dfed1c7ae322b70ba29b609a34c65d56_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dfed1c7ae322b70ba29b609a34c65d56_JaffaCakes118
Size

148KB
MD5

dfed1c7ae322b70ba29b609a34c65d56
SHA1

229de095ca2382819aa9a347a50f6b10d40d7ac6
SHA256

d6546c66f0a71f5d80c03fc519a9ec0e0306ee352976b9de2583a7e2b2b19b31
SHA512

cbba83b8f4dc2d792876536fa59394cd9755d1e5320009e85110925a18c83bc38e2f18432c12e77e97dcffd1b8b44d7edb047f7f86a7580a13624ccb30f2cedb
SSDEEP

3072:iuRe/CwV04qCHU07lU+j3EruNMROlsOlN0mFqP72LPYVISQ:U6wVhqSJ1j3QuQUYmg7IgVD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dfed1c7ae322b70ba29b609a34c65d56_JaffaCakes118

Files

dfed1c7ae322b70ba29b609a34c65d56_JaffaCakes118
.exe windows:4 windows x86 arch:x86

38684421b255561876cc92d833a2721a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Sumes\Karyzak\Byc\uhidovu\Nalok\owiwuz\iwehi\ema.pdb

Imports

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError
ChooseFontW
GetFileTitleW

comctl32

CreateStatusWindowW
ord17
ImageList_SetOverlayImage
DestroyPropertySheetPage
ImageList_Add
CreateToolbarEx
PropertySheetW

msimg32

GradientFill
AlphaBlend

kernel32

GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
GetCurrentProcess
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetSystemInfo
Sleep
CreateProcessW
CloseHandle
GetStartupInfoW
DeleteFileW
GetTickCount
FlushFileBuffers
CreateEventW
LocalFree
LocalAlloc
GetProfileStringW
VirtualFree
VirtualAlloc
LockFile
UnlockFile
GetLastError
GetFileType
CreateFileW
HeapFree
HeapAlloc
GetModuleHandleA
GetVersionExA
WriteFile
ExitProcess
GetProcAddress
TerminateProcess
SetFilePointer
SetStdHandle
SetHandleCount
GetStdHandle
GetStartupInfoA
SetEndOfFile
ReadFile
HeapDestroy
HeapCreate
HeapReAlloc
IsBadWritePtr
GetModuleFileNameA
UnhandledExceptionFilter
GetModuleFileNameW
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
GetCPInfo
CreateFileA
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
GetLocaleInfoA
WideCharToMultiByte
VirtualProtect

Sections

.text
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 512KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

38684421b255561876cc92d833a2721a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comdlg32

comctl32

msimg32

kernel32

Sections

.text Size: 60KB - Virtual size: 58KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 36KB - Virtual size: 512KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 60KB - Virtual size: 58KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 36KB - Virtual size: 512KB

.reloc
Size: 12KB - Virtual size: 8KB