0de972db2cf8b0ab131f8b3f53c8cbf7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0de972db2cf8b0ab131f8b3f53c8cbf7_JaffaCakes118
Size

484KB
MD5

0de972db2cf8b0ab131f8b3f53c8cbf7
SHA1

3c17383c47ee9cf2157e056aa5bca98d9cc3ebeb
SHA256

b4d2db9c06ac1b2d13a9088ed24445351a166ccfe1d34eee9b23f41a36f2395d
SHA512

18092b5cd79df2ac8d6234da3cc5db6fb4d41641f6c515c8f09ea008c092158eac0d61e41b5f2eaece64636275855b9b575b4662d97a39fe7e2972c062d1c0bd
SSDEEP

12288:drPLdg7LLcbvRDhLtzz0G9iQVRQkkw1J0K+ct/:VP+LovZhpzj3kIJ0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0de972db2cf8b0ab131f8b3f53c8cbf7_JaffaCakes118

Files

0de972db2cf8b0ab131f8b3f53c8cbf7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

62c374a0a4a66e8f6e99c112d94ee00a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\vqc\vueqe\jbyeea.pdb

Imports

user32

EnumPropsW
SetWindowWord
SetClassLongW
DispatchMessageW
SetShellWindow
DeleteMenu
InvertRect
GetMenuDefaultItem
RegisterClassExA
GetListBoxInfo
RegisterClassA
GetProcessDefaultLayout
UpdateWindow
ChangeMenuA
ModifyMenuA
BringWindowToTop
SetRect
DestroyCaret
SendMessageTimeoutA
SetWindowPlacement
SetWindowRgn
EnableWindow
TrackPopupMenu
DrawMenuBar

kernel32

CompareStringW
GetProcAddress
GetStringTypeA
GetVersionExA
GetStartupInfoW
GetLocaleInfoW
HeapCreate
CreateMutexA
GetACP
SetHandleCount
EnumSystemLocalesA
ExitProcess
FreeEnvironmentStringsW
SetLastError
EnterCriticalSection
GetCurrentProcess
GetDateFormatA
GetCurrentThreadId
GetOEMCP
GetTimeFormatA
SetFilePointer
VirtualProtect
LCMapStringA
GetSystemTimeAsFileTime
DeleteCriticalSection
WriteConsoleOutputAttribute
IsBadWritePtr
TlsAlloc
FlushFileBuffers
SetStdHandle
TlsSetValue
TlsGetValue
GetLastError
GetStartupInfoA
GetCommandLineA
IsValidCodePage
GetCPInfo
QueryPerformanceCounter
MultiByteToWideChar
InitializeCriticalSection
GetStdHandle
OpenMutexA
InterlockedExchange
GetSystemInfo
WriteFile
LoadLibraryA
VirtualFree
CompareStringA
HeapAlloc
GetFileType
ReadFile
HeapReAlloc
LeaveCriticalSection
UnhandledExceptionFilter
GetCurrentThread
GetUserDefaultLCID
GetModuleFileNameA
GetLocaleInfoA
GetEnvironmentStrings
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStringsW
HeapFree
WideCharToMultiByte
SetEnvironmentVariableA
TransactNamedPipe
GetModuleFileNameW
HeapSize
GetCurrentProcessId
LCMapStringW
HeapDestroy
TerminateProcess
IsValidLocale
TlsFree
VirtualQuery
GetModuleHandleA
CloseHandle
RtlUnwind
VirtualAlloc
GetTimeZoneInformation
GetTickCount
GetStringTypeW

shell32

RealShellExecuteW
SHGetFileInfoW
SHFormatDrive
DoEnvironmentSubstW
SHQueryRecycleBinA

gdi32

SetViewportExtEx
InvertRgn
GetCharWidth32A
TextOutW
CreateDIBPatternBrushPt
SetTextAlign

comdlg32

ReplaceTextW

comctl32

InitCommonControlsEx

Sections

.text
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62c374a0a4a66e8f6e99c112d94ee00a

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

shell32

gdi32

comdlg32

comctl32

Sections

.text Size: 311KB - Virtual size: 310KB

.rdata Size: 57KB - Virtual size: 82KB

.data Size: 102KB - Virtual size: 102KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 311KB - Virtual size: 310KB

.rdata
Size: 57KB - Virtual size: 82KB

.data
Size: 102KB - Virtual size: 102KB

.rsrc
Size: 12KB - Virtual size: 12KB