dfe67e5a7191121783e0ceb5b077204d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dfe67e5a7191121783e0ceb5b077204d_JaffaCakes118
Size

147KB
MD5

dfe67e5a7191121783e0ceb5b077204d
SHA1

7a3f67c24d17301956acb0e29655ae071fca8fc9
SHA256

25c1cabb0200997f68e2ea5d1f26826adc975029ab5fc0df0a6f9eef680fb418
SHA512

bc5d32dca121ee8c3c1322a4558ddd02bf599575b5701c9ecd1a71f98e2b1553cbb1fa4f48df4596b948fee98525cc4cd1ee39cf922d425f19304153e1ddbf2c
SSDEEP

3072:QteJw+/w4fbl4GoUkKyHXDTRO+LmoXwapydewutkAmb/MEvnQjmRbeWR0yIN:a+44fbSG8KyHXYO7yd3upEvsybeWK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfe67e5a7191121783e0ceb5b077204d_JaffaCakes118

Files

dfe67e5a7191121783e0ceb5b077204d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4fff212bc9441299d9a518225a10cae3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\PMsyzhrbs\QZkTwcTkwvkqb\UgTWwfXLN.pdb

Imports

user32

RegisterClassA
GetUserObjectInformationW
CharNextW
CallWindowProcW
DestroyCursor
GetCursorPos
ModifyMenuW
SetMenuItemBitmaps
EnableWindow
ToUnicodeEx
SetDlgItemTextW
PostThreadMessageW
CreateDialogIndirectParamW
DrawTextExW
ShowWindow
DialogBoxIndirectParamW
LoadIconW
DrawFrameControl
IsWindowUnicode
GetKeyboardLayoutList
DestroyIcon
PostQuitMessage
GetWindowPlacement
GetWindowTextA
GetDlgItemInt
CreateWindowExA
GetClassInfoExA
LoadBitmapW
RegisterHotKey
InSendMessage

gdi32

GetTextColor
ExcludeClipRect
CreateEllipticRgnIndirect
SetBitmapBits
Rectangle
ScaleWindowExtEx
CreateBitmap
EndDoc
EnumFontFamiliesW
GetCurrentObject
ResizePalette
EnumFontsW
CreatePenIndirect
SetBitmapDimensionEx

msvcrt

exit

shlwapi

UrlGetPartW
PathMatchSpecA

ntdll

memset
strcspn

kernel32

RemoveDirectoryW
CompareStringW
CancelIo
CreateEventA
OpenFile
GetOEMCP
SetCurrentDirectoryW
lstrcmpiW
CreateRemoteThread
FindResourceW
SetThreadExecutionState
SetTimerQueueTimer
GlobalFindAtomW
SetThreadPriority
DefineDosDeviceW
lstrcpyA
FlushFileBuffers
lstrlenW

Exports

Exports

?muzahfASR_Pkaf@@YGJE@Z
?rirs_dkqb_@@YGPAFPAF@Z
?R_FKEVOYT_@@YGPAXE@Z
?_n__lxUIV@@YGPAEHM@Z
?ob_mhw_moiwfvbkoN_Pzoa@@YGEPAM@Z
?bu_pckoQUST_Nmvz@@YGXGK@Z
?t_qsph_@@YGGPAE@Z
?_ntkz_wqfe_gsnVFARPW@@YGKK@Z
?NMHA_Abd_EVW__S_TU@@YGPAM_NK@Z
?_mvebdKE@@YGPAHM@Z
?RidpaJY_H_Epk@@YGHMPAG@Z
?_GuUq_vjNGMJ@@YGPAXMPAG@Z
?___L__Tbw@@YGIPAJJ@Z
?jezhyy_t_hc_hkqOZHCm@@YGPAFPAGE@Z
?jzpyofalnjxlIMC_GWUE@@YGXD@Z
?__wquVJ__MJ_ZLygfzxpno@@YGMPAG@Z
?GUlkOVDztvb@@YGFPA_N@Z
?cbjg_kybGJIGRV@@YGXPAGH@Z
?k_sxrD___kowroRXUT@@YGXPAHJ@Z
?_YBLVqyxSRZOSUGxi_@@YGPAIPAJ@Z
?zwl_wobptyqv_j_t_J@@YGJPA_NPAM@Z
?qkv__wc_tmb_t_oqK_TA@@YGXN@Z
?Bfvu_e_@@YGPAHK@Z
?mwyjgw_h_rs_vqXo@@YGPA_N_NG@Z
?k_rsD_X_M_YQa@@YGPAKID@Z
?Q_yo_voozf@@YGPAJPAMK@Z
?_IXHyJXXOe_@@YGEH@Z
?rnyhpk_bay__cA@@YGDD@Z
?oj_H__MZBA_X_W_YV@@YGPAJH@Z
?AAyyhpP_BegyI_upvldu@@YGDPAJI@Z
?J_welhy_@@YGPAEPAF@Z
?vv_PL_BFdyfdpfJOHDIEH@@YGJJM@Z
?scflWpevt_xapsP_EI_@@YGH_NE@Z
?GUEGoucrfxi_a_inOI_@@YGKPAM@Z
?JvCXUDIQKPFkplI_QAxp@@YG_NHN@Z
?_KWNERKDG_@@YGPAXJ@Z
?_DM_ILHooj_irc@@YGPAXMG@Z
?_na_r_jpodiX_AB_D@@YGDPAM@Z
?_WC_pv__bG@@YGPAEPAF@Z
?_EQOYiDKzak_cfr_Dde_k@@YGXI@Z
?R_UMEY__B_AG@@YGXPAD@Z
?bnku_aTYDRGIYB_JEPILN@@YGPAEIJ@Z
?tfmZWQgtyyC@@YGPAXF@Z
?__mppzwlajcPQBnaizvi@@YGXK@Z
?bhYQCNKVFwn@@YGPAKPADJ@Z
?ha_ksm_dcVOO_Lqzugxulc@@YGXPAIPAF@Z
?ORJMXXOOHIOG@@YG_NI@Z
?qwyry__z_@@YGFJH@Z
?Xth_mcq_y_hsSPVHBljw@@YGFPAEK@Z
?__hji_WCK_HP_u_mma_W@@YGEE@Z
?srwiU_y_YVPFlswek_v__@@YGGGI@Z
?ts_t_k_OJ_GETdqesH@@YG_NGD@Z
?__jc_mdlAoqyygmyft@@YGPADPAE@Z
?YGWCCNU_IZus__tg@@YGHDH@Z
?RCI_am_@@YGJIJ@Z
?unb_cp_tyhkpbzgu@@YGMJPAN@Z
?M_Opthxp_jwxl_uwwdgyUD@@YGPAXPAG@Z
?_b_dgRMNYr_@@YGMIM@Z
?cyl_LD_CMNPUUcgc@@YGJM@Z
?DP_Iwsnrd_ZL@@YGHM@Z
?BZ_Mym_yn_PTgno_@@YGIK@Z
?__LDFKZ_@@YGDHPAI@Z
?aq_gxlq@@YGIK@Z
?hLMEUhedihwe_mKM@@YGEG@Z
?NGAWdtwnLVGT__@@YGPAXPAGPAF@Z
?_LUOCTH_A@@YGXF@Z
?BGN_SA__Hdexp_@@YGDPAM@Z
?BWzvq_UPPY_LKO@@YGDD_N@Z
?qsvtBJ_S_Dfwsegzl@@YGFPAK@Z
?ZWYB__RX@@YGPAXF@Z
?PXZCJILDSARw@@YGXN@Z
?_TKQNBPVIXzooa@@YGXPAH@Z
?q_cix__QW__@@YGFG@Z
?hzflIDOUHDULG__@@YGPAGGPAE@Z
?U___VXth_r_uur@@YGXPA_N@Z
?ndgwhxf_ITNs@@YGEG@Z
?obciRIXDIM_F_NFK_GP@@YGXPAH@Z
?NN_CHBU@@YGPADPAJ@Z
?_RQ_Mc_pL_TJTK@@YG_NNK@Z
?AUTZAtpITAHKFANIqzWV@@YGPAGJ@Z
?l_vq__ubcnz@@YG_NPAKJ@Z
?_iiVSWkv_n_OUYYX@@YGEPAI@Z
?_HF_O_WT__lcC_EZ_CQX@@YGXJ@Z
?_dojd_eb_r_mrt__s_@@YGMJ@Z
?_Z_GQCDF_YJR@@YGFPAD@Z
?KLHQ__ciFaht@@YGGDPAM@Z
?dwAYn_Y_YP_ZA@@YGHPAG@Z
?e__x_kfv_zpbkG_imxtVS@@YGFI@Z
?CPQN_I_F___vqq_zqxm@@YGPAEK@Z

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ldata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 33KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 507B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fff212bc9441299d9a518225a10cae3

Headers

File Characteristics

PDB Paths

Imports

user32

gdi32

msvcrt

shlwapi

ntdll

kernel32

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 83KB

.ldata Size: 2KB - Virtual size: 2KB

.data Size: 33KB - Virtual size: 114KB

.crt Size: 22KB - Virtual size: 22KB

.rdata Size: 512B - Virtual size: 507B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 84KB - Virtual size: 83KB

.ldata
Size: 2KB - Virtual size: 2KB

.data
Size: 33KB - Virtual size: 114KB

.crt
Size: 22KB - Virtual size: 22KB

.rdata
Size: 512B - Virtual size: 507B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB