d5906b313d7ca261870ed2c748b3a6ce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d5906b313d7ca261870ed2c748b3a6ce_JaffaCakes118
Size

668KB
MD5

d5906b313d7ca261870ed2c748b3a6ce
SHA1

239a5890f385cd09e924fbd0250ca1945b25921b
SHA256

7103bce5571e2c88368d8543570915c768a876c6d82a87c06857983e731beef5
SHA512

08a58a3d5a26904ed09d08c2b84ceb03171ec1b9b1988e82340a8b430d4c61183fc1f2724043d9b9f663ee194dbe9daa7fca2adfd92681164b1f59e14d670d74
SSDEEP

12288:ZCk5YRJbC+Eww5fXxofD5rAXo9i+i9TAlRMPBw2xwS/ELpza5:Z0RJbC+Ew0fh+5rAZ9wIw2xwSczE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d5906b313d7ca261870ed2c748b3a6ce_JaffaCakes118

Files

d5906b313d7ca261870ed2c748b3a6ce_JaffaCakes118
.exe windows:4 windows x86 arch:x86

54f349da98f6be30181fb45e818113ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\jveisyete\ddxtklciok.pdb

Imports

shell32

DoEnvironmentSubstA
CheckEscapesW
SHGetPathFromIDListW
SHInvokePrinterCommandA

kernel32

GetStartupInfoA
SetStdHandle
InitializeCriticalSection
GetCurrencyFormatA
LCMapStringA
GetCommandLineA
SetConsoleCtrlHandler
IsDebuggerPresent
TlsAlloc
ExitProcess
GlobalFlags
HeapDestroy
TerminateProcess
GetModuleFileNameA
lstrcatW
InterlockedExchange
GetProcessAffinityMask
SetThreadAffinityMask
VirtualLock
GetEnvironmentStrings
SetConsoleScreenBufferSize
SetConsoleTitleA
GetFileSize
SetEnvironmentVariableA
CreateMailslotA
GetUserDefaultLCID
RtlUnwind
TlsGetValue
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcess
GlobalLock
LocalLock
TlsSetValue
VirtualAlloc
FreeEnvironmentStringsA
GetCPInfo
VirtualProtectEx
WriteFileEx
GetLogicalDriveStringsW
GetPrivateProfileSectionNamesW
GetPrivateProfileIntW
SetUnhandledExceptionFilter
GetStringTypeW
GetStringTypeA
FindAtomW
HeapReAlloc
GetStdHandle
FindNextChangeNotification
GetThreadContext
GetConsoleOutputCP
FreeEnvironmentStringsW
LeaveCriticalSection
Sleep
CompareStringW
GetProcessShutdownParameters
EnterCriticalSection
HeapCreate
DeleteCriticalSection
SetFilePointer
LocalUnlock
GetLastError
VirtualQuery
GetTickCount
HeapFree
GetTimeFormatA
GetVersionExA
OpenWaitableTimerA
WriteConsoleW
TlsFree
CloseHandle
UnhandledExceptionFilter
GetDiskFreeSpaceExW
EnumSystemLocalesA
SetConsoleCursorInfo
HeapAlloc
GetTimeZoneInformation
ReadFile
IsValidLocale
FreeLibrary
GetConsoleMode
PulseEvent
LCMapStringW
InterlockedIncrement
CreateMutexA
GetLocaleInfoW
HeapSize
CreateFileA
GetOEMCP
OpenMutexA
GetFileType
GetConsoleCP
FlushFileBuffers
GetLocaleInfoA
GetACP
GetExitCodeProcess
IsValidCodePage
InterlockedDecrement
GetDateFormatA
GetEnvironmentStringsW
WritePrivateProfileStructW
GetCurrentThread
GetSystemTimeAsFileTime
DebugActiveProcess
GetCurrentProcessId
MultiByteToWideChar
SetLastError
SetHandleCount
ReadConsoleInputW
WriteFile
SetLocaleInfoW
VirtualFree
GetCurrentThreadId
WriteConsoleA
CompareStringA
GlobalCompact
GetProcAddress
VirtualProtect
LoadLibraryA
WideCharToMultiByte
GetModuleHandleA

comctl32

ImageList_Copy
ImageList_SetIconSize
ImageList_ReplaceIcon
ImageList_Read
InitCommonControlsEx
CreateStatusWindow
ImageList_GetBkColor
ImageList_DragEnter
ImageList_DrawIndirect
ImageList_LoadImage
CreateToolbar
ImageList_GetImageCount
ImageList_SetBkColor
CreatePropertySheetPageW
ImageList_GetDragImage
CreateStatusWindowA
ImageList_DrawEx
ImageList_SetDragCursorImage
DrawStatusTextW
ImageList_Create
InitMUILanguage
ImageList_Destroy

user32

SetCapture
GetKeyNameTextA
UnpackDDElParam
ToAsciiEx
DdeDisconnect
GetTabbedTextExtentA
DrawCaption
DefWindowProcA
CountClipboardFormats
DrawStateA
SendMessageTimeoutW
BeginDeferWindowPos
CreateCaret
RegisterClassExA
ShowWindow
GetActiveWindow
SetWindowsHookW
LookupIconIdFromDirectoryEx
CloseWindow
RegisterClipboardFormatW
GetKeyboardType
GetDialogBaseUnits
MessageBoxW
DestroyWindow
RegisterClassA
SetDlgItemTextA
CreateWindowExA
EnumDesktopWindows
IsCharAlphaNumericW
GetLastActivePopup

Sections

.text
Size: 244KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 258KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54f349da98f6be30181fb45e818113ea

Headers

File Characteristics

PDB Paths

Imports

shell32

kernel32

comctl32

user32

Sections

.text Size: 244KB - Virtual size: 240KB

.rdata Size: 260KB - Virtual size: 258KB

.data Size: 112KB - Virtual size: 140KB

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 244KB - Virtual size: 240KB

.rdata
Size: 260KB - Virtual size: 258KB

.data
Size: 112KB - Virtual size: 140KB

.rsrc
Size: 48KB - Virtual size: 45KB