00246a110889e253e71776da863553e5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00246a110889e253e71776da863553e5_JaffaCakes118
Size

262KB
MD5

00246a110889e253e71776da863553e5
SHA1

73462bccae8c289195fd5c005a365eda5b605f03
SHA256

bd0f3565c67e1492d387dc3118b859aea4bd1a2dd013740f39049d5869da3f48
SHA512

8a1ca122be53a98b4d9214713116754c0481f4244b414d6b8aaa9f288307e893410edf6e5243a6988984f44ac7b892aeda286f8a0688b1fb322861112d2c173f
SSDEEP

6144:DZq1p2cj6ldHPZxXhDkEcjzDBjL4BflA6hSSiuDfdF+L:sf2jnvZ3ovjHte26hSSiuu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
00246a110889e253e71776da863553e5_JaffaCakes118

Files

00246a110889e253e71776da863553e5_JaffaCakes118
.exe windows:5 windows x86 arch:x86

7dc38b84274b8de136a79872afd17192

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Ragihe\Simstyre Chiaho\baa.pdb

Imports

rpcrt4

UuidToStringA
NdrUserMarshalMarshall
RpcErrorSaveErrorInfo
RpcErrorResetEnumeration
RpcServerUseProtseqEpA
RpcSsFree
I_RpcBindingInqLocalClientPID
I_RpcReceive
RpcObjectInqType

secur32

RevertSecurityContext
EncryptMessage
InitSecurityInterfaceA
SetContextAttributesW
ApplyControlToken
CompleteAuthToken
GetUserNameExA
LsaDeregisterLogonProcess
LsaGetLogonSessionData

oleaut32

CreateErrorInfo
LoadRegTypeLi
VarR8FromDate
VarUI8FromDate
VarUI2FromR8
VarFormatCurrency
GetActiveObject
VarI8FromI2
LPSAFEARRAY_UserMarshal

rasapi32

RasSetEapUserDataW
RasSetEapUserDataA
RasGetConnectStatusW
RasGetAutodialAddressW
RasSetAutodialAddressA
RasValidateEntryNameW
RasGetAutodialAddressA
RasGetCountryInfoA
RasGetSubEntryHandleA

ole32

CLSIDFromProgIDEx
ReadClassStg
CoGetStandardMarshal
CoGetClassObject
CoGetTreatAsClass
OleSetContainedObject
CoGetCancelObject
OleSave

shell32

ExtractIconW
ord162
ord89
ord22
SHParseDisplayName
SHCreateShellItem
ExtractAssociatedIconW
SHInvokePrinterCommandW
ord85
Shell_NotifyIconA

imm32

ImmGetRegisterWordStyleW
ImmSetOpenStatus
ImmGetCompositionFontA
ImmGetCompositionStringA
ImmRegisterWordA
ImmSetCompositionFontA
ImmGetConversionStatus
ImmSetCompositionFontW
ImmGetStatusWindowPos
ImmConfigureIMEW

glu32

gluQuadricNormals
gluDeleteQuadric
gluTessVertex
gluSphere
gluTessBeginPolygon
gluBeginPolygon
gluBeginTrim
gluQuadricCallback
gluCylinder

opengl32

glVertex2dv
glIndexiv
glColorMask
glMap1f
glIndexPointer
glColorMaterial
glGetMapdv
glVertex3i
glVertex4d
glGetTexLevelParameterfv

msvcrt

isxdigit
strtoul
wcschr
wcstoul
_exit
islower
toupper
_mbctoupper
isspace
swscanf
sprintf

wininet

InternetCloseHandle
FtpFindFirstFileA
HttpQueryInfoA
InternetOpenW
HttpOpenRequestW
HttpOpenRequestA
FtpOpenFileA

shlwapi

PathRelativePathToA
PathMakePrettyW
PathRelativePathToW
PathAddExtensionA
PathRenameExtensionA
PathFindExtensionW
ord155
PathIsUNCServerW
ord9
PathRemoveBlanksA
ord29
PathBuildRootA

comctl32

ImageList_SetIconSize
PropertySheetW
ImageList_GetIconSize
ImageList_ReplaceIcon
CreateToolbarEx
ord6
CreateStatusWindowW
ImageList_LoadImageA

kernel32

GetFileSize
CreateThread
GetDriveTypeW
GetCPInfo
CreateProcessA
GetCurrentProcessId
GetFullPathNameW
lstrlenA
CopyFileA
OpenFileMappingW
FormatMessageA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetComputerNameExW

gdi32

GetStockObject
BeginPath
CreatePatternBrush
ExtFloodFill
GetEnhMetaFileBits
GetTextExtentExPointW
PtInRegion
EndPage
SetWindowExtEx
GetBkMode
CreateFontIndirectW
GetEnhMetaFileHeader
EnumFontFamiliesExA

comdlg32

GetSaveFileNameW
FindTextA
GetFileTitleW
PrintDlgA
GetOpenFileNameW
CommDlgExtendedError
ChooseColorW
PrintDlgExW

advapi32

CryptHashData
OpenTraceA
RegSaveKeyExA
RegReplaceKeyW
InitializeSecurityDescriptor
CryptSetProviderExA
CredReadW
ObjectPrivilegeAuditAlarmA

Exports

Exports

?PeltPraylunacudax@@YGXACI@Z
AddspixyopenveerGaby
CastLuvsJambLosscosslibsbud
FinoSinhjeesKobsCorkcrabtuxad
HurlKufijaggWindScarPreyGliaPupsBestkefskuduSandbuzzveene
KafslustRaisRankNitePeriLilokaasSewnNeatRanimi
MaraJupeGoshtramPaysturdGeneBrrrBoshno
TradjubaDebsNite

Sections

.text
Size: - Virtual size: 512B

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7dc38b84274b8de136a79872afd17192

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

rpcrt4

secur32

oleaut32

rasapi32

ole32

shell32

imm32

glu32

opengl32

msvcrt

wininet

shlwapi

comctl32

kernel32

gdi32

comdlg32

advapi32

Exports

Exports

Sections

.text Size: - Virtual size: 512B

.rdata Size: 248KB - Virtual size: 248KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: - Virtual size: 512B

.rdata
Size: 248KB - Virtual size: 248KB

.reloc
Size: 12KB - Virtual size: 12KB