decd8eeba98436684eab3cc8dcc9116c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

decd8eeba98436684eab3cc8dcc9116c_JaffaCakes118
Size

227KB
MD5

decd8eeba98436684eab3cc8dcc9116c
SHA1

48de32bc55260eb3e0ce02dc1d284c1b7aeb96cf
SHA256

c722ac393cc99d2e6392341034461aa6d3946ab4c0d27ad32d17a8d80e4e57c5
SHA512

8a7c9db8741bcb202f63c4d708581bb34c0563e1371255a1cc14244bdd8bb5bfdd1bb3619320d789345001722cab03b52bdd6b8e01e67628fee06838cee24984
SSDEEP

3072:KpbzVU29TXMZJmBZKe2r/WdmpGjbXu8nBUT5VdzhDFXESPfOx5GKS7bYO08cANTi:wzD9TTZKekGDBSFhDdVfXKS7j0SNT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
decd8eeba98436684eab3cc8dcc9116c_JaffaCakes118

Files

decd8eeba98436684eab3cc8dcc9116c_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d94a729e3a7d09bb7665b6343be5bc10

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\odcdIB\XitI\aqzqcb.pdb

Imports

shlwapi

PathIsFileSpecW
PathIsPrefixW
PathFindExtensionA

user32

DialogBoxIndirectParamA
GetCursorPos
SendMessageA
SendInput
SetRect
GetClientRect
SetScrollInfo
SetWindowLongW
IsCharAlphaNumericA
SetCursor
SetScrollPos
SetRectEmpty
FindWindowA
CheckDlgButton

kernel32

MulDiv
GetCommState
ExitProcess
GetCurrentThread
lstrlenW
IsBadStringPtrW
WaitForSingleObject
HeapUnlock
GetTickCount
CreateEventA
DeleteFileA

msvcrt

exit

gdi32

OffsetViewportOrgEx
GetTextExtentPointW
LineTo
LineDDA
CreateFontIndirectA
ResizePalette

Exports

Exports

?irZNw_AB_D_PtCE@@YGPAXFG@Z
?mpv__lqS_GP@@YGPAXF@Z
?U_TRNT_A_GVbs@@YGHFPAE@Z
?_FSTJvILNYhcOI_AUW@@YGPAKHPAG@Z
?npfhAUUPgft_YCG@@YGPAJK@Z
?vpW_HPRyqmO_Iisbc_g@@YGPAXH@Z
?aactqonx__j_@@YGKKF@Z
?t_etj_lnkekso__z_I@@YGPAXPAF@Z
?_ktldar_h_@@YGMH@Z
?EVSLRHOEKf_mt_g_i__I@@YGPAXD@Z
?Z_K_em__xj@@YGED@Z
?QOMRAIRuy@@YGPAFM@Z
?VCUouvvs_l_mtp@@YGDMPAI@Z
?YoukqBRSJLltrvgemx@@YGXKPAM@Z

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

debug
Size: 2KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 158KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d94a729e3a7d09bb7665b6343be5bc10

Headers

File Characteristics

PDB Paths

Imports

shlwapi

user32

kernel32

msvcrt

gdi32

Exports

Exports

Sections

.text Size: 45KB - Virtual size: 44KB

.rdata Size: 10KB - Virtual size: 10KB

debug Size: 2KB - Virtual size: 161KB

.code Size: 158KB - Virtual size: 157KB

.rsrc Size: 9KB - Virtual size: 12KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 45KB - Virtual size: 44KB

.rdata
Size: 10KB - Virtual size: 10KB

debug
Size: 2KB - Virtual size: 161KB

.code
Size: 158KB - Virtual size: 157KB

.rsrc
Size: 9KB - Virtual size: 12KB

.reloc
Size: 2KB - Virtual size: 1KB