bda68e77554688f6c5d8223f25f81516_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bda68e77554688f6c5d8223f25f81516_JaffaCakes118
Size

444KB
MD5

bda68e77554688f6c5d8223f25f81516
SHA1

e241a50daa4eb2dfa51579723c42aec1087394f3
SHA256

feb23e49084460bd0a882196f45f6fc604c6535623896c7b108faef85e1afd2d
SHA512

d986ff154b9f123ad5c730aa6066dd5e9714e990cea23b365eee4ec810e78c7a27ae2fdc6e554d09206e8432513c8cb4bc87db56f5305b93df530b8b7d60f6b4
SSDEEP

6144:jCZuhpXnrBr5GrZvQlgj1O76P6Z18we5eQD2o67WuYUKG80TgtItbByqd:jokdBNWvaxGP6Z18wbQDvBEdTgItAqd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bda68e77554688f6c5d8223f25f81516_JaffaCakes118

Files

bda68e77554688f6c5d8223f25f81516_JaffaCakes118
.exe windows:4 windows x86 arch:x86

659c409802492d126626cc9b7b86ae1d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\tvqe\fejsqidog\erewielt\xoegipoe\o

Imports

user32

SetRectEmpty
LoadMenuIndirectA
SetPropW
BroadcastSystemMessageW
IsCharUpperW
FillRect
GetClassNameA
IsCharLowerW
DlgDirListComboBoxW
DestroyCursor
TranslateMDISysAccel
DestroyWindow
SetDebugErrorLevel
LoadBitmapW
MapVirtualKeyExA
RegisterDeviceNotificationW
RegisterClassExA
ShowWindow
CreateCaret
InvalidateRgn
CreateWindowExW
DdeQueryStringW
GetWindowModuleFileNameA
FlashWindow
BringWindowToTop
AppendMenuA
OemKeyScan
IsDialogMessage
PackDDElParam
DdeCreateDataHandle
ScrollWindow
SendMessageTimeoutA
GetMonitorInfoW
DdeAccessData
GetMonitorInfoA
GetAltTabInfo
WINNLSEnableIME
PaintDesktop
DialogBoxIndirectParamA
DlgDirSelectComboBoxExA
CharPrevW
DdeInitializeW
DlgDirListA
EnumThreadWindows
GetClassWord
DrawTextW
DestroyIcon
WinHelpW
NotifyWinEvent
SetLastErrorEx
DdeSetUserHandle
LoadCursorFromFileW
SendIMEMessageExA
MessageBoxA
RegisterClassA
RedrawWindow
ImpersonateDdeClientWindow
MessageBoxExW
RegisterWindowMessageW
VkKeyScanA
IsMenu
GetComboBoxInfo
LockWindowUpdate
GetIconInfo
BlockInput
IntersectRect
ClipCursor
SwapMouseButton
DefWindowProcW
CallMsgFilterA

kernel32

DeleteAtom
GetDateFormatW
GetWindowsDirectoryA
OpenMutexA
GetVersionExA
GetExitCodeThread
ExitProcess
CreateMutexA
TerminateProcess
WriteFile
ReadFile
TlsFree
SetEvent
GetComputerNameA
VirtualQuery
GetSystemInfo
CompareStringA
SetLocalTime
HeapCreate
GetThreadSelectorEntry
GetStringTypeA
ReadFileEx
GetStringTypeW
lstrlenW
GetModuleFileNameA
HeapReAlloc
GetTimeFormatA
GetStdHandle
SetFilePointer
GetLocaleInfoW
GetLongPathNameA
SetEndOfFile
WritePrivateProfileStringA
CloseHandle
DeleteCriticalSection
CreateFileW
GetComputerNameW
HeapAlloc
GetCurrentThreadId
GetProcAddress
EnumSystemLocalesA
GetLastError
GetOEMCP
IsValidLocale
ReadConsoleOutputA
OpenSemaphoreW
PulseEvent
MultiByteToWideChar
lstrcmpA
TlsAlloc
VirtualLock
FreeEnvironmentStringsW
ResetEvent
QueryPerformanceCounter
HeapSize
GetUserDefaultLCID
DeleteFileW
LockResource
LocalShrink
TlsGetValue
SystemTimeToFileTime
VirtualAllocEx
SetPriorityClass
TryEnterCriticalSection
VirtualFree
LeaveCriticalSection
GetSystemDefaultLCID
GetSystemTimeAsFileTime
VirtualAlloc
ReadConsoleOutputCharacterA
MapViewOfFileEx
GetStartupInfoA
CompareStringW
WideCharToMultiByte
GetCalendarInfoW
GetTickCount
IsBadWritePtr
GetCurrentThread
GetProcessShutdownParameters
SetCurrentDirectoryA
HeapDestroy
OpenProcess
GetFileSize
LCMapStringA
EnterCriticalSection
VirtualQueryEx
MoveFileExA
GetCurrentProcess
InterlockedExchange
IsValidCodePage
GetACP
SetHandleCount
GetEnvironmentStrings
LCMapStringW
FlushFileBuffers
RtlZeroMemory
ConvertDefaultLocale
GetCurrentProcessId
TlsSetValue
InitializeCriticalSection
FindClose
CreateMailslotA
VirtualProtect
GetDateFormatA
GetModuleHandleA
GetCommandLineA
SetStdHandle
SetConsoleOutputCP
HeapFree
OpenWaitableTimerW
SetLastError
GetVolumeInformationA
OutputDebugStringW
FreeEnvironmentStringsA
GetCPInfo
GetFileAttributesExW
GetEnvironmentStringsW
UnhandledExceptionFilter
RtlUnwind
RtlMoveMemory
GetTimeZoneInformation
GetLocaleInfoA
SetEnvironmentVariableA
GetFileType
LoadLibraryA

comctl32

ImageList_GetImageCount
DestroyPropertySheetPage
ImageList_LoadImageA
CreateStatusWindowA
CreateStatusWindowW
InitCommonControlsEx
ImageList_LoadImageW

wininet

InternetQueryFortezzaStatus
CreateUrlCacheEntryW
DeleteUrlCacheEntryA
InternetReadFileExW
GopherOpenFileW
InternetSetFilePointer
GopherGetAttributeA

Sections

.text
Size: 152KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 96KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

659c409802492d126626cc9b7b86ae1d

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

comctl32

wininet

Sections

.text Size: 152KB - Virtual size: 148KB

.rdata Size: 136KB - Virtual size: 135KB

.data Size: 96KB - Virtual size: 125KB

.rsrc Size: 56KB - Virtual size: 53KB

.text
Size: 152KB - Virtual size: 148KB

.rdata
Size: 136KB - Virtual size: 135KB

.data
Size: 96KB - Virtual size: 125KB

.rsrc
Size: 56KB - Virtual size: 53KB