bd9e197c76879f888b9510b3656cd6f0_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bd9e197c76879f888b9510b3656cd6f0_JaffaCakes118
Size

602KB
MD5

bd9e197c76879f888b9510b3656cd6f0
SHA1

70a1039919d1624cd2e62d22b36868ad355a956c
SHA256

9f53ddf9b9726f59a185ea35e23979978044eee516402c084504b33ab93b3088
SHA512

8d39088b3b6badc99c4f126c2ee40cd24da6af2f55bf5f10693b9f872136e237de99f17c907f232836dc295d078b413a1b5eca627e7643c3e4eb8e94afd42a21
SSDEEP

12288:Ox7UWvjqpd0Q//RTiW5HO90rAbUbG5tWFGwo0CVDoha1n:AlrA0Q/52Wvra1rWFG3Zhoha

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bd9e197c76879f888b9510b3656cd6f0_JaffaCakes118

Files

bd9e197c76879f888b9510b3656cd6f0_JaffaCakes118
.exe windows:4 windows x86 arch:x86

76206a3318013a94a3de485c1aee9cc1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\xormk\kssyxoecc.pdb

Imports

comctl32

InitCommonControlsEx
ImageList_Replace
ImageList_SetFilter
ImageList_DrawEx
ImageList_Remove
CreateStatusWindowA
ImageList_SetFlags
DrawStatusText
ImageList_DrawIndirect
ImageList_LoadImage
InitMUILanguage
ImageList_DragEnter
ImageList_Add
ImageList_Create
CreatePropertySheetPage
ImageList_Draw
ImageList_GetImageCount
DrawStatusTextA
ImageList_DragMove
ImageList_BeginDrag
ImageList_SetDragCursorImage

shell32

SHGetFileInfo
ExtractAssociatedIconExW
ExtractIconExA
ExtractAssociatedIconW
SHInvokePrinterCommandA

wininet

FtpDeleteFileW
InternetAutodial
FindNextUrlCacheGroup

user32

RegisterClassA
PostQuitMessage
DefWindowProcW
IsRectEmpty
SetProcessWindowStation
CreateDialogIndirectParamA
GetClassInfoExA
MessageBoxW
RegisterClipboardFormatA
DestroyWindow
ShowWindow
EnumDisplaySettingsW
EnumDisplayMonitors
MenuItemFromPoint
DefFrameProcA
CreateWindowExA
MessageBoxExW
GetWindowDC
RegisterClassExA

kernel32

LCMapStringA
SetLastError
WriteConsoleW
FlushFileBuffers
HeapSize
GetLocaleInfoW
InterlockedExchange
FreeEnvironmentStringsA
UnhandledExceptionFilter
WriteFile
CloseHandle
FreeEnvironmentStringsW
GetConsoleMode
WideCharToMultiByte
VirtualAlloc
TlsAlloc
GetModuleHandleW
GetCommandLineW
GetCurrentProcessId
GetTickCount
GetUserDefaultLCID
GetCurrentThread
GetModuleFileNameA
GetCPInfo
TerminateProcess
HeapCreate
VirtualQuery
WriteConsoleA
GetStdHandle
GetTimeZoneInformation
FreeLibrary
GetSystemTimeAsFileTime
ExitProcess
TlsGetValue
GetDateFormatA
CompareStringW
VirtualFree
IsValidCodePage
CompareStringA
HeapDestroy
SetEnvironmentVariableA
SetStdHandle
ReadFile
GetOEMCP
GetStringTypeA
TlsFree
GetACP
TlsSetValue
GetStringTypeW
InterlockedDecrement
GetCurrentProcess
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
IsDebuggerPresent
OpenMutexA
GetLastError
MultiByteToWideChar
GetConsoleOutputCP
Sleep
HeapFree
GetCommandLineA
SetHandleCount
LoadLibraryA
HeapReAlloc
HeapAlloc
GetProcAddress
GetLocaleInfoA
GetEnvironmentStringsW
SetConsoleCtrlHandler
LCMapStringW
GetCurrentThreadId
QueryPerformanceCounter
RtlUnwind
GetStartupInfoA
GetModuleHandleA
DeleteCriticalSection
CreateMutexA
InterlockedIncrement
EnumSystemLocalesA
GetConsoleCP
CreateFileA
EnterCriticalSection
LeaveCriticalSection
GetFileType
GetTimeFormatA
GetEnvironmentStrings
IsValidLocale
SetFilePointer

comdlg32

GetOpenFileNameA

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

76206a3318013a94a3de485c1aee9cc1

Headers

File Characteristics

PDB Paths

Imports

comctl32

shell32

wininet

user32

kernel32

comdlg32

Sections

.text Size: 185KB - Virtual size: 185KB

.rdata Size: 243KB - Virtual size: 247KB

.data Size: 127KB - Virtual size: 127KB

.rsrc Size: 45KB - Virtual size: 44KB

.text
Size: 185KB - Virtual size: 185KB

.rdata
Size: 243KB - Virtual size: 247KB

.data
Size: 127KB - Virtual size: 127KB

.rsrc
Size: 45KB - Virtual size: 44KB