b655133627aaf6e4c40eb1c17e667269_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b655133627aaf6e4c40eb1c17e667269_JaffaCakes118
Size

542KB
MD5

b655133627aaf6e4c40eb1c17e667269
SHA1

250637dd1b8878994188f9dff5d91c7d05e5b500
SHA256

a6964f6dc02f8e9d54eb7cbcab27810e2442158767df2e5f244275e4b477d09a
SHA512

62c664a4007054a278255815aaac94d7f81056234f837e6b8da4cc8ae539868df2ba9687ebc4c27557ea2495f1548a1b5b580b692e4573c000e17244fa2dde78
SSDEEP

12288:MZQr8AcIwB8y8mh8JLziOZX4kNyjF/P+09D4xzXMLQ6E:MmQ6JLzp4k4jl+09D4xOE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b655133627aaf6e4c40eb1c17e667269_JaffaCakes118

Files

b655133627aaf6e4c40eb1c17e667269_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3d65be4445dbd64db4ff708bb0c62a89

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\sevjxrovl\eebutgb\fryemykts.pdb

Imports

comctl32

InitCommonControlsEx

kernel32

GetSystemTimeAsFileTime
EnumSystemLocalesA
ReadFileEx
GetLastError
GetVersionExA
DeleteAtom
GetThreadPriority
SetFilePointer
GetTimeFormatA
WideCharToMultiByte
GetModuleFileNameA
FreeResource
OpenMutexA
EnumDateFormatsA
GetEnvironmentStrings
FreeEnvironmentStringsW
FormatMessageW
SetStdHandle
LCMapStringA
GetCurrentThreadId
SetEnvironmentVariableA
UnlockFile
WriteFile
GetLocaleInfoW
TlsFree
LeaveCriticalSection
CreateMutexA
GetEnvironmentStringsW
CreateWaitableTimerW
GetUserDefaultLCID
SetHandleCount
SetLastError
LoadLibraryA
EnterCriticalSection
QueryPerformanceCounter
HeapReAlloc
DeleteCriticalSection
ExitProcess
IsValidCodePage
GetStringTypeA
VirtualFree
SetSystemTime
UnhandledExceptionFilter
GetTickCount
LCMapStringW
GetCurrentProcess
GetCPInfo
TerminateProcess
CompareStringW
GetStringTypeW
HeapDestroy
CompareStringA
HeapCreate
IsValidLocale
GetCurrentProcessId
RtlUnwind
TlsAlloc
GetLocaleInfoA
TlsSetValue
GetProcAddress
LockFileEx
GetStartupInfoA
InitializeCriticalSection
CloseHandle
IsBadWritePtr
VirtualQuery
HeapSize
GetNamedPipeInfo
VirtualProtect
GetCurrentThread
HeapAlloc
TlsGetValue
GetStdHandle
ReadFile
GetSystemInfo
GetTimeZoneInformation
WriteProfileStringW
GetModuleHandleA
GetDateFormatA
GetFileType
VirtualAlloc
GetCommandLineA
HeapFree
GetConsoleMode
MultiByteToWideChar
GetOEMCP
InterlockedExchange
FreeEnvironmentStringsA
GetACP
EnumSystemLocalesW
FlushFileBuffers
GetModuleHandleW

user32

SetRect
RegisterClassA
GetFocus
GetMenuInfo
IsCharUpperA
GetSystemMenu
GetScrollPos
CharLowerW
LoadKeyboardLayoutW
CreateIconIndirect
GetKeyNameTextW
UnhookWindowsHook
GetClassNameA
EmptyClipboard
OffsetRect
RegisterClassExA
BlockInput
DialogBoxIndirectParamW
GetDlgItem
CharNextExA
ChildWindowFromPoint
IntersectRect
GetClientRect
DialogBoxIndirectParamA
DestroyCaret

Sections

.text
Size: 362KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d65be4445dbd64db4ff708bb0c62a89

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

Sections

.text Size: 362KB - Virtual size: 362KB

.rdata Size: 59KB - Virtual size: 83KB

.data Size: 106KB - Virtual size: 106KB

.rsrc Size: 13KB - Virtual size: 12KB

.text
Size: 362KB - Virtual size: 362KB

.rdata
Size: 59KB - Virtual size: 83KB

.data
Size: 106KB - Virtual size: 106KB

.rsrc
Size: 13KB - Virtual size: 12KB