ceaec7088bb2ed86243cecbff7205e0b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ceaec7088bb2ed86243cecbff7205e0b_JaffaCakes118
Size

52KB
MD5

ceaec7088bb2ed86243cecbff7205e0b
SHA1

df65517edc15278b8b4c42a0f3529a54890705ab
SHA256

da1500a397c230829988efbab5407285510424c4d58e4c0d3e492a7a5d2345ba
SHA512

0d7d0df8b2d198458d9b7ae1e00f21025d3a14eaae9e176a6a2593a705ff6f444bab2503c5cda87f0b1cb3d5a2c2909ff68c92fe06782a7895f3d3fbe7ab95b7
SSDEEP

1536:AuagA9qqW9RH/EyVUNLR7CPQ4bbeXmGXb0zy:PAYDEQbeWCb0z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ceaec7088bb2ed86243cecbff7205e0b_JaffaCakes118

Files

ceaec7088bb2ed86243cecbff7205e0b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

27397270b5000cf3a49d71d6066faa4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Y:\Nkfjbffeqqif\PoYnKrkok\vnIwlcyn\zYeqxzz\BhlUunpa.pdb

Imports

gdi32

SetROP2
SetBrushOrgEx
DeleteDC
CreateBrushIndirect
CreateRectRgn
CreatePatternBrush
GetBitmapBits
CreateSolidBrush
SetAbortProc
GetCharWidth32W
CreateRectRgnIndirect
GetBkMode
GetTextMetricsW

kernel32

CompareStringW
IsBadReadPtr
GlobalCompact
lstrcmpiW
lstrcpyA
OpenSemaphoreW
CreateMailslotW
lstrlenW
HeapLock
GetTempPathA
FindCloseChangeNotification
SetTimerQueueTimer
LeaveCriticalSection
GetComputerNameW
FindResourceW
ResetEvent
GetAtomNameA
SetCommTimeouts

comdlg32

ChooseFontW
GetOpenFileNameW
PrintDlgExW
ChooseColorW

shlwapi

PathMatchSpecA
UrlGetPartW

user32

SetMenuDefaultItem
GetUserObjectInformationW
InvalidateRect
InternalGetWindowText
GetDlgItem
LoadImageW
ScreenToClient
IsDlgButtonChecked
GetSystemMenu
BeginPaint
MessageBoxExW
GetFocus
GetDlgItemInt
RegisterClassExA
MoveWindow
SetMenuItemInfoW
SetScrollRange
CheckRadioButton
CopyRect
CloseDesktop
GetMessageA
InflateRect
OemToCharBuffA
IsIconic
AdjustWindowRectEx
CreateIconFromResource
GetClassLongA
GetKeyboardLayout
SetCursor

msvcrt

exit

ntdll

strcspn
memset

Exports

Exports

?GR_NNXh__o_@@YGDKPAI@Z
?VVOqmaeMVV_BwpgcCYAk@@YGPAGPAJ@Z
?rr__fpv_njGMS@@YGIPAG@Z
?leuRWOA@@YGPAEKPAF@Z
?R_xzvdvNME_@@YGIGJ@Z
?q__gbim@@YGPAIEPAE@Z
?___YVshvdcq_gi_bfm@@YGJPAEPAM@Z
?mlzdhoHXIQVO@@YGMPAH@Z
?H__vgS_J@@YGFJ@Z
?nFSHRddm@@YGJK@Z
?F__KRWPU__GV_Q_JLPM@@YGPADE@Z
?Xt_azfs_my_a@@YGKPAH_N@Z
?EH_iu_qj@@YGGH@Z
?czmnBBJqph@@YGDK@Z
?k__hjttymz@@YGID@Z
?vdcanshxQCFYq_dhvh@@YGHHJ@Z
?j_gfdkbI_IXLPE_YJ_f@@YGDDPAE@Z
?knsyMSBQD_witbuo_D@@YGD_N@Z
?cc_rkbwdh_in_OS@@YGJPANPAJ@Z
?etbcfvJQigj_nANKVXB@@YGXK@Z
?VX__TLskpqnw__xalmm@@YGPAEH@Z
?gOLRivY_GSLCPT@@YGPAFE@Z
?B__YJQ__W___kZ__C@@YGPAJPAKPAH@Z
?GMRSVwe_B__MIA_S_giysw@@YGDPAF@Z
?ATDQ_VbR_Sg@@YGPAJGI@Z
?M_ENHMKD___@@YGPAMHPAI@Z
?COitkl_f_ajjq_XS@@YGEPAEE@Z
?OQIDRfmiz_f_XQJ__@@YGPAGK@Z
?ky__MKFL_QR@@YGFPAN@Z
?xrp__rrTd_z@@YGPAJDM@Z
?uiifvfiw__fnfEN@@YGGPAK@Z
?R__gg_n_xk_hcn@@YGHD@Z
?Y_ZXFNYsn_wnz_AZFW@@YGX_N@Z
?mAZ_VTebfgqv_i@@YGPAHGPAI@Z
?LZSCFg_rl_ZFLYNU_RDGL@@YGPADPA_NI@Z
?i_y__zaz@@YGXPAFPAE@Z
?w___umzi_@@YGFE@Z
?_MJYDDQVe@@YGMPANM@Z
?otf_N_aj_rcqI@@YGNPAM@Z
?cRU_D_X_UV_X_@@YGDJD@Z
?_C_GFGHS_V_ImaqaIAL@@YGPAEJPAD@Z
?GYXXQ_NGN_P_l_jpmiU@@YGFPAIH@Z
?_ux_avw@@YGIJH@Z
?oj_GZo__@@YGXJM@Z
?HTp_qyzvlngkLAHKJX@@YGEFI@Z
?_jxvmwgNT_K_RQB@@YGEIPAG@Z
?_A_VD_Y__ffr___pI_D@@YGXPA_NJ@Z
?Ur__yzataF__E_phcml__z@@YGGM@Z
?lxklz_hWuis_n@@YGDD@Z
?ADRhr__ZFJUIYhvhujulrh@@YGJPAF@Z
?E_GLTGfp_apcOY___V_X@@YGMKF@Z
?BBQ_M_N_Z@@YGPAMMPAF@Z
?_L_HKZplya_j____rgr@@YGMPAEE@Z
?bgwa_hDKASDXKLZqrITL_@@YGGPAEM@Z
?fgk_lrew_icqwDRUCT@@YGF_N@Z
?AHYi_kk_amRXRMG_ds@@YGIGPAK@Z
?CRWWyhl_g_qadEBy@@YGDJ_N@Z
?_PXDj_cveEOTHDV@@YGMPAHPAI@Z
?N_OKNnE__RNbwqy@@YGFI@Z
?k_cp__op_TQBYZ__ZKOO@@YGPAIPAHG@Z
?HWRA_Whz_qkw__m_g_x@@YGXE@Z
?WU_HJsug@@YGJME@Z
?_AUGsg_whbhfiamax___jd@@YGGM@Z
?_fMG_Bge@@YGFF@Z
?RLW_G_X@@YGPAMHPAJ@Z
?BJ_lqwqz@@YGKJK@Z
?vuyZTRUgmczg_KShqT_Ah@@YGPAMF@Z
?Sdsikagsb__@@YGPAXJ@Z
?UNPMD__WTVbo@@YGPAKI@Z
?_p_w_ftmpnc@@YGPADGPAM@Z
?_GHWR_WXjkqvLWx___rdw@@YGXIN@Z
?R__FBNHnig_powcv__jh@@YGXE@Z
?q__x_obo_sffy__ae@@YGKPAE@Z
?ee__pevp_pk_tl_qDGI@@YGIIH@Z
?ny_jw_q@@YGPAGIPAJ@Z
?t_xvho_n__jE_BCX@@YGFK@Z
?xcc_rtwCG@@YGPA_NHPAG@Z
?o_UWXOS_Zf@@YGFI@Z
?b_gs_s_k@@YGKI@Z
?avj_VQl__lnND@@YGPAIPAM@Z
?YQSIJZb_kr_Rsuo@@YGIK@Z
?OR_B_jxndaq_h@@YGGFH@Z
?ddfjnqwPEKGYostucr@@YGDIF@Z
?ZB_HCCro@@YGIPAH@Z
?XD_PCR_umh_gxGW_B@@YGFPAJ@Z
?H_EVCXQWAV@@YGIPAF@Z
?woiwE_IGLHL_@@YGME@Z
?mg_ktpk_w@@YGGPAKPAG@Z

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ldata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 519B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27397270b5000cf3a49d71d6066faa4c

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

comdlg32

shlwapi

user32

msvcrt

ntdll

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.ldata Size: 2KB - Virtual size: 1KB

.data Size: 5KB - Virtual size: 4KB

.crt Size: 16KB - Virtual size: 16KB

.rdata Size: 1024B - Virtual size: 519B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 23KB - Virtual size: 22KB

.ldata
Size: 2KB - Virtual size: 1KB

.data
Size: 5KB - Virtual size: 4KB

.crt
Size: 16KB - Virtual size: 16KB

.rdata
Size: 1024B - Virtual size: 519B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB