b442a3ddf687ff3fc7707683ba8b1e95_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b442a3ddf687ff3fc7707683ba8b1e95_JaffaCakes118
Size

94KB
MD5

b442a3ddf687ff3fc7707683ba8b1e95
SHA1

59845dc3655eab0ee0b64c6d223da0cc6f0028e5
SHA256

f1be7951d93915f69660cc3f9d7bb66c21962fa731d7d9809c7049dd71d49652
SHA512

42cb2c8533987db2d7a2f91fbeb9734e784aadf63671bb011c8e4f2ba91e4ebfe9d40d7f41f50133e2f6c6530873ce7f11250a785580eb373ca8cf834f60b972
SSDEEP

1536:Aul/+fGnuwSN1eVyPyFfYaVzNDxz8Koo1cZa8uIndZDsF3OLR7CPQ4bbeXm82wPa:7NSEyKFAaVzNDxzBooaa8FnjDmbeW829

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b442a3ddf687ff3fc7707683ba8b1e95_JaffaCakes118

Files

b442a3ddf687ff3fc7707683ba8b1e95_JaffaCakes118
.exe windows:5 windows x86 arch:x86

39c475b6d6c8d2030143d8463cc37f87

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\dhKsmeucjkadz\wAhzxrujycu\vyszmLoIByyu\baupAsykqlqhon.pdb

Imports

gdi32

CreatePalette
GetNearestColor
GetViewportOrgEx
CreateHatchBrush
CreateBrushIndirect
Polygon
UnrealizeObject
DPtoLP
CreatePen
Rectangle
Ellipse
GetObjectA
SetViewportExtEx

msvcrt

exit

comdlg32

CommDlgExtendedError
FindTextW
GetFileTitleW

ntdll

memset
strcspn

shlwapi

PathMatchSpecA
UrlGetPartW

user32

ExitWindowsEx
CreateDialogParamW
InvertRect
IsWindowUnicode
GetDlgItemInt
RegisterClassExW
SetDlgItemInt
CascadeWindows
PostThreadMessageA
DrawAnimatedRects
keybd_event
IsCharLowerA
GetWindowDC
GetScrollPos
CharLowerBuffW
GetMenuStringA
SwitchToThisWindow
CreateIconIndirect
GetTopWindow
GetMenuItemRect
SetWindowTextW
GetClipCursor
IsRectEmpty
ReplyMessage
GetClassInfoExW
SendMessageA
IsWindowEnabled
MessageBoxA
BeginPaint

kernel32

ClearCommBreak
SetThreadExecutionState
GetLocaleInfoW
lstrlenW
LoadResource
GetSystemDirectoryW
lstrcmpiW
OpenEventA
FindNextFileA
CompareStringW
LocalSize
FileTimeToLocalFileTime
GlobalLock
GlobalFree
lstrcpyA
GetVersionExW
SetThreadContext
GetThreadLocale

Exports

Exports

?_z_jnjqmmqbeo_@@YGFPAK@Z
?banyddckfx_wq_g_z@@YGIM@Z
?__uczomGGGs_hpwk@@YGXHPAH@Z
?N__GSBIAVTU_HJx_vf_j@@YGPAXM@Z
?A_W_BYGKPS_Wwnez_P@@YGIM@Z
?_l_BK_NJMF@@YGPAFPAMPAG@Z
?BPU_locv@@YGXG@Z
?_WMEDUMOL_NAvwhzil@@YGFPAIPA_N@Z
?OTGThx__tzorgGBL_Pspvd@@YGFPAFPAH@Z
?__LLJPRDIEQ__DxyrvgprD@@YGDKPAD@Z
?A__HJXJYQGB_XO@@YGPAE_NPAJ@Z
?QCEXBenuu@@YGHPA_NK@Z
?vlfeAKQ__W__pyotm_u@@YGPAIJN@Z
?lcq_KZI@@YGMM@Z
?ULQGWZJXHR_C_ZTGVn_j@@YGHPAI@Z
?hdKSzpfsgmn@@YGPAKH@Z
?NCV_UOJYG_@@YGPAXPAN_N@Z
?unymdkhimn@@YGJMM@Z
?_kDUCNESQSJC_W_Z@@YGJEE@Z
?QPJ_IBRS@@YGPADPAM@Z
?NICK_VITQMVMX_OVU@@YGPAXPAI@Z
?x_bx_YGFSXFVHU@@YGJPAEE@Z
?dzal_zSdfnkLE_Ootu_qU@@YGHPA_N@Z
?pqxD___XWOXHMq_rtdEJKY@@YGPAXI@Z
?ml__fOpcdvbOWPZ__VB@@YGPAMHI@Z
?azozmHntXNvhwKTDEFv_@@YGHPAJD@Z
?TIX_QEipad_ASJRD@@YGKE@Z
?W___YwybpHeg_y_P__@@YGEFPAG@Z
?__THB_QGh_qiqkIMR_o@@YGPAXG@Z
?C_P_DoxkxEY_OO@@YGDH@Z
?ALHgmb_ooukHBJve__@@YGXPAFPAE@Z
?fcmwfFQC_Ee_m_t@@YGPAI_NH@Z
?axkviX_CLZ_BZQ_m_e_@@YGG_N@Z
?xqbwpXuc@@YGPAIK@Z
?xsd_AOUD_QNM_v_x__@@YGHPAFH@Z
?CKNRZ_GXBEHk_yj@@YGPAFPAN@Z
?tdasYNBa_eaFRWm__j@@YGHG@Z
?___e_kwJ_Lz___dqy_nll@@YGPAFJG@Z
?OIA_EfsNOIR@@YG_NG@Z
?j_io_bxQK_JK@@YGXD@Z
?___JWKBxkbo_S__Hr@@YGPA_NPAD@Z
?_i_kjGZ_T@@YGHH@Z
?L_Y_GZAXNl@@YGMHI@Z
?_NNzfhoyz_jpI@@YGKPAFPAI@Z
?sxkkmsi___cyrAOG_XYH_@@YGEPAH@Z
?woNK_Ck_gkeIKrjbcJ_@@YGPAXH@Z
?___qxpmr@@YGPA_NGG@Z
?_REJQl_r__bosH_NI@@YGXDK@Z
?_BB_E_QX@@YGXPADPAD@Z
?h_siIVCBJHL_U_NTSi@@YGPAMPAHK@Z
?rtqj_yATSCPYIN@@YGPAXJ@Z
?O_Vye_mpijW___OB@@YGKPAKPAM@Z
?CTZBE_Q_ALBY___Uzg@@YGJI@Z
?b__fbaa_jd_lv_nip_ZUt@@YGXPAN@Z
?D_AAO_WKE_@@YGHPAH@Z
?__na_G_D_YRcelg@@YGXMH@Z
?_PV_ZVM_BG_AYYfh@@YGMPAK@Z
?gzcaaPUAPtdLY_rOYWU@@YGPAFHPAM@Z
?_N_LVZU_H__BGQ@@YGPA_NI@Z
?LXUEGf_hd_rrmmd__jf_U_@@YGMN@Z
?inSBM_ROasjei_C@@YGPAEPAH@Z
?W_ICyy_wqwBwv_vyMTQDE@@YGEPAK@Z
?EUQ_DVHZAlmlpFGG@@YGXJK@Z
?b__eljppc@@YGPANG@Z
?BW_S_BBECSCc_v_eaOHL_@@YGIJPAH@Z
?ru__zkhhDLCWIYXYD__@@YGPAGK@Z
?nVqx_pyj@@YGPAHHJ@Z
?dicZU_QI_JxiQQWV@@YGGF@Z
?OT_J_NMnywvq@@YGPAEKH@Z
?_VCXN_JADS@@YGPAKPAJ@Z
?PQIDQ_euwzaplt@@YGPAXE@Z
?QA__MEUjur___h__X@@YGJI@Z
?_WKF_WKIBPq_msPRESZ_SM@@YGMPAM@Z
?bqyodmjSJU_GCMJOO@@YG_NPAHE@Z
?jqlt_tyw_jasR_FS_@@YGX_NPAE@Z
?EWEFWBQYQCd__nf@@YGPAXI@Z
?_fp_d_jgnbiawaPQLQFDJH@@YGHPAD@Z
?fiicYDM_GDzkDCMO_Hq_@@YGXPAEPAI@Z
?XSJ___HCv_dcQx_d_u_rE@@YGDN@Z
?MKRr_ddejulr@@YGJPAMD@Z
?MXNA_LMH_GNTI__Y___G_V@@YGGPAH@Z
?otlwdumqKVb_l@@YGNH@Z
?upsK_SAOQMIRvJOPpq_h@@YGXF@Z
?_BNSkg__szOX__PX@@YGPAH_NPAN@Z
?__BKTXKYAYEY@@YGDH@Z

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ldata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 7KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 515B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

39c475b6d6c8d2030143d8463cc37f87

Headers

File Characteristics

PDB Paths

Imports

gdi32

msvcrt

comdlg32

ntdll

shlwapi

user32

kernel32

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 53KB

.ldata Size: 1KB - Virtual size: 1KB

.data Size: 7KB - Virtual size: 70KB

.crt Size: 17KB - Virtual size: 16KB

.rdata Size: 1024B - Virtual size: 515B

.rsrc Size: 10KB - Virtual size: 12KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 53KB - Virtual size: 53KB

.ldata
Size: 1KB - Virtual size: 1KB

.data
Size: 7KB - Virtual size: 70KB

.crt
Size: 17KB - Virtual size: 16KB

.rdata
Size: 1024B - Virtual size: 515B

.rsrc
Size: 10KB - Virtual size: 12KB

.reloc
Size: 3KB - Virtual size: 2KB