d4c03c408407a6935cb943dfa095bff3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d4c03c408407a6935cb943dfa095bff3_JaffaCakes118
Size

146KB
MD5

d4c03c408407a6935cb943dfa095bff3
SHA1

32cb566d699f6d60398edc80afce18695e9f3841
SHA256

55f766851b092a11ad3c467281733f29762aa5d73b62eb77cdf4168b798eec22
SHA512

4933d6bae8ad956add2b8c0e006903c26f53f08c621f7885ecc6ec8ec05cbcdef210d87aca65a8a17e449e5000f10b53072be29a77b3e1e6f6c52b035d02e306
SSDEEP

3072:rLVbmGTytXrom7ilrQjaEq8KvE4VXiazEXxE6gjZ+7B:rLFNyt7om5O9Xc4MGEXaj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d4c03c408407a6935cb943dfa095bff3_JaffaCakes118

Files

d4c03c408407a6935cb943dfa095bff3_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d650fd3dbf29c6e76b959ad296252264

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\lAsl\zwmtA\hvEJ.pdb

Imports

gdi32

SetAbortProc
GetWindowOrgEx
SetPaletteEntries
TextOutA
CreateRectRgnIndirect
SetROP2
EndDoc
EnumFontFamiliesExW
ExtFloodFill
GetFontData
PtVisible
RectVisible
CreatePolygonRgn
StartDocW

kernel32

FindFirstFileA
SetFileApisToOEM
CreateWaitableTimerA
GetSystemDefaultLangID
lstrcpyA
lstrcpynW
GlobalAddAtomA
lstrcmpiW
GetThreadPriority
GetExitCodeThread
TlsFree
CreateWaitableTimerW
lstrlenW
CreateDirectoryW
lstrcatA
CreateFileA
GetFileSize
FlushFileBuffers

user32

GetScrollPos
InvertRect
CreateAcceleratorTableW
CharNextW
IsDialogMessageA
FindWindowW
LookupIconIdFromDirectory
DefFrameProcW
GetMenuItemID
GetMonitorInfoW
AttachThreadInput
SetWindowPos
KillTimer
SendMessageTimeoutW
SendMessageA
SetWindowRgn
LoadImageA
LoadStringA
GetMenuItemInfoW
IsRectEmpty
CopyImage
DestroyCursor
PostMessageW
CharLowerW
GetMenuItemRect
SendMessageW
DestroyWindow
CheckDlgButton
PostThreadMessageA

shlwapi

StrSpnA
UrlUnescapeA
StrToIntA
PathMakePrettyW

comdlg32

ReplaceTextW
GetSaveFileNameW
PrintDlgW
GetOpenFileNameA
PrintDlgExW

Exports

Exports

?_m_gwokRDS_qp@@YGFD@Z
?FSHOYMGNst@@YGHFE@Z
?rrifb_oN_C@@YGPAXF@Z
?ruUNBQQUZ_I@@YGPAXHF@Z
?pd__wzv_h_svfQimgho@@YGX_N@Z
?_MF_ai_@@YGIGPAI@Z
?avvH_Z_zYM@@YGNPAE@Z
?_vr_ljqd@@YGMDN@Z
?scgae_c_xycwQLF@@YGPAJPAFI@Z
?lyB__EEG@@YGMD@Z
?_KDI_Lga@@YGJPAJ@Z
?zzkaqt_m_eJ_j@@YGPAMPAJ@Z
?JSOOIVVVWw___tafybq@@YGFPAM@Z

Sections

.text
Size: 53KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d650fd3dbf29c6e76b959ad296252264

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

user32

shlwapi

comdlg32

Exports

Exports

Sections

.text Size: 53KB - Virtual size: 213KB

.data Size: 36KB - Virtual size: 36KB

.xdata Size: 31KB - Virtual size: 31KB

.rdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 5KB - Virtual size: 8KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 53KB - Virtual size: 213KB

.data
Size: 36KB - Virtual size: 36KB

.xdata
Size: 31KB - Virtual size: 31KB

.rdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 5KB - Virtual size: 8KB

.reloc
Size: 2KB - Virtual size: 1KB