fbc00d3e5d1f7a3f94fced4cb716b2a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fbc00d3e5d1f7a3f94fced4cb716b2a4_JaffaCakes118
Size

147KB
MD5

fbc00d3e5d1f7a3f94fced4cb716b2a4
SHA1

9b96643a9a1b85d31b3e4db20016bb7734f72199
SHA256

497175384a11de8772bfa787d735f0807dedcbf9bd95d36028351a219addd533
SHA512

f58488f2b5a73939794f026e7d2c95276ad9a8796938743c1b7616524e799089679bdc1cfcf81c1cddd17d4f581ba5eb3af34e7d6787ec907024309d334ab080
SSDEEP

3072:+Dx4tTxzjOJiiMfD1uXOEav4vmMEiG3SUY2/q:+DQA1PaAOMi7Y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fbc00d3e5d1f7a3f94fced4cb716b2a4_JaffaCakes118

Files

fbc00d3e5d1f7a3f94fced4cb716b2a4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

903017baef8b119a8b30a39320149f23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

J:\tRlxpyBXHqcnj\gSismbThEvWqp\pYHrNsUeJvfgh.pdb

Imports

shlwapi

PathRelativePathToA
ChrCmpIA

kernel32

GetComputerNameExW
UnlockFile
SetFileTime
lstrcpyA
SetThreadContext
lstrcmpiW
DisconnectNamedPipe
LocalFree
SetSystemTime
CreateWaitableTimerA
IsBadCodePtr
TerminateThread
QueryDosDeviceW
QueryPerformanceCounter
TransactNamedPipe
lstrlenW
GetNumberFormatA

msvcrt

exit

user32

LoadStringA
CheckDlgButton
ChangeMenuW
DefWindowProcW
UpdateWindow
DrawTextA
GetKeyState
DispatchMessageA
GetMessagePos
SendDlgItemMessageA
SetWindowRgn
GetWindowTextA
CallWindowProcW
SetWindowLongW
SetWindowLongA
CharUpperW
BeginPaint
GetMessageTime
LoadStringW
GetMessageA
CreateIconIndirect
SetWindowPlacement
DrawFrameControl
RegisterWindowMessageA
OpenDesktopW
GetWindowTextW
CopyAcceleratorTableW
CreateCaret
GrayStringW
SwitchToThisWindow

ntdll

memset

gdi32

GetSystemPaletteUse
CreateHalftonePalette
GetTextExtentPoint32A
EndPage
SetPaletteEntries
SetAbortProc
PatBlt
SetTextAlign
SetBkMode
CreateRectRgnIndirect
GetFontData
AddFontResourceW
CreateHatchBrush

Exports

Exports

?__O_WV_LEBYbab__p@@YGIMH@Z
?_iwsleb__as__nafkIT@@YGPAFMM@Z
?r_lwC_GO@@YGGPAGPAI@Z
?cbPKmshfrep@@YGXPAD@Z
?XfejvGDLPZKDQ@@YGXPAK@Z
?CHCZPFE_Q_uc@@YGPAJF@Z
?zlWGEIPFJlgv_qGJID@@YGPAKGE@Z
?wrOXUBD@@YGPAFPAND@Z
?gkLL_Wremap@@YGEK@Z
?llg_nr_qkHQ_@@YGGDE@Z
?_YPAqoawja_c@@YGKH@Z
?aj_oBWK__UG___y_eR_S_@@YGXPAEK@Z
?OVJKEZNR_C_I_PG@@YGHFPAM@Z
?VIGX___N_@@YGXDD@Z
?BJWq_e_HWU_G@@YGPAKD@Z
?gfmnsuekwfct_soFEf@@YGHHG@Z
?FYFMvyoCKJJCFtcrquTRR@@YGXPAM@Z
?fuic_R_DGSRJIICabvk@@YGPAJPAF@Z
?__HCECjg_@@YGDNE@Z
?AJ_RPO_M@@YGPAHPAFG@Z
?BXKhztyerm_xpnCKZAT@@YGHI@Z
?__ljGRRNG_h_nmvX@@YGMPAEM@Z
?KFBPc_xego@@YGXPAI@Z
?_fqkWUNu_h_@@YGGPAJ@Z
?tzjvxd___sodWT_@@YGPAKPAJM@Z
?_G__UOq_@@YGJHPAF@Z
?ct__ndn_t_@@YGFPAJ@Z
?Std_bq___q@@YGDPAEK@Z
?__o_ncKG@@YGJE@Z
?agczk_osvkmrjyhmnxum@@YGPAXI@Z
?OM__s__fsooJYJ_JzqCBi@@YGFGPAJ@Z
?RSQVZX_ICCg__s_sicm@@YGXPAEI@Z
?GX_CLLEdmKA@@YGGJM@Z
?Y_LHhfgz_MGtvo_@@YGPAMK@Z
?XAXk_mioZJ_Nkh@@YGXPAF@Z
?_hojyrep_AG@@YGPAKPADPAE@Z
?ZCXIFuffj___xFBRWC@@YGPAIJ@Z
?hizaB_Ieuu@@YGXPAJ@Z
?YPIVwvchv_qejme@@YGHFE@Z
?Hvdkyn__vkh__gI_XE@@YGPADPAH@Z
?UJV_LZ_Cnzagcbx_QC@@YGPAFM@Z
?nn_hJ_XDWSR@@YGXK_N@Z
?I_KSukwtQ_QDD_G_hvn_wd@@YGGPAFK@Z
?_XV_OYK___A_ekgxy_v_h@@YGPAEKPAH@Z
?ib__zf_y_xo@@YGDI@Z
?nrxrKDh_ldivyou_@@YGGE@Z
?JBWMD_W_B_H_T_QS@@YGPAJNJ@Z
?__NIH_h_qr_l@@YGMPAN@Z
?UM_VSBIZW_VOg@@YGFJ@Z
?Dtj_sNS__LT@@YGGGPAJ@Z
?MJOb__ncZ_HZOYBT_RRO@@YGPAKPAKG@Z
?BNZKLYJVZ@@YGXPANF@Z
?C_RQTTh_xlqrg_ogp_QTX@@YGDK@Z
?WRnmOQacydOV__o@@YGJPAFI@Z
?_XDW___OO___UX@@YGJH@Z
?j_YKCSET_GD@@YGPAED@Z
?evbxjixubn_bs_a__@@YGHPAD@Z
?_piy_jv@@YGHKI@Z
?CXZprreyjGPEX@@YGEEK@Z
?_iode_c_LQXl_u@@YGJDI@Z
?Ddu_g_ae_j@@YGEPAH@Z
?ZN_mkn_ck__@@YGKPAHK@Z
?wmt_dzkGXCzn@@YGGMI@Z
?AWJ_YTB_YO_@@YGPAKPAGE@Z
?_OTOBDCJ@@YGXE@Z
?_ydgrfcz_n_@@YGXGJ@Z

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.export
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ldata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 495B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

903017baef8b119a8b30a39320149f23

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

msvcrt

user32

ntdll

gdi32

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 83KB

.idata Size: 9KB - Virtual size: 8KB

.export Size: 14KB - Virtual size: 13KB

.data Size: 33KB - Virtual size: 188KB

.ldata Size: 2KB - Virtual size: 2KB

.rdata Size: 512B - Virtual size: 495B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 83KB - Virtual size: 83KB

.idata
Size: 9KB - Virtual size: 8KB

.export
Size: 14KB - Virtual size: 13KB

.data
Size: 33KB - Virtual size: 188KB

.ldata
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 495B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 3KB - Virtual size: 2KB