cfa1373fe306a159344cde3eda5decb8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

cfa1373fe306a159344cde3eda5decb8_JaffaCakes118
Size

334KB
MD5

cfa1373fe306a159344cde3eda5decb8
SHA1

19cbd0ec840e9c845ffbe24c6f4301fe331d613d
SHA256

d494356a6c73e01fd98fbf94cd30af444eb9cf7841e175fe10acb3a3ba82df8b
SHA512

7ce31d397129501a037906aa8f70703c23a20ec4595bd122ad0146b2279d50a276c40a892c3394873553cade6eb11b97b4b2608101e6d9baf75dda1250d1dc2c
SSDEEP

6144:zoVSledMq/+NFnVt4wVhLHzvFRw06J9uDPmGfrgy4zB020zDm4lhc/ULfsKO7vBs:cV5MqIpVNHzvFRw06J9uDPmGfrgy4zBs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cfa1373fe306a159344cde3eda5decb8_JaffaCakes118

Files

cfa1373fe306a159344cde3eda5decb8_JaffaCakes118
.exe windows:4 windows x86 arch:x86

edc1b9f1efc6b4d419431e72488cc99c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\ttaest\xdu\obylmeosq\qaoarr.pdb

Imports

gdi32

GetCharWidth32A
ExtFloodFill
CreateDIBPatternBrush
GetDeviceCaps
GetPaletteEntries
DeleteDC
CreateDCA

user32

CloseWindowStation
LoadCursorA
RegisterClassExA
AttachThreadInput
GetActiveWindow
RegisterClassA
DdeCmpStringHandles
GetCaretPos
CreateWindowExW
AnyPopup
PostMessageA
CharPrevExA
OemKeyScan
ShowWindow
WINNLSEnableIME
MessageBoxA
DdeQueryStringA
TranslateMessage
EqualRect
SetClipboardData
DdePostAdvise

kernel32

ReadFile
GetCurrentProcess
GetCommandLineA
EnumDateFormatsExA
MultiByteToWideChar
TlsSetValue
GetStartupInfoA
FindResourceA
ExitProcess
LCMapStringA
QueryPerformanceCounter
GetCompressedFileSizeA
GetStartupInfoW
WriteConsoleOutputAttribute
HeapFree
TerminateProcess
TlsGetValue
GetTickCount
TlsFree
GetLocalTime
GetCurrentThreadId
GetDriveTypeA
GetLastError
GetEnvironmentStringsW
GetCurrentThread
InterlockedDecrement
GetStdHandle
ResetEvent
HeapReAlloc
SetFilePointer
VirtualFree
SetHandleCount
LCMapStringW
GetStringTypeW
GetEnvironmentStrings
FreeEnvironmentStringsW
GetTimeZoneInformation
DeleteAtom
InterlockedIncrement
FlushFileBuffers
GetSystemTime
GetFileType
LoadLibraryA
GetVersion
GetModuleFileNameA
CompareStringW
WriteFile
GetProcAddress
CreateMutexA
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
InitializeCriticalSection
CloseHandle
DeleteCriticalSection
WideCharToMultiByte
GetCurrentProcessId
GetModuleHandleA
IsBadWritePtr
HeapCreate
EnterCriticalSection
SetEnvironmentVariableA
CompareStringA
HeapAlloc
RtlUnwind
SetCriticalSectionSpinCount
OpenMutexA
SetStdHandle
SetLastError
LocalCompact
GetCommandLineW
GetCPInfo
GetModuleFileNameW
VirtualAlloc
GetStringTypeA
LeaveCriticalSection
lstrcatA
HeapDestroy
VirtualQuery
TlsAlloc
InterlockedExchange
UnhandledExceptionFilter

wininet

InternetCloseHandle
InternetQueryDataAvailable
InternetFindNextFileA

comctl32

InitCommonControlsEx

Sections

.text
Size: 216KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edc1b9f1efc6b4d419431e72488cc99c

Headers

File Characteristics

PDB Paths

Imports

gdi32

user32

kernel32

wininet

comctl32

Sections

.text Size: 216KB - Virtual size: 216KB

.rdata Size: 12KB - Virtual size: 37KB

.data Size: 88KB - Virtual size: 87KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 216KB - Virtual size: 216KB

.rdata
Size: 12KB - Virtual size: 37KB

.data
Size: 88KB - Virtual size: 87KB

.rsrc
Size: 16KB - Virtual size: 15KB