFormatsA
GetStringTypeA
SetFilePointer
UnhandledExceptionFilter
ExpandEnvironmentStringsW
GetShortPathNameA
GetDateFormatA
WriteFile
ResumeThread
MoveFileExW
GetLocaleInfoW
TerminateProcess
GetCurrentProcess
GetSystemDefaultLangID
LCMapStringW
SetThreadContext
GetComputerNameA
GetCurrentThread
GetFileType
FlushFileBuffers
GetCPInfo
ReadFile
HeapReAlloc
TlsFree
LockFileEx
TlsSetValue
GetThreadTimes
VirtualFree
GetACP
GetProcAddress
GetTimeZoneInformation
IsValidLocale
GetSystemTimeAdjustment
SetTimeZoneInformation
MultiByteToWideChar
EnterCriticalSection
HeapFree
CloseHandle
lstrcmpiA
SetLastError
WideCharToMultiByte
TlsGetValue
GetTimeFormatA
GlobalHandle
InterlockedExchange
GetCommandLineA
GetProcessShutdownParameters
GetLocalTime
ExitProcess
GetModuleFileNameA
FoldStringW
GetEnvironmentStringsW
LoadLibraryA
FreeEnvironmentStringsA
ConvertDefaultLocale
PulseEvent
GetTickCount
GetDiskFreeSpaceA
TransmitCommChar
InterlockedExchangeAdd
FreeLibraryAndExitThread
QueryPerformanceCounter
GetNumberFormatW
GetOEMCP
InitializeCriticalSection
GetCurrentThreadId
GetFileAttributesA
GetVersionExA
VirtualAlloc
HeapCreate
HeapAlloc
GlobalFix
CreateDirectoryA
WriteConsoleOutputAttribute
GetSystemDirectoryW
GetTempPathA
lstrlen
LCMapStringA
RtlUnwind
GetThreadSelectorEntry
CompareStringW

comctl32

ImageList_LoadImage
CreateToolbar
CreatePropertySheetPageW
CreateStatusWindow
ImageList_Duplicate
ImageList_Add
ImageList_LoadImageW
CreateUpDownControl
ImageList_SetDragCursorImage
DrawStatusText
ImageList_Replace
CreateToolbarEx
InitCommonControlsEx
ImageList_DrawIndirect
ImageList_ReplaceIcon
ImageList_GetIconSize
ImageList_Read
ImageList_Create
DrawInsert
ImageList_AddIcon
CreatePropertySheetPageA
GetEffectiveClientRect

Sections

.text
Size: 187KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e56ae43a34f6fa4f086a3e6bd3804c6a

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

Sections

.text Size: 187KB - Virtual size: 186KB

.rdata Size: 261KB - Virtual size: 260KB

.data Size: 108KB - Virtual size: 124KB

.rsrc Size: 17KB - Virtual size: 16KB

.text
Size: 187KB - Virtual size: 186KB

.rdata
Size: 261KB - Virtual size: 260KB

.data
Size: 108KB - Virtual size: 124KB

.rsrc
Size: 17KB - Virtual size: 16KB