d9ca61aba54caa5a4516be7904636f80_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d9ca61aba54caa5a4516be7904636f80_JaffaCakes118
Size

256KB
MD5

d9ca61aba54caa5a4516be7904636f80
SHA1

0d869b86471ab7ef29fa4a201d6bf592dc2c5305
SHA256

ddcb7651d6010be9a11d329c0a3152625e3419ac36ac1abb47aa4227fe63e1d5
SHA512

3af1c28c33f4b80364494f2ca00dcccd239070c15ba09e848e35d27e19998b23f4739c83c77c16f3fe772f1c9dbac27eaae57fd5732148597fc0f6edbf5b97e6
SSDEEP

6144:AdzwskOxy3QxYxOlaFIHWLxY+nJn6uWlpyYamxBzO:1V4cIHWLxRR6nLamu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d9ca61aba54caa5a4516be7904636f80_JaffaCakes118

Files

d9ca61aba54caa5a4516be7904636f80_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5ad5be7ea77266c8cc6fbd68bc191bfc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\xte\hayfvotg\rtyuslpsw.pdb

Imports

comctl32

CreateStatusWindowA
CreateUpDownControl
ImageList_DragLeave
ImageList_Read
ImageList_BeginDrag
ImageList_Create
ImageList_SetIconSize
DrawStatusText
ImageList_GetDragImage
ImageList_SetOverlayImage
ImageList_Add
InitCommonControlsEx

kernel32

TlsAlloc
lstrcpyW
CreateRemoteThread
SetHandleCount
WritePrivateProfileStringA
WriteProfileStringW
GetPrivateProfileSectionNamesW
WriteFile
DeleteFiber
GetProcAddress
GlobalFix
WideCharToMultiByte
TlsFree
PulseEvent
GetFileSize
GetCurrentProcess
OpenFileMappingW
EnterCriticalSection
DeleteCriticalSection
GetCurrentThread
SetConsoleTitleA
GetCurrentProcessId
HeapReAlloc
GetSystemTimeAsFileTime
GetDiskFreeSpaceW
InterlockedExchangeAdd
HeapSize
UnhandledExceptionFilter
ResetEvent
HeapDestroy
CreateMutexA
WaitCommEvent
Sleep
InterlockedExchange
GetCommandLineA
GetStdHandle
GetCPInfo
GetSystemTime
SetVolumeLabelW
InitializeCriticalSection
InterlockedDecrement
ReadFile
SetFilePointer
ExitProcess
GetComputerNameA
MultiByteToWideChar
FreeEnvironmentStringsW
LeaveCriticalSection
GlobalGetAtomNameW
SetLastError
GetConsoleCursorInfo
GetModuleFileNameA
FlushFileBuffers
IsBadWritePtr
OutputDebugStringA
FileTimeToLocalFileTime
WriteConsoleOutputW
EnumSystemCodePagesW
GetVersion
CreateWaitableTimerA
GlobalReAlloc
GetPrivateProfileIntA
GetStringTypeW
LocalUnlock
WritePrivateProfileStructA
HeapCreate
GetStartupInfoA
GetLongPathNameA
GetCurrentThreadId
GetCommandLineW
FreeEnvironmentStringsA
GetFullPathNameA
CompareStringA
LCMapStringA
GetModuleFileNameW
GetEnvironmentStringsW
GetFileType
TransmitCommChar
SetThreadContext
InterlockedIncrement
RtlUnwind
LoadLibraryA
GetDateFormatW
GetPrivateProfileSectionNamesA
EnumResourceLanguagesA
SetSystemTime
VirtualFree
VirtualQuery
GetThreadPriority
GetShortPathNameW
GetEnvironmentStrings
VirtualAlloc
GetModuleHandleA
CompareStringW
HeapAlloc
GetTempFileNameW
CreateFileW
GetUserDefaultLCID
TerminateProcess
SetEnvironmentVariableA
GetTimeZoneInformation
EnumDateFormatsW
GetStartupInfoW
GetTempPathA
EnumTimeFormatsW
OpenSemaphoreA
OpenMutexA
GetLocalTime
GetFileAttributesW
GetTickCount
CloseHandle
GetLastError
SetStdHandle
TlsSetValue
LocalFree
WritePrivateProfileSectionW
LocalAlloc
SuspendThread
lstrcpyn
GetFileAttributesExW
TlsGetValue
EnumSystemLocalesA
LCMapStringW
GetStringTypeA
FindNextFileA
GetVersionExA
SetConsoleCursorInfo
OpenProcess
HeapValidate
WaitForSingleObjectEx
QueryPerformanceCounter
GetVersionExW
RemoveDirectoryA
GetThreadSelectorEntry
GetPrivateProfileStringA
SetLocalTime
CreateSemaphoreW
HeapFree
UnmapViewOfFile

user32

MapVirtualKeyW
ToAscii
DrawFrameControl
GetMonitorInfoA
DestroyWindow
DdeQueryConvInfo
PostThreadMessageW
GetActiveWindow
EnumDisplayDevicesW
GetLastActivePopup
DdeFreeDataHandle
GetKeyNameTextA
WinHelpW
DrawStateW
AdjustWindowRect
GetKeyNameTextW
CreateWindowExA
GetInputDesktop
MessageBoxIndirectA
MessageBoxW
GetDlgItemInt
SetCaretBlinkTime
RegisterClassExA
PackDDElParam
GetUserObjectInformationA
GetShellWindow
DefDlgProcA
ImpersonateDdeClientWindow
CreatePopupMenu
RegisterClassExW
DlgDirSelectComboBoxExW
DdeSetUserHandle
MapVirtualKeyExA
GetMenuState
SetProcessWindowStation
ShowWindow
SwitchDesktop
GetClassNameW
MoveWindow
RegisterClassW
ShowWindowAsync
RegisterHotKey
GetUserObjectSecurity
OemToCharA
RegisterClassA
SetMessageExtraInfo
GetClassInfoW
CreateAcceleratorTableW
DefWindowProcA
CreateMDIWindowW
RemovePropW
UnhookWinEvent
SetMenuDefaultItem
DrawFrame
SetMenu
GetTopWindow
SetWindowWord
CascadeWindows
EnumDesktopsW
DdeInitializeA
WaitMessage
GetClipboardViewer
PostThreadMessageA
GetProcessDefaultLayout
RegisterClipboardFormatW
EnumWindowStationsW
IsWindowUnicode
EnumDisplayMonitors
FindWindowExW
EndTask
GetPropA

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ad5be7ea77266c8cc6fbd68bc191bfc

Headers

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 88KB - Virtual size: 90KB

.rsrc Size: 36KB - Virtual size: 33KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 88KB - Virtual size: 90KB

.rsrc
Size: 36KB - Virtual size: 33KB