0c605e45bf0d33e1e52614d8c6469bc0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0c605e45bf0d33e1e52614d8c6469bc0_JaffaCakes118
Size

92KB
MD5

0c605e45bf0d33e1e52614d8c6469bc0
SHA1

004ffcb3f0f56fe38fbf7c3e2e1de1e2659c8055
SHA256

c25535638d6c85987f0da273cc88cf2e59ea259e2d4a50efc666f2ffe454e966
SHA512

1f2eab1c8608f68d5ac907233096008ae819ef2d79090b432e22828a97e68dc3be1e62f1afabfa53decf52e0f470d2ad325d33441297c11c0e6ed830c634c37f
SSDEEP

1536:dn8C8Dq/e22hSxcBSMw5sks7Sx+vZkfsrwaQkiAzMqRm+UV0lwFyXBIVLy5QHmh9:dn8Ciqm2gSxqwWjSEvisUmU+xR809hEh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0c605e45bf0d33e1e52614d8c6469bc0_JaffaCakes118

Files

0c605e45bf0d33e1e52614d8c6469bc0_JaffaCakes118
.exe windows:11 windows x86 arch:x86

d318be9f002d1355cbc58025bc8b6d06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\Master\Slack\reffer.pdb

Imports

user32

DestroyAcceleratorTable
MapDialogRect

kernel32

lstrcpyA
GetProfileIntW

shlwapi

ord29
StrCatBuffW
UrlIsOpaqueW
UrlGetPartA
StrCmpLogicalW
ChrCmpIW

Exports

Exports

?CancelFileXMPAJI
?DeleteDateTimeOldPAFNM
?ShowProviderPA_N_NHJ
?InsertTimeOldPAXEE
?IsMutexExHPAHDJJ
?SendListItemOldIGPAMIPAI
?IsNotConfigWXMPAJED
?DeleteProjectNewEGM
?InstallOptionOriginalPAXPAGPAE
?PutSystemWPAMJPAHK
?LoadWindowInfoExWDDPA_NEG
?FreeArgumentExWXPAHGPAMG
?FindVersionMPAGPAI
?CancelSemaphoreWEPAH
?LoadWidthNewGPAMPAGPAE
?DecrementConfigExANM
?InstallWidthAKPAMPA_NEPAE
?EnumDataOldPA_NPAH
?DeleteProviderExWPANE
?CopyCharOriginalPAJPAFE
?GetModuleNewXN
?FreeScreenAX_NEPAH
?FormatNameNewKM
?CallListOriginalPAEPAE
?GlobalSystemExGPAHPA_NPAI
?HideSizeExPAXIPAE
?IsValidNameNewJG
?KillCharOriginalPAJFF
?LoadKeyboardOldPAHPAKIPAK
?IncrementOptionWEGPA_NPAMF
?GlobalCommandLineOriginalPAFPA_NK_N
?HideFunctionOriginalXPAI
?FormatValueAPAXJ
?DecrementRectExWXD
?SendMessageGEGF
?InvalidateTextWJPAGMDH
?FormatListItemEPAJII
?CancelAppNameOriginalIN
?GenerateMessageWXPADPAK
?CancelMutexWPAEKD
?OnClassWPAJPAIK
?IncrementAnchorOriginalPAME
?SectionExAXPADK
?CloseScreenNewPANF
?IncrementFolderPathExAIDPAD
?FreeExpressionWEPAFJPAE
?ShowPointNewIPA_NHD
?GenerateModuleOriginalPAXHPAD_NPAD
?IsNotConfigOriginalDGPADPAI
?GenerateHeightNewFG
?IncrementHeaderX_N
?CloseMemoryADF
?HidePathAEKMPAK
?InvalidateTimerWEM
?GlobalDirectoryExWPAMPAIPAE
?HideHeaderOldPAGJ_NJK
?InsertSystemWHPAJPAJE
?DecrementVersionOriginalK_NPAHGPAM
?InsertVersionXD
?CallClassANGPAD
?IsNotDeviceWJPAEGPAKI
?RemoveEventOldEFPAIM
?GetPointOldIKPAHFN
?LoadCommandLineExAPAFMPA_NPAE
?CopyWindowInfoExXMPAHJ
?HideProviderNewXPAEI
?IsConfigExWKHPAME
?CopyThreadWPAXPAFPAFJH
?CallPenWFDFPANPAE
?IsNotWindowInfoXFM
?DecrementScreenExWGIPAGF
?AddMutexExXMPAFPAG
?FindSystemWPAXHK
?OnProjectNewHPAIG_ND
?SetPointOriginalPAFE
?PutFullNameExAPAHH
?FreeRectAI_NIPAM
?AddObjectOriginalKKGD
?IsNotAnchorOldMHID
?RtlDirectoryKPAI
?IncrementKeyNameExAPAHKDE
?IsDateWXKHD
?InsertAppNameExPA_NDPANJ
?LoadModuleNewJM
?AddMutantOldEKPAHHN
?InstallAppNameFHFPAJN
?CopyHeightExAFJGH
?GlobalFunctionPAJFPAKPAE
?HideValueExAXG
?ModifyDialogXPAIPAJ
?RtlFileExAPAGPAHE
?IsValidProcessPAJJ
?SetDeviceADJDJ
?CallOptionIPAKPAIJ
?IsNotComponentWPAXPAJPAMN
?SendOptionOldFFPAJJ
?RemoveComponentExXDDEN
?FreeProfileExWXPAEFPAF
?IsNotThreadWPAXF
?HideClassExPAXM
?FreeProfileAXPAHIEI
?HideArgumentNewKPAEKPAJ
?GlobalSizeExWHDKPA_N
?InstallDialogWXJ
?GetConfigExAXHEPAI
?CopyVersionExAFJH
?ModifyStringOriginalKPAE
?RemoveDeviceExXH
?IsExpressionOldPA_NPAGE
?GlobalVersionPAKPAIFDE
?FormatProviderExX_N
?HideWindowExAXPA_NE
?GenerateFolderPathNewFPAEGNH
?KillKeyboardOriginal_NF
?HideWidthExPAJFPADPADI
?CancelVersionExGKGPAJJ
?FindFileOldPAXPAKPAKG
?GlobalHeightNM
?FreeKeyboardExAJPAD
?GenerateFilePathNewDDJHM
?CallPathOriginalFKN
?InvalidateDataExWJPADPAEH
?TestingServ@@YGXUtest@CA7
?HideValueOriginalXKJDI
?IsValidPenWPAD_NGG
?ModifyFolderPathNewEKPAJ_N
?CancelWindowAXJPAJ
?FormatFolderExWKJENJ
?IsPathNewPA_NIMM
?SetKeyboardOldGPAGE
?CallWindowInfoWPAKPA_NDPAM
?MediaTypeExWMPAG
?PutSemaphoreExWJPAEF
?EnumDataNewPAEHKKH
?FreeDirectoryPAGGJF
?ModifyFullNameOldIPAN
?GlobalTimeWIK
?IsThreadExAPAXDJ
?LoadThreadMD
?RtlArgumentFPAKJG
?ShowProfileExFG
?ExpressionAPAM_NI
?OnMutantPAJND
?InsertSizeAKIEI
?IsValidValueWMKPAIEI
?CrtVersionExAPAJFFEPAD
?IsNotFileNewFPAH
?ModifyMemoryExA_NEPAEPAD
?InstallProjectExWFPAFD
?CopyCommandLineAPAEPAHGIPAE
?RemoveStateOldMGI

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jeep
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rase
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cold
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imode
Size: 512B - Virtual size: 316B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mode
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.heso
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.snap
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bost
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vort
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.defo
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d318be9f002d1355cbc58025bc8b6d06

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 3KB - Virtual size: 31KB

.jeep Size: 5KB - Virtual size: 4KB

.rase Size: 512B - Virtual size: 128B

.cold Size: 512B - Virtual size: 51B

.imode Size: 512B - Virtual size: 316B

.mode Size: 512B - Virtual size: 64B

.heso Size: 512B - Virtual size: 64B

.snap Size: 512B - Virtual size: 332B

.bost Size: 9KB - Virtual size: 9KB

.vort Size: 9KB - Virtual size: 9KB

.defo Size: 14KB - Virtual size: 14KB

.reloc Size: 11KB - Virtual size: 11KB

.rsrc Size: 7KB - Virtual size: 6KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 3KB - Virtual size: 31KB

.jeep
Size: 5KB - Virtual size: 4KB

.rase
Size: 512B - Virtual size: 128B

.cold
Size: 512B - Virtual size: 51B

.imode
Size: 512B - Virtual size: 316B

.mode
Size: 512B - Virtual size: 64B

.heso
Size: 512B - Virtual size: 64B

.snap
Size: 512B - Virtual size: 332B

.bost
Size: 9KB - Virtual size: 9KB

.vort
Size: 9KB - Virtual size: 9KB

.defo
Size: 14KB - Virtual size: 14KB

.reloc
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 7KB - Virtual size: 6KB