b3552926614d831774339c5a83a33587_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b3552926614d831774339c5a83a33587_JaffaCakes118
Size

1.5MB
MD5

b3552926614d831774339c5a83a33587
SHA1

f584a2191e46b2461636292911b0b4cfd6afbee7
SHA256

d26280afe70536ffbb47b33cc0f6ec15a79591ad5c7f4d4fe97d8cf72ac00e36
SHA512

a582416858ffbf60419c8abf2c93ac1f5606d291cec777885810e44d180ec1cd84c7c129903a79fc5771608adbbabbe34d7b74c1e1242b3f10c7bb72c0311fd7
SSDEEP

24576:RAhkeue/jLwPkLzVO8v2KeSu7wdybLWvcxvhF9GWp4HpWkuLwMfBzetfuYqjAkz3:RqXHwPkPVKKeSu7PLbxZFkzpdMfQtfRy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3552926614d831774339c5a83a33587_JaffaCakes118

Files

b3552926614d831774339c5a83a33587_JaffaCakes118
.exe windows:5 windows x86 arch:x86

dc8430628d86f67dd22ec14bc40353bc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

InterlockedExchange
GetTickCount
OutputDebugStringA
SystemTimeToFileTime
lstrcpyA
OpenEventA
GetConsoleOutputCP
SetConsoleHardwareState
LoadLibraryA
lstrcatA
GlobalFindAtomW
DefineDosDeviceW
GetThreadContext
VirtualUnlock
GetCurrentDirectoryA
SizeofResource
HeapAlloc
TlsSetValue
GetOverlappedResult
SetNamedPipeHandleState
WaitForDebugEvent
GetUserDefaultLCID
GetACP
GlobalGetAtomNameW
HeapWalk
SetInformationJobObject
AddAtomA
GetSystemTime
GlobalHandle
GetCommandLineW
DuplicateHandle
MoveFileW
CreateEventW
GlobalAddAtomW
GetCommandLineA
GetModuleHandleA
WaitForSingleObject
GetProcessVersion
GetThreadTimes
TlsGetValue
WriteConsoleInputA
InitAtomTable
HeapValidate
TlsAlloc
DisconnectNamedPipe
GetTimeFormatW
WriteConsoleInputW
InvalidateConsoleDIBits
lstrcpyW
DosDateTimeToFileTime
VerifyConsoleIoHandle
CreateMailslotW
SetUnhandledExceptionFilter
FreeResource
FileTimeToSystemTime
HeapFree
GetStringTypeA
ReadConsoleOutputA
TlsFree

ntdll

RtlUnwind
RtlQueryInformationAcl
NtQueryVolumeInformationFile
towupper
RtlAllocateHeap
wcscpy
NtVdmControl
RtlCopyLuid
NtQueryInformationToken
NtAcceptConnectPort
RtlUpcaseUnicodeChar
NtOpenMutant
RtlUpperChar
wcscat
RtlReAllocateHeap
RtlGetDaclSecurityDescriptor
RtlUnicodeToMultiByteSize

imagehlp

ImageDirectoryEntryToData

user32

CreateAcceleratorTableW
DefMDIChildProcW
SystemParametersInfoA
LoadImageW
GetSysColor
EndPaint
IsWindowEnabled
DrawMenuBar
DrawTextA
ShowScrollBar
CloseWindow
BeginPaint
RedrawWindow
SetClipboardData
IsChild
LoadAcceleratorsA
CharToOemW
DispatchMessageW
ValidateRect
MessageBoxA
MoveWindow
InflateRect
ShowWindow
GetDC
GetWindowRect
IsIconic
UnregisterClassA
TranslateMessage
DestroyWindow
GetDlgItemTextA
SetWindowPos
IsHungAppWindow
GetUpdateRect
IsWindowVisible
GetClientRect
SetProcessDefaultLayout
ReleaseDC
SetWindowLongA
ShowCaret
TranslateAcceleratorA
DdeClientTransaction
LockWindowStation
PostMessageA
GetFocus
GetMessageW
LoadCursorA
wvsprintfW

msvcrt

_vsnprintf
memset
wcsncat
swscanf
strchr
strcpy
isspace
fgets

gdi32

SelectPalette
SetBkColor
SaveDC
CreatePen
TextOutA
UpdateColors
CreateBitmap
CreateCompatibleDC
CloseEnhMetaFile
BeginPath
CreateSolidBrush
DrawEscape
GetObjectA
GetTextExtentPointW
SetRectRgn
CreatePolygonRgn
GetTextMetricsA
DeleteDC

Exports

Exports

KkpRmwSUlzgLu@12
AskXqjvvakjnjeuum@8
_RemoveQueueMsg@8
_SendTestMsg@12
HcaQwzHqvemZqjy@8
BzvQgcwaAxkoez@16

Sections

.code
Size: - Virtual size: 7.7MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 862B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc8430628d86f67dd22ec14bc40353bc

Headers

File Characteristics

Imports

kernel32

ntdll

imagehlp

user32

msvcrt

gdi32

Exports

Exports

Sections

.code Size: - Virtual size: 7.7MB

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 2KB - Virtual size: 2KB

DATA Size: 512B - Virtual size: 512B

CONST Size: 512B - Virtual size: 512B

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.reloc Size: 1024B - Virtual size: 862B

.code
Size: - Virtual size: 7.7MB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 2KB - Virtual size: 2KB

DATA
Size: 512B - Virtual size: 512B

CONST
Size: 512B - Virtual size: 512B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

.reloc
Size: 1024B - Virtual size: 862B