e20aefe07a59c1093278efafc383c337_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e20aefe07a59c1093278efafc383c337_JaffaCakes118
Size

548KB
MD5

e20aefe07a59c1093278efafc383c337
SHA1

3392359f3f7cb8359ba700599e2c436652f4c40c
SHA256

6790b3c48644e9415aa06525fdb1340e170eb32db8246bf366ecddf761ea8c02
SHA512

2d1979cf0a2cc26c144ae12ad96b91a968de414bac197876ba03f7bfe0daa063892a5d67edeef38ed4ec50bb7d6baba7c5a4279bbd4ff8b90638fe586ea7376c
SSDEEP

12288:Aqc91GxIjm04F/6L6P8o1Ad4FLFkeJhzNtsoT:X0lS0U/62P7YIhkX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e20aefe07a59c1093278efafc383c337_JaffaCakes118

Files

e20aefe07a59c1093278efafc383c337_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ae7c2b39b9811c55d062e56290d55f28

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\tmo\rsdqx\vhqyw\ptexlo\eustee.pdb

Imports

kernel32

GetEnvironmentStrings
SuspendThread
WriteConsoleOutputAttribute
HeapCreate
QueryPerformanceCounter
CreateMutexA
ExitProcess
EnumResourceTypesA
OpenMutexA
GetTimeFormatW
GetProfileStringA
FreeEnvironmentStringsA
TlsGetValue
SetFilePointer
GetFileType
LoadLibraryA
HeapAlloc
GetStartupInfoA
SetConsoleTitleA
SetEnvironmentVariableW
InterlockedExchange
WriteConsoleOutputW
GetSystemTime
EnterCriticalSection
HeapDestroy
GetAtomNameA
VirtualAlloc
WritePrivateProfileSectionW
GetModuleFileNameA
GetModuleHandleA
GetLongPathNameA
SetLastError
RtlUnwind
MultiByteToWideChar
ReadFile
GetWindowsDirectoryA
LeaveCriticalSection
GetSystemTimeAsFileTime
LocalSize
WideCharToMultiByte
SetEnvironmentVariableA
WriteFile
GetStdHandle
IsBadWritePtr
GetProcAddress
LCMapStringA
OutputDebugStringA
GetCommandLineW
LocalHandle
GetProcAddress
HeapFree
WriteProfileStringW
InterlockedIncrement
FreeEnvironmentStringsW
GetFileAttributesW
lstrcpyW
GetEnvironmentVariableA
HeapReAlloc
GetConsoleTitleA
GetTempPathA
VirtualQuery
CompareStringW
GetStringTypeA
GetEnvironmentStringsW
GetStringTypeW
lstrcpyA
GlobalAddAtomW
SetHandleCount
EnumCalendarInfoExA
TerminateProcess
GlobalAlloc
GetCurrentProcess
FlushConsoleInputBuffer
SetStdHandle
GetLastError
EnumDateFormatsA
GetFileTime
InterlockedDecrement
EnumSystemCodePagesW
CreateNamedPipeA
ReadFileEx
GetTickCount
WriteProfileSectionA
DeleteCriticalSection
GetDateFormatW
ReadConsoleOutputW
SetVolumeLabelA
GlobalSize
CreateProcessA
GetCurrentProcessId
GetCurrentThread
GetProfileSectionA
FlushFileBuffers
CreateSemaphoreA
GetModuleFileNameW
GetCurrentThreadId
TlsSetValue
TlsAlloc
CloseHandle
VirtualFree
CompareStringA
LCMapStringW
GetVolumeInformationA
InitializeCriticalSection
GetLocalTime
UnhandledExceptionFilter
GetVersionExW
GetVersion
GetStartupInfoW
GetCPInfo
TlsFree
GetTimeZoneInformation
Sleep
OpenSemaphoreW
RaiseException
GetCommandLineA
GetConsoleCP

user32

CreateIconIndirect
SendIMEMessageExW
GetAsyncKeyState
DlgDirSelectExW
SetCursorPos
ExitWindowsEx
TranslateMessage
GetWindowLongW
DdePostAdvise
RegisterClassExA
IsDialogMessageW
IsIconic
GetSysColorBrush
GetTabbedTextExtentW
CharNextA
WINNLSGetIMEHotkey
CopyAcceleratorTableW
DdeFreeDataHandle
RegisterClassA
DispatchMessageW
RedrawWindow
EnableScrollBar
GetClassLongA
GetClipCursor
EndDialog
FindWindowW
UnloadKeyboardLayout
GetGUIThreadInfo
GetNextDlgGroupItem
CopyAcceleratorTableA
SetWindowContextHelpId
GetMenuItemRect

comctl32

ImageList_GetIcon
DrawStatusTextA
CreatePropertySheetPage
ImageList_EndDrag
ImageList_ReplaceIcon
ImageList_DragMove
DrawStatusTextW
CreateStatusWindow
ImageList_LoadImageW
InitMUILanguage
GetEffectiveClientRect
ImageList_BeginDrag
InitCommonControlsEx
ImageList_Write
CreateStatusWindowW
ImageList_DragEnter
ImageList_AddIcon
DrawStatusText
ImageList_GetImageCount
ImageList_SetIconSize
_TrackMouseEvent

shell32

CommandLineToArgvW
CheckEscapesW
SHAddToRecentDocs
ShellAboutW
SHGetDataFromIDListA

comdlg32

ChooseFontW
FindTextA
GetFileTitleW

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae7c2b39b9811c55d062e56290d55f28

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

comctl32

shell32

comdlg32

Sections

.text Size: 164KB - Virtual size: 161KB

.rdata Size: 248KB - Virtual size: 247KB

.data Size: 112KB - Virtual size: 124KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 164KB - Virtual size: 161KB

.rdata
Size: 248KB - Virtual size: 247KB

.data
Size: 112KB - Virtual size: 124KB

.rsrc
Size: 20KB - Virtual size: 16KB