ea3821ecc29e72a5f86376b753646ac6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ea3821ecc29e72a5f86376b753646ac6_JaffaCakes118
Size

60KB
MD5

ea3821ecc29e72a5f86376b753646ac6
SHA1

3c9ca91ad9a9e6ff40c446e1d3072bb1bcf1ab35
SHA256

50df3a3187c424523655d0b8466df20ac5d63200c3d34340b7b4d66d1f8fd312
SHA512

dfaa810149fcc8e84ebe6ca369e2be6f5164e27cea6339a76ce11bf2272e3135ea2f874aba94068994cbd24899198c09595de7f08823b67e8af1b4a2473cd99a
SSDEEP

1536:zcxUN64sXxDx+OqHBPufXSDS5ixpqIqs:zcc6VxD1fCe5i3u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ea3821ecc29e72a5f86376b753646ac6_JaffaCakes118

Files

ea3821ecc29e72a5f86376b753646ac6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5886300b6b2c6c676436c3e03d3b055a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\LefihPfjZdjoQ\iGQQtgNsnWdxi\qpyAxzdntPhyi\nKQwjZdldi\kFfEymf.pdb

Imports

msvcrt

ungetc
_controlfp
fwrite
__set_app_type
calloc
__p__fmode
swprintf
fprintf
rand
__p__commode
_amsg_exit
strchr
strncmp
fgetc
wcstok
clearerr
iswprint
strcpy
_initterm
towupper
_ismbblead
vswprintf
isupper
_XcptFilter
fputs
_exit
wcsstr
localtime
_cexit
__setusermatherr
__getmainargs
towlower
mbstowcs
wcscpy
wcschr
atol

shlwapi

UrlGetLocationA

comctl32

ImageList_GetIconSize
ImageList_Write
ImageList_Draw
ImageList_GetImageCount
PropertySheetW
CreateToolbarEx

user32

SetMenuDefaultItem
LoadAcceleratorsA
CallWindowProcW
MonitorFromPoint
LoadIconA
DrawFocusRect
DeleteMenu
SetCaretPos
GetCursorPos
RegisterClassExW
DrawFrameControl
DefDlgProcW
GetMenuStringA
CharNextA
SendMessageTimeoutW
wsprintfW
IsCharAlphaA
AppendMenuW
WaitForInputIdle
SetActiveWindow
keybd_event
CharUpperBuffW
MapVirtualKeyA
SetRect
GetWindowLongA
AdjustWindowRectEx
DefFrameProcW
RegisterClassA
ClipCursor
ShowWindowAsync
CharUpperBuffA
SetDlgItemTextA
GetDlgItemTextA
GetScrollPos
CallWindowProcA
LoadStringW
InflateRect
RegisterWindowMessageA
TabbedTextOutW
CharPrevW
UpdateWindow
GetKeyboardType
SystemParametersInfoA
TrackPopupMenuEx
GetWindowRect
CreateDialogIndirectParamW
EnumChildWindows
CopyImage
FillRect
DefWindowProcW
SetCursorPos
LookupIconIdFromDirectory
AppendMenuA
CharNextExA
IsMenu
HideCaret
CheckRadioButton
CharPrevA
GetMenuStringW
SetScrollPos
MapDialogRect
OpenInputDesktop
IsDialogMessageW
IsZoomed
HiliteMenuItem
WindowFromPoint
CreateWindowExA
DrawStateA
ShowCursor
GetMessageTime
CharUpperW
TranslateAcceleratorA
BeginDeferWindowPos
DrawTextW
GetDCEx
GetPropW
GetWindowTextW
IsWindowEnabled
IntersectRect
CheckMenuItem
wsprintfA
CreateAcceleratorTableW
RegisterHotKey
MessageBoxExA

kernel32

CreateEventA
WriteFile
VerSetConditionMask
LCMapStringW
DuplicateHandle
GetNumberFormatA
GetUserDefaultUILanguage
VirtualAlloc
GetTimeZoneInformation
FindResourceExW
VirtualFree
GetModuleFileNameA
SetMailslotInfo
GetThreadContext
GetComputerNameExW
LockFile
FreeResource
GetCurrentDirectoryW
ClearCommBreak
lstrcpynW
GetModuleHandleA
GlobalDeleteAtom
PulseEvent
CompareStringW
lstrcmpW
lstrcmpA
CancelWaitableTimer
GetTempFileNameW
LocalSize
FindResourceExA
ReleaseMutex
EnumResourceNamesA
GetPriorityClass
CreateWaitableTimerA
VirtualProtect
GetWindowsDirectoryW
SetFilePointer
LocalReAlloc
EnumResourceNamesW
GetLocaleInfoA

Exports

Exports

?HistoryLoggingOn@@YGKDKPAX:O

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdbg
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.iplan
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.eplan
Size: 512B - Virtual size: 91B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.run
Size: 1024B - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.0dat
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ram
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5886300b6b2c6c676436c3e03d3b055a

Headers

File Characteristics

PDB Paths

Imports

msvcrt

shlwapi

comctl32

user32

kernel32

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 23KB

.rdbg Size: 512B - Virtual size: 120B

.data Size: 3KB - Virtual size: 2KB

.iplan Size: 4KB - Virtual size: 4KB

.eplan Size: 512B - Virtual size: 91B

.run Size: 1024B - Virtual size: 706B

.0dat Size: 24KB - Virtual size: 23KB

.ram Size: - Virtual size: 39KB

.tls Size: 512B - Virtual size: 512B

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.rdbg
Size: 512B - Virtual size: 120B

.data
Size: 3KB - Virtual size: 2KB

.iplan
Size: 4KB - Virtual size: 4KB

.eplan
Size: 512B - Virtual size: 91B

.run
Size: 1024B - Virtual size: 706B

.0dat
Size: 24KB - Virtual size: 23KB

.ram
Size: - Virtual size: 39KB

.tls
Size: 512B - Virtual size: 512B

.rsrc
Size: 2KB - Virtual size: 1KB