c8fb4c2e6a9064d7ad0430305102fb56_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c8fb4c2e6a9064d7ad0430305102fb56_JaffaCakes118
Size

712KB
MD5

c8fb4c2e6a9064d7ad0430305102fb56
SHA1

d485ff659a6c81d0fc3c95f6c2aa6a352a5fd6b1
SHA256

0d229bb921e19f8cdddbc76b473e568fb0cc101df9f46ac67aa9e2df7b71b0c0
SHA512

b15f7de898a4d4d189ad688c2c1c3a3625214c60bff809eb2e3bb1458395205e5f4990f40d69ce6a0c2668bb73f415d69c753aedbdc6e7cde62bdbe97ebdd2a0
SSDEEP

12288:tLYT6sYv0s8WcRCzQx5cTa792Em/kcQGtQvsG5+C3ZuhmrNNKEmL+q:tLK6kTWtta+/eG+v5Z3ZuVL+q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c8fb4c2e6a9064d7ad0430305102fb56_JaffaCakes118

Files

c8fb4c2e6a9064d7ad0430305102fb56_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0a2d1e201f69871f293e9205c0c992ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\qqeqx\symyci\ebecvzgfc\bense\xtccuoet\kmx.pdb

Imports

user32

SendMessageTimeoutW
CreateDialogIndirectParamA
SetSystemCursor
GetCursorInfo
GetSysColorBrush
CreateWindowExA
BroadcastSystemMessageW
GetClassNameA
IsWindowVisible
LoadAcceleratorsA
CallMsgFilterW
ShowWindow
GetGUIThreadInfo
SetCaretBlinkTime
RegisterClassExA
DefWindowProcA
SetClipboardData
RegisterClassA
MessageBoxW
EnumClipboardFormats
ShowScrollBar
DefMDIChildProcA
DestroyWindow
CreateAcceleratorTableA
DdeConnectList
SetWindowsHookA
DdeFreeStringHandle
CharPrevA

advapi32

RegConnectRegistryA
RegOpenKeyA
CryptSetKeyParam
LookupAccountNameW

comctl32

InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Add
DrawStatusTextW
CreateStatusWindowA
ImageList_Create
CreateUpDownControl
CreatePropertySheetPageW
ImageList_AddMasked
ImageList_GetBkColor
ImageList_Draw
ImageList_GetIcon
CreatePropertySheetPageA
ImageList_Replace
ImageList_LoadImage
CreatePropertySheetPage
MakeDragList
GetEffectiveClientRect
ImageList_EndDrag
CreateStatusWindowW

shell32

SHGetDataFromIDListW
InternalExtractIconListW

kernel32

GetSystemDefaultLangID
OpenMutexA
lstrcpyA
LocalUnlock
GetEnvironmentStrings
MultiByteToWideChar
GetCurrentProcess
EnumCalendarInfoA
VirtualProtectEx
GetLocalTime
GetTempPathW
OutputDebugStringA
LeaveCriticalSection
FindAtomA
ExitProcess
WriteConsoleInputA
FreeEnvironmentStringsW
GetModuleFileNameA
CreateWaitableTimerW
VirtualFree
GetThreadLocale
GetCurrentThreadId
EnumResourceTypesA
MoveFileA
GetProcAddress
LCMapStringW
GetFullPathNameA
GlobalFree
ReadFile
ReadConsoleW
VirtualQuery
GetThreadPriorityBoost
GetCommandLineA
FreeLibraryAndExitThread
FindResourceExA
CreateToolhelp32Snapshot
GetTimeZoneInformation
WritePrivateProfileStructW
GetFullPathNameW
GetDateFormatA
SetComputerNameW
CreateMutexA
GetCommandLineW
FlushInstructionCache
DeleteCriticalSection
GetTimeFormatW
CompareStringW
UnhandledExceptionFilter
GetStartupInfoA
VirtualAlloc
CreateSemaphoreW
GlobalFindAtomA
SetEnvironmentVariableA
SetSystemTime
SetFileAttributesA
GetNamedPipeHandleStateW
GetTempPathA
FreeEnvironmentStringsA
ResetEvent
FlushFileBuffers
LCMapStringA
LoadLibraryA
lstrcpynA
GetTickCount
CloseHandle
TlsAlloc
InterlockedDecrement
WriteProfileSectionA
GetStringTypeA
RtlZeroMemory
HeapFree
GetDriveTypeA
GetCurrentProcessId
GetStartupInfoW
GetStringTypeW
TlsFree
CompareStringA
EnumResourceNamesW
GetSystemDirectoryA
WriteFile
GetConsoleOutputCP
SetConsoleTitleW
GetSystemTime
GetFileType
EnumResourceTypesW
HeapReAlloc
TransactNamedPipe
ConnectNamedPipe
WaitForMultipleObjects
GetLastError
CreateProcessA
EnterCriticalSection
EnumTimeFormatsA
OutputDebugStringW
HeapAlloc
InterlockedIncrement
GetCurrentThread
WaitNamedPipeW
SetStdHandle
HeapDestroy
GetNamedPipeInfo
GetEnvironmentStringsW
GetModuleHandleA
GetProcessShutdownParameters
FreeLibrary
GetStdHandle
GetCurrentDirectoryW
IsBadWritePtr
LocalSize
TlsSetValue
QueryPerformanceCounter
LocalFlags
InitializeCriticalSection
GetPriorityClass
SetLastError
TerminateProcess
SetLocaleInfoA
FindClose
GetNumberFormatW
LockFile
GetVersion
TerminateThread
GetModuleFileNameW
GlobalFindAtomW
LocalHandle
SetFilePointer
GetThreadSelectorEntry
TlsGetValue
GetPrivateProfileSectionNamesW
LocalShrink
GetCPInfo
FileTimeToLocalFileTime
SetHandleCount
GetLocaleInfoA
GetPrivateProfileStringA
WideCharToMultiByte
lstrlenW
RtlFillMemory
RtlUnwind
GetSystemTimeAsFileTime
GetProfileSectionW
InterlockedExchange
HeapCreate
GetOEMCP

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 448KB - Virtual size: 444KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 140KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a2d1e201f69871f293e9205c0c992ee

Headers

File Characteristics

PDB Paths

Imports

user32

advapi32

comctl32

shell32

kernel32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 448KB - Virtual size: 444KB

.data Size: 140KB - Virtual size: 161KB

.rsrc Size: 48KB - Virtual size: 44KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 448KB - Virtual size: 444KB

.data
Size: 140KB - Virtual size: 161KB

.rsrc
Size: 48KB - Virtual size: 44KB