0d772e84327605a2b95be3e21afd010c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0d772e84327605a2b95be3e21afd010c_JaffaCakes118
Size

200KB
MD5

0d772e84327605a2b95be3e21afd010c
SHA1

f26a16bcfe519a78aa0c1334fa8f055c17c85d0f
SHA256

f6ba05edf905066dc03f1dbad5cb66f87a1c313e869cd4ffb7127f4964702e96
SHA512

36db79f664e87db530096a2de883f990928276d337a88d3e1cf5bda4c077febd11daa82257e09c69fc46a0b2e95eb249f173e825c18eac3e8f1fbcc54dc96f6b
SSDEEP

3072:mF7nxpBe51jg+4BRgUDO7BdSeb5lttbrXsYs8JOLxh:O1pB+154YT579TvAl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d772e84327605a2b95be3e21afd010c_JaffaCakes118

Files

0d772e84327605a2b95be3e21afd010c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc20ac11b243196264178a539a92cf42

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Program Files\Xig.pdb

Imports

user32

DeferWindowPos
CreateMenu
UnregisterHotKey
LoadCursorA
TranslateMessage
GetWindowLongA
BeginDeferWindowPos
GetClassInfoExA
EnumWindows
CallNextHookEx
RegisterWindowMessageA
DefWindowProcA
ReleaseDC
FillRect
TrackPopupMenu
DrawFrameControl
PostMessageA
SetWindowLongA
IsDialogMessageA
GetActiveWindow
AppendMenuA
SetClipboardData
DestroyWindow
SendMessageA
IsClipboardFormatAvailable
SendDlgItemMessageA
CheckRadioButton
SetForegroundWindow

mprapi

MprAdminInterfaceDelete
MprConfigTransportCreate
MprConfigServerRestore
MprAdminPortGetInfo
MprAdminPortEnum
MprAdminPortDisconnect
MprAdminPortClearStats
MprAdminInterfaceConnect
MprAdminInterfaceCreate
MprConfigTransportDelete
MprAdminInterfaceDeviceGetInfo
MprAdminInterfaceGetCredentialsEx
MprAdminInterfaceSetCredentials

usp10

ScriptStringGetOrder
ScriptStringAnalyse
ScriptJustify
ScriptItemize
ScriptGetGlyphABCWidth
ScriptStringOut

kernel32

GetModuleHandleA
SetConsoleCtrlHandler
ReadFile
SetEndOfFile
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LCMapStringW
LCMapStringA
GetSystemInfo
VirtualProtect
GetLocaleInfoA
VirtualQuery
InterlockedExchange
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
CreateFileA
FlushFileBuffers
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
HeapSize
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetFilePointer
GetCurrentProcess
TerminateProcess
GetProcAddress
RemoveDirectoryA
TlsAlloc
GetProfileStringW
GetTempPathA
HeapFree
HeapAlloc
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
GetVersionExA
GetLastError
CloseHandle
WriteFile
ExitProcess

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 88KB - Virtual size: 690KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc20ac11b243196264178a539a92cf42

Headers

File Characteristics

PDB Paths

Imports

user32

mprapi

usp10

kernel32

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 56KB - Virtual size: 53KB

.data Size: 88KB - Virtual size: 690KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 56KB - Virtual size: 53KB

.data
Size: 88KB - Virtual size: 690KB

.reloc
Size: 8KB - Virtual size: 7KB