d55651cde1b25d4f1abaf9d456477eb9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d55651cde1b25d4f1abaf9d456477eb9_JaffaCakes118
Size

136KB
MD5

d55651cde1b25d4f1abaf9d456477eb9
SHA1

e8acde597aaeec505b868de2881dca5451e2716c
SHA256

fc1798ed2df8053ccd28988ccb63d8d104a280bd55c51882bc8a9e7cadd3b3be
SHA512

e25880387ccbbebea0f366b01fd230be0c7c179913cd82231234378b576e5006336751506cecdd97742015a8f971322c7bcb777f7b5295d969cbdbc996b853c5
SSDEEP

3072:X1cKtGG95k4NsFUUpYqMwmB3k60ng7nKa4fjAaKGiH:X1cW9yfFUUpY6msgrnaKv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d55651cde1b25d4f1abaf9d456477eb9_JaffaCakes118

Files

d55651cde1b25d4f1abaf9d456477eb9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2c2fb020bb23b75e134152ef218488bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\Qbfqvprn\Bciseejy\IluXVzQb\uFggUuqUkkkcby\DzvqedMeXu.pdb

Imports

user32

SendMessageTimeoutW
CallWindowProcW
InvertRect
GetWindowPlacement
GetSubMenu
wsprintfA
IntersectRect
IsWindow
CreateWindowExA
PostMessageW
CharNextExA
RegisterWindowMessageW
SetActiveWindow
DrawFocusRect
GetParent
FillRect
OpenIcon
DragObject
GetMessageW
DefDlgProcW
ShowOwnedPopups
CreatePopupMenu
CharPrevA
GetWindowLongA
CharNextW
CheckDlgButton
EnumChildWindows
RegisterWindowMessageA

kernel32

DeleteFileW
lstrcpyA
GetLocalTime
GetCurrentThread
lstrlenW
LCMapStringW
FindFirstFileW
CreateNamedPipeW
LoadLibraryA
lstrcmpiW
GetFileAttributesA
CreateWaitableTimerA
GlobalMemoryStatusEx
QueryPerformanceCounter
OpenEventA
GetTempPathW
GetUserDefaultLangID

gdi32

OffsetRgn
RectVisible
FillRgn
TranslateCharsetInfo
RemoveFontResourceW
RestoreDC
SetRectRgn
PolyBezier
CombineRgn
DeleteObject
BitBlt
CreateSolidBrush
StartDocW
LPtoDP
GetTextExtentPoint32A

msvcrt

exit

ntdll

strcspn
memset

Exports

Exports

?rF_NSUOGhephQL_EAUakx@@YGPAXIF@Z
?OOe_hkxzNXA_PK_yqm_oi@@YGPAKG@Z
?Pk_l___odMOYELQ_eqsm@@YGHGPAG@Z
?Shsmn_ohX@@YGPAKPAGPAD@Z
?yb_xwaiuGf_yocyr@@YGXD@Z
?TPNFTf_hPYW@@YGFKPAD@Z
?zw_gvELUO_MS_H___e@@YGPAHN@Z
?_u__hXIHUC_HV@@YGEE@Z
?PZLLRlHHPukOJ@@YGPAFE@Z
?__GAG_DO__NLMSJ@@YGMDF@Z
?GDRNxx__z_foK_P__KNNp@@YGKPAJ@Z
?o_Bvw_suJW@@YGPAX_NE@Z
?DC__KM__l@@YGPAEGE@Z
?XXUIIS_v@@YGPAXPAG@Z
?LD_M_GJKhitvaklaydz_um@@YGFPAFPAI@Z
?lxqpxm_TNDK@@YGJPADPAE@Z
?pndd_nz___h_CIOJ@@YGGEN@Z
?sali_FZ@@YGPAJPAJ@Z
?Brro_YY_T_GM@@YGXPAKG@Z
?TZdqsh_ep@@YGHDPAH@Z
?SFUSPu_F@@YGKPAG@Z
?ee_ea_tshp_P__G_LD@@YGPAGGI@Z
?_fn__e_u@@YGMPAH@Z
?bd_VYH_H__qg@@YGPAXMN@Z
?IPUbwpZ_@@YGPA_NPAKPAF@Z
?I_BKVMOwlp__kim@@YGMEPAF@Z
?oxlfKTTQ_W@@YGHD@Z
?__OOJCC@@YGHPANK@Z
?P_AO_S_@@YGKE@Z
?lwjhtj__@@YGXPAD@Z
?r__xa_qVpb__eoKNZY@@YGMPAFK@Z
?_EJgantuGJ_@@YGPA_NPAEPAF@Z
?_Lyn_jXXO_A_HCc__xa@@YGMPA_N@Z
?Ruq__ea_d_@@YGJG@Z
?sf_LHaxbCLsoD@@YGDPAF@Z
?cfxg_zz_h_VRB_MIey@@YGPAXFI@Z
?eryg____@@YGXPAJJ@Z
?_nqzqta_ru@@YGJM@Z
?TJD_SVKQBfubcybXX_@@YGGEK@Z
?_zbuh_u_@@YGII@Z
?hqohdoz_je@@YGPADJ@Z
?_sbqsQ__HP_NUj_bcZ_@@YGPAKMPAE@Z
?fbjSOLCPN_KHYOFB@@YGJPAIPAJ@Z
?GZle____NZPTT_OXLM_@@YGK_NK@Z
?GKTXX_uBzrclhprqI@@YGFPAEK@Z
?gmWVGRVQ_SVit@@YGDPAJH@Z
?__jmmtw_cl_a_yp_fkn@@YGEPAHM@Z
?jgnk__aomp_qaxp_xp@@YGPAXH@Z
?ceyvTCVuqssw_uZW_L_@@YGPAF_N@Z
?_O__GX_A@@YGJK@Z
?BLd_pqwo_XusNBPJYPRAW@@YGK_N@Z
?kmb__pcgx_v_hjxkCR@@YGHH@Z
?wrratjDGPLOBMDMHwfaq_@@YGDHE@Z
?LL_MzYf@@YGPAXK@Z
?WNN_vur@@YGEEPAG@Z
?ucsaovcSWXjTI_IAFpke@@YGPAH_N@Z
?_MW_CG_BXJ_S_mgzuo@@YGPAHE@Z
?j_wk_gUJGOok_@@YGDPAG@Z
?_iobiqdgnTwy_nolw__o@@YGJID@Z
?XawDKYEI@@YGPAHIM@Z
?__axano_@@YGFG@Z
?IUl_jVUECxa_g@@YG_ND@Z
?dbbPYUBGf_k___t@@YGPAKPAEK@Z
?KOR_ZRrckn_g_q_@@YGNN@Z
?qyxqhBXRCaMGyjM_LFN__@@YGPAKID@Z
?TCWQ_OQ_HAT_XWSXBPXm@@YGPAXNPA_N@Z
?_ve_tmmG_h_lj@@YGMIPAF@Z
?NWOyqCUSwv_eZF__ZL_z@@YGFEI@Z
?QACIOPyxaotyzQWELG@@YGPAHF@Z
?YZGAWw_mejep_oM_t@@YGPAEK@Z
?LNOT_Rzelyv_XPPItmjs@@YGIFF@Z
?Kvex_sjuhpF_hwap__d_@@YGPAXD@Z
?m__bek_f_i@@YGDGE@Z
?Fwlt_pCBM___@@YGPAD_NPAM@Z
?__rsevdKwfukh___E_@@YGIDPAK@Z
?_obdyMRMML_XovzgElbuL@@YGXIK@Z
?LC_YvlyRs_am_jiqsexil@@YGXK@Z
?__vecsNpF_BVFk_t@@YGGN@Z
?e_r_rTER_DFEyxwn_rf@@YGMN@Z
?gtn__do_@@YGJH@Z
?zcv___w_muqmirh_X_GO@@YGDPAIE@Z
?gv_vzgltK_T@@YGPAIKH@Z
?dgeigxqcii@@YGKN@Z
?QYQ_ExlwDM_X@@YGHEF@Z

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ldata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.export
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 487B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c2fb020bb23b75e134152ef218488bb

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

gdi32

msvcrt

ntdll

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 79KB

.idata Size: 7KB - Virtual size: 7KB

.ldata Size: 2KB - Virtual size: 1KB

.data Size: 28KB - Virtual size: 32KB

.export Size: 14KB - Virtual size: 13KB

.rdata Size: 512B - Virtual size: 487B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 80KB - Virtual size: 79KB

.idata
Size: 7KB - Virtual size: 7KB

.ldata
Size: 2KB - Virtual size: 1KB

.data
Size: 28KB - Virtual size: 32KB

.export
Size: 14KB - Virtual size: 13KB

.rdata
Size: 512B - Virtual size: 487B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB