d364d7c6fd1907d5c5f36a5167b9818a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d364d7c6fd1907d5c5f36a5167b9818a_JaffaCakes118
Size

200KB
MD5

d364d7c6fd1907d5c5f36a5167b9818a
SHA1

1bc2c850837c5bfeb1dc792ba077b0c69a1fe473
SHA256

3d255fe14e787d7c28f8b5c7af2552ab4d033e5e22c84955fde89a931553a8cd
SHA512

cff167f272d65db3598ef276d775993753aa9af242b5a8f7c1b31ed1086edfd2ed55ebbf6c5a4a2ef2dadf17b2f4fede7b5512063391844058a30660940e6e93
SSDEEP

3072:mF7nxpBe51jg+4BRgUDhhBdSeb5lttbrXsYs8JOLxh:O1pB+154Ykv579TvAl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d364d7c6fd1907d5c5f36a5167b9818a_JaffaCakes118

Files

d364d7c6fd1907d5c5f36a5167b9818a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc20ac11b243196264178a539a92cf42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files\Xig.pdb

Imports

user32

DeferWindowPos
CreateMenu
UnregisterHotKey
LoadCursorA
TranslateMessage
GetWindowLongA
BeginDeferWindowPos
GetClassInfoExA
EnumWindows
CallNextHookEx
RegisterWindowMessageA
DefWindowProcA
ReleaseDC
FillRect
TrackPopupMenu
DrawFrameControl
PostMessageA
SetWindowLongA
IsDialogMessageA
GetActiveWindow
AppendMenuA
SetClipboardData
DestroyWindow
SendMessageA
IsClipboardFormatAvailable
SendDlgItemMessageA
CheckRadioButton
SetForegroundWindow

mprapi

MprAdminInterfaceDelete
MprConfigTransportCreate
MprConfigServerRestore
MprAdminPortGetInfo
MprAdminPortEnum
MprAdminPortDisconnect
MprAdminPortClearStats
MprAdminInterfaceConnect
MprAdminInterfaceCreate
MprConfigTransportDelete
MprAdminInterfaceDeviceGetInfo
MprAdminInterfaceGetCredentialsEx
MprAdminInterfaceSetCredentials

usp10

ScriptStringGetOrder
ScriptStringAnalyse
ScriptJustify
ScriptItemize
ScriptGetGlyphABCWidth
ScriptStringOut

kernel32

GetModuleHandleA
SetConsoleCtrlHandler
ReadFile
SetEndOfFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
VirtualQuery
InterlockedExchange
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
CreateFileA
FlushFileBuffers
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
HeapSize
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetFilePointer
GetCurrentProcess
TerminateProcess
GetProcAddress
RemoveDirectoryA
TlsAlloc
GetProfileStringW
GetTempPathA
HeapFree
HeapAlloc
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetLastError
CloseHandle
WriteFile
ExitProcess

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 690KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc20ac11b243196264178a539a92cf42

Headers

File Characteristics

PDB Paths

Imports

user32

mprapi

usp10

kernel32

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 88KB - Virtual size: 690KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 88KB - Virtual size: 690KB

.reloc
Size: 8KB - Virtual size: 7KB