ebc73ae9103de755ea5a2d7b61b3c6a8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ebc73ae9103de755ea5a2d7b61b3c6a8_JaffaCakes118
Size

96KB
MD5

ebc73ae9103de755ea5a2d7b61b3c6a8
SHA1

1ba26f1f10984697cfbbee2f38ae60e2ee885aa6
SHA256

ec2fec728780c3d127044259f564b650db274dcd5bcce639dba469f12a60a59a
SHA512

79b711afea6d9cf506bdd23826c398e8b8535a8f048f82554485eaa887d755c98a19b81ec73423851f9de633e41b57f4c644a68bfd92857ac6208315ac18bf65
SSDEEP

1536:dEJq+bch1NZMLTBbaYbwZK1ah4Uu2oo2IO3zKg5VmunlxY1FPOc50o2wmoxzC:dEJq+bcHnSTNaYc4ah4URmGgPlmPOqmJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ebc73ae9103de755ea5a2d7b61b3c6a8_JaffaCakes118

Files

ebc73ae9103de755ea5a2d7b61b3c6a8_JaffaCakes118
.dll windows:5 windows x86 arch:x86

27f1b0650fb8c3e66882441843e60b16

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\yuhojUDYA\bbaqzjd\GpeLmTSWr\yllbbehjpSy\wzlaopovcxtgBt.pdb

Imports

gdi32

EndDoc
CreateRectRgn
UnrealizeObject
GetClipBox
GetDIBits
GetRgnBox
CreateFontIndirectA
MoveToEx
TranslateCharsetInfo
FillRgn
Polygon
SetLayout
SetPaletteEntries
GetPixel
CombineRgn
EnumFontFamiliesExW
GetTextMetricsA
TextOutA
GetDeviceCaps

kernel32

GetModuleHandleA
DisconnectNamedPipe
GetWindowsDirectoryA
OpenFileMappingA
HeapValidate
GetTickCount
LCMapStringA
ReleaseSemaphore
IsValidLanguageGroup
WriteFile
GetCommModemStatus
DeleteCriticalSection
EnumResourceNamesA
GetProcAddress
GetWindowsDirectoryW
FindNextFileA
GetACP
CancelIo
SetCurrentDirectoryW
GetTempPathA
LoadLibraryW
FindFirstChangeNotificationW
FoldStringW

shlwapi

ord29
StrToIntExA

msvcrt

sprintf
_controlfp
ungetc
swprintf
__set_app_type
__p__fmode
__p__commode
wcscat
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
fprintf
_XcptFilter
_exit
isalpha
_cexit
iswdigit
isxdigit
strstr
islower
fwrite
ftell
__setusermatherr
__getmainargs
strtoul

user32

DrawAnimatedRects
SetScrollPos
GetSystemMenu
FindWindowExA
ReplyMessage
CharUpperBuffA
DestroyIcon
EnumChildWindows
OpenInputDesktop
GetClassInfoExW
CharLowerW
TrackPopupMenu
SendMessageW
GetIconInfo
IsCharAlphaNumericW
CreateCursor
WaitMessage
LoadStringA
DefWindowProcA
CopyRect
GetScrollPos
SetTimer
IsCharUpperA
SetMenuDefaultItem
wsprintfW
GetClipCursor
IsCharAlphaW
IsCharLowerA
IsDlgButtonChecked
SetLastErrorEx
SendNotifyMessageW
ShowOwnedPopups
GetMenuItemInfoW
OemToCharA
LoadCursorA
CheckMenuRadioItem
InSendMessageEx
EndDialog
CreateWindowExA
GetDlgItem
InflateRect
InSendMessage
RegisterWindowMessageA
GetKeyState
GetDlgCtrlID
IsWindow
CreateIconFromResource
InvalidateRgn

Exports

Exports

?DecrementProjectNew@@YGHPA_N~U
?CancelModuleNew@@YGFHPAGJM~U
?ModifyCharExW@@YGPANGPAK~U
?InstallExpressionExW@@YGEIPAN~U
InstallU
?DecrementHeaderA@@YGKMPAEHM~U
PluginCommand
PluginMain
?EnumFullNameNew@@YGPAFPAKEM~U
?GetSectionExW@@YGF_N~U
?ModifyFolderA@@YGPAGDPAGPAGJ~U
?InsertStateExW@@YGPAGEFJ~U
?LoadWindowInfoNew@@YGPAMGPAGMD~U
?FindSemaphoreA@@YGKIPAKEJ~U
PluginName
PluginType
PluginVersion
WSPStartup
?DumpDigitalDataCBhJEB@@YGKGHE@Z

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.init
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tidat
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tedat
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.alloc
Size: - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27f1b0650fb8c3e66882441843e60b16

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

shlwapi

msvcrt

user32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 20KB

.init Size: 1024B - Virtual size: 528B

.tidat Size: 3KB - Virtual size: 2KB

.tedat Size: 1024B - Virtual size: 851B

.rdata Size: 512B - Virtual size: 232B

.data Size: 2KB - Virtual size: 2KB

.alloc Size: - Virtual size: 79KB

.rsrc Size: 64KB - Virtual size: 63KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 21KB - Virtual size: 20KB

.init
Size: 1024B - Virtual size: 528B

.tidat
Size: 3KB - Virtual size: 2KB

.tedat
Size: 1024B - Virtual size: 851B

.rdata
Size: 512B - Virtual size: 232B

.data
Size: 2KB - Virtual size: 2KB

.alloc
Size: - Virtual size: 79KB

.rsrc
Size: 64KB - Virtual size: 63KB

.reloc
Size: 2KB - Virtual size: 2KB