db16d65cdf6b8337054ccdce554aa1a1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db16d65cdf6b8337054ccdce554aa1a1_JaffaCakes118
Size

141KB
MD5

db16d65cdf6b8337054ccdce554aa1a1
SHA1

b221edbdea16021de7111a6215a2b9ab880b551a
SHA256

d9a66ca924088f9db1527fb55eb25d0f8c785b24f5ffeee6f47f84fd3aa67b54
SHA512

9f5627bd440b8dc583cbb2e551d773e72a92b8ea3aab4a1a29fd08799a03b6abc420eb4b14f48ed9250a44849719e5d3ca145738652a773a505153402737f509
SSDEEP

3072:vPOT/ij0I6ibYT+Px49r+L4NUgdpahPIjXOlyvVT1dwP:OrmJ7bYTy49P6g21IjXH9T1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db16d65cdf6b8337054ccdce554aa1a1_JaffaCakes118

Files

db16d65cdf6b8337054ccdce554aa1a1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5147d0332804a053e143488c80939e06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\BcctcadqDWf\ewabrDsgTlc\umpXqcjH\zYqnxpvIyArk.pdb

Imports

user32

OffsetRect
GetClientRect
EnableWindow
InvalidateRect
LoadStringA
InternalGetWindowText
SendMessageW
GetNextDlgGroupItem
MoveWindow
CharToOemBuffA
ShowScrollBar
AttachThreadInput
GetDlgItemTextW
GetShellWindow
GetMonitorInfoW
ChildWindowFromPointEx
GetMessagePos
GetCaretPos
BeginDeferWindowPos
LoadStringW
IsDialogMessageW
GetUpdateRect
InSendMessage
MapWindowPoints
SetParent
EnumThreadWindows
DestroyAcceleratorTable
LoadBitmapW
IsIconic
HideCaret
GetSubMenu
MapVirtualKeyA
GetSysColorBrush
SetFocus
GetDlgItemTextA
GetWindowDC
BeginPaint
CharNextA
CharNextExA
SetWindowRgn
AllowSetForegroundWindow
SwitchToThisWindow
CallWindowProcA
mouse_event
TrackPopupMenuEx
GetClassInfoExW
ScrollWindow
wvsprintfW
DestroyCaret
GetDlgCtrlID
RedrawWindow
CharNextW
GetMessageTime
RegisterClassW
SetWindowPos
CharUpperBuffA
IsWindow
PostMessageA
IsChild
ScreenToClient
GetMenu
GetKeyNameTextW
SendMessageA
FillRect
GetUserObjectInformationW
EnableScrollBar
DefWindowProcW
TranslateAcceleratorA
LockWindowUpdate
FindWindowW
UnionRect
GetLastActivePopup
ExitWindowsEx
IsWindowVisible
SetCursor
GetMenuItemInfoW
CreatePopupMenu
MessageBoxExA
GetMessageW
GetClassInfoExA
InflateRect
PostQuitMessage
GetClassInfoW
TrackPopupMenu
GetMenuItemRect
FindWindowA
ChangeMenuW
SystemParametersInfoW
SendMessageTimeoutA
InsertMenuW
MapVirtualKeyW
LoadMenuW
LoadCursorA
GetClassLongW
IsCharLowerA
RegisterClassExW
GetWindowTextA
GetDCEx
PostThreadMessageA
LookupIconIdFromDirectory
WaitMessage
UpdateWindow
DrawTextA
CheckRadioButton
DrawAnimatedRects
DefDlgProcA
CreateCursor
GetClassNameW
CloseDesktop
EnumChildWindows
GrayStringW
SetMenu
CreateMenu
CallWindowProcW
GetMenuItemID
IntersectRect
EnumWindows
LoadCursorW

comctl32

CreatePropertySheetPageA
ImageList_Read
PropertySheetA
ImageList_LoadImageW
CreateStatusWindowW
ImageList_Remove

msvcrt

_controlfp
fgets
getc
vsprintf
sprintf
wcsstr
exit
atol
setvbuf
__set_app_type
time
wcscat
isxdigit
clock
islower
putc
qsort
fseek
ftell
__p__fmode
getenv
mbstowcs
ungetc
memset
iswdigit
free
strtok
towupper
tolower
wcsrchr
__p__commode
printf
atoi
_amsg_exit
towlower
_initterm
_ismbblead
_XcptFilter
strpbrk
_exit
_cexit
__setusermatherr
__getmainargs
bsearch
floor
iswctype
strcoll
strerror

kernel32

SetWaitableTimer
OpenEventW
SetCurrentDirectoryW
GetExitCodeThread
AddAtomA
GetLongPathNameW
DeviceIoControl
GetSystemDefaultUILanguage
GlobalAddAtomA
GetNumberFormatA
IsBadStringPtrW
GetTimeZoneInformation
GetFileInformationByHandle
HeapValidate
RaiseException
GlobalAddAtomW
GetComputerNameA
GlobalFree
ConvertDefaultLocale
GetComputerNameExA
GetAtomNameW
FindCloseChangeNotification
WaitForMultipleObjects
RegisterWaitForSingleObject
EnumSystemLocalesA
SearchPathW
LoadLibraryExW
GetCurrentThread
GetThreadTimes
CreateMailslotW
SleepEx
SetUnhandledExceptionFilter
HeapWalk
FreeResource
SetEvent
ResumeThread
HeapLock
CreateEventA
lstrcpyW
InitializeCriticalSection
GetFullPathNameA
GetDateFormatW
SetNamedPipeHandleState
CreateRemoteThread
GetLocalTime
SetMailslotInfo
GetVersionExA
Sleep
GlobalAlloc
FileTimeToLocalFileTime
GetFileAttributesExA
CreateDirectoryA
CompareStringW
VerSetConditionMask
LockResource

shlwapi

PathIsUNCW

Exports

Exports

?OwnerInitDescriptor@@YGK_KK:O

Sections

.itext
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ips1
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ips2
Size: 512B - Virtual size: 89B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ntrs
Size: 512B - Virtual size: 267B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ips3
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mode
Size: - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5147d0332804a053e143488c80939e06

Headers

File Characteristics

PDB Paths

Imports

user32

comctl32

msvcrt

kernel32

shlwapi

Exports

Exports

Sections

.itext Size: 21KB - Virtual size: 21KB

.ips1 Size: 6KB - Virtual size: 5KB

.ips2 Size: 512B - Virtual size: 89B

.ntrs Size: 512B - Virtual size: 267B

.ips3 Size: 1024B - Virtual size: 704B

.data Size: 3KB - Virtual size: 2KB

.mode Size: - Virtual size: 124KB

.rsrc Size: 106KB - Virtual size: 105KB

.reloc Size: 1KB - Virtual size: 1KB

.itext
Size: 21KB - Virtual size: 21KB

.ips1
Size: 6KB - Virtual size: 5KB

.ips2
Size: 512B - Virtual size: 89B

.ntrs
Size: 512B - Virtual size: 267B

.ips3
Size: 1024B - Virtual size: 704B

.data
Size: 3KB - Virtual size: 2KB

.mode
Size: - Virtual size: 124KB

.rsrc
Size: 106KB - Virtual size: 105KB

.reloc
Size: 1KB - Virtual size: 1KB