fec9af7a07ca866c43dc15093a346696_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fec9af7a07ca866c43dc15093a346696_JaffaCakes118
Size

38KB
MD5

fec9af7a07ca866c43dc15093a346696
SHA1

938cdf3f9051536b5c37ae750d0b9a037e1de6f0
SHA256

fd9c213de3c4568500d90cc9ea7c0f4bfd80232aed058ba428c6cb2fdc1c0599
SHA512

d5132bfb2a89be4322b245a65d33e8c9215fa968204d1fd0a2f0fb4c0b0ec1bd0ce52a23da6806d97a53ccb572a792ca2703f731cf1e3f56341abfd67f4d2dc8
SSDEEP

384:a1Bd1QpGv22QhCF6SZ1zM11p1puTGMa+EBxHDUJ8DXhik7O8K1zcaJ7i38CMb:Q4gv6CF6SZ1zW1p1pu+xHDUiDS8mosB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fec9af7a07ca866c43dc15093a346696_JaffaCakes118

Files

fec9af7a07ca866c43dc15093a346696_JaffaCakes118
.dll windows:19174 windows x86 arch:x86

9a053820496598a1bdd12f733efab850

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
QueryPerformanceCounter
lstrcmpiW
GetProcessHeap
GetCommandLineW
GetCommandLineA
LocalFree
lstrcmpiW
VirtualFree
LocalFree
GetCommandLineW
GetCurrentProcess
SetEvent
GetModuleFileNameA
lstrcmpiW
GetTickCount
VirtualAlloc
GetCurrentThreadId
lstrcmpiW
SetUnhandledExceptionFilter
VirtualFree
VirtualFree
GetModuleHandleW
FreeLibrary
VirtualAlloc
GetModuleHandleW
GetCurrentProcess
GetCurrentProcessId
VirtualAlloc
LocalAlloc
MultiByteToWideChar
GetProcessHeap
QueryPerformanceCounter
FreeLibrary
GetCurrentProcessId
LocalFree
SetUnhandledExceptionFilter
GetTickCount
GetCurrentProcessId
VirtualAlloc
lstrlenW
GetCurrentThreadId

gdi32

LineTo
BitBlt
MoveToEx
GetStockObject
DeleteDC
CreateCompatibleDC
ExtTextOutW
SetBkMode
CreateCompatibleBitmap
SetBkMode
GetStockObject
SetTextColor
SetTextColor
LineTo
SetBkMode
SetBkMode
MoveToEx
BitBlt
TextOutW
SetTextColor
GetTextMetricsW
PatBlt
MoveToEx
SelectObject
PatBlt
MoveToEx
MoveToEx
GetTextMetricsW
GetTextMetricsW
SetBkMode
PatBlt
TextOutW
SetBkMode
CreateCompatibleDC
BitBlt
DeleteObject
SelectObject
GetObjectW
SetTextColor
GetObjectW
TextOutW
BitBlt

user32

SetTimer
GetMessageW
GetMessageW
SetTimer
DestroyWindow
SendMessageW
GetDC
GetSystemMetrics
SendMessageW
LoadStringW
DefWindowProcW
DefWindowProcW
UpdateLayeredWindow
PostMessageW
DefWindowProcW
GetSystemMetrics
PostMessageW
GetWindowRect
LoadIconW
GetSystemMetrics
PostMessageW
ReleaseDC
SetTimer
ReleaseDC
GetSystemMetrics
GetDC
GetDlgItem

Exports

Exports

CGgHUQar
IOwnOLs
XGurYfmDU
CjiAeCECXY
DWSnyDYI
DJVLxolOfr

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a053820496598a1bdd12f733efab850

Headers

File Characteristics

Imports

kernel32

gdi32

user32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 3KB - Virtual size: 40KB

.data Size: 8KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 4KB

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 4KB

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 3KB - Virtual size: 40KB

.data
Size: 8KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 4KB