257becec016be46c01d19ad4d362c860_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

257becec016be46c01d19ad4d362c860_JaffaCakes118
Size

94KB
MD5

257becec016be46c01d19ad4d362c860
SHA1

08aded7a6aa437c1e20423b226b54d49c4f2e005
SHA256

cd4642f75a5003c84a0d9842fd9362455f92614362436d584a08d14c5b345329
SHA512

63b20e3f1f48519d0b7f6c25c40da80a7891c7f89d53c5a07e2568e71c05336957e252f7cd015f0cf257519d063640d47ecfe9ff54c32dd0e73989b589525e3c
SSDEEP

1536:v0mZgNVE2xENUT97Y++IjgeU4Ew2Vh0fiHmZMQqv9utPeSFZT:MmZgs2xaU5s+NjzEvD0nZMQqm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
257becec016be46c01d19ad4d362c860_JaffaCakes118

Files

257becec016be46c01d19ad4d362c860_JaffaCakes118
.exe windows:13 windows x86 arch:x86

7e94f792da26445a4a61d4af031c443f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\Motor Life\Rotor.pdb

Imports

user32

IsWindow
GetMenuItemRect

kernel32

lstrcatW

shlwapi

ChrCmpIW
UrlGetPartA
StrCatChainW
UrlIsOpaqueA
PathIsFileSpecA
StrChrW
ord29

Exports

Exports

?GlobalKeyboardExFEPAJDE
?GetExpressionExPAXPAIK
?CrtHeaderOriginalPAGGPADPAFG
?HeightOriginalXGKFPAG
?InvalidateCommandLinePAHGNKPAK
?ModifyComponentNewJGEN
?CrtPathExAJH
?KillSystemAKPAG
?HidePointExPAKPAGJ
?GetFolderNewID
?ValidateTaskExWEG_ND
?SendDialogEx_NH
?FormatMessageExAFHDPAGD
?LoadHeaderNewPAGFPAHHK
?SetConfigOldFPAIF
?FindWindowInfoADG
?ValidateOptionNewEPAJPAHPAK
?CloseExpressionWDEK
?FindFunctionExAPAEPAHDD
?OnMediaTypeEKPANH
?CrtFolderPathExWPAMFPAM
?GlobalWidthWXN
?CancelWindowInfoAIPAFF
?OnPointerOldHMH
?FreeFolderPathOriginalPAME
?GlobalMemoryNewEGFPAEPAG
?ShowFilePathXK
?InsertDeviceWXPAJMN
?FormatPathExAPA_ND
?GenerateStateExAHPADMHPAM
?SetMonitorExWHPAFPAEJPAN
?FormatAnchorExWHHNPAH
?PutDialogOldMIKNJ
?KillProviderAJN
?InvalidateScreenNewXPAH
?GenerateRectAKDE
?InstallNameOriginalJPAINPAJ
?SendMutantExAPANJH
?FolderPathExADGEPAG
?AddPointerPAEE
?CallEventExWPADKEEF
?PutDateWXG
?GlobalFilePathNewIKFPAG
?CrtWidthOriginalFFFPAJ
?IsNotCommandLineExAPAMPAKDG
?RemoveStatePAJHPAEM
?DecrementHeaderOldPAHJPAH_NE
?DeleteSemaphoreOriginalPAGHIIF
?ShowWindowInfoExWPAFG
?EnumDialogXPAJPAKD
?IsNotWindowOldKPAI
?SendPathExWM_N
?DecrementFullNameWIIPA_N
?FindPathJPAEJPAEJ
?FormatListItemNew_NPAMF
?CopyProfileWHGKG
?RtlWindowAIPAKPAGPAG
?IsNotFunctionAHDIGN
?SendPenExWMIDJPAJ
?LoadPointPAEHGE
?AddObjectOldPAEH
?IsMessageK_N
?CancelComponentExAXPAF
?FormatHeightOriginalXPAFFFPAK
?FreeFileOriginalKPAGPAD
?SetPointerExWGMJGJ
?OnWidthExXPAHPAD
?FreePenExMI
?SetOptionExW_NKPAGMPAK
?CloseMessageWHH
?DeleteFilePathOldIE
?IncrementFileExPAXPAFG
?SetDeviceExWPAFJFPAHPAK
?CloseWindowPAHIJPAJPAF
?GlobalDateExAGPAMIIPAM
?FreePathExWNGPANPAMG
?PutDateExWKN
?ShowTaskNewPAJG
?FormatDate_NI
?SendDataAKPAGPANFPAH
?CloseTimerOriginalPAHDMI
?HideFunctionOldIGPAHMF
?InsertSemaphorePAXDG
?DeleteProjectNewEMIKPAE
?CancelVersionExWPAXDF
?IncrementListItemExIG
?RtlProfileExWPAXN_NM
?AddDataAKF
?ShowPointerAPAEEPAHPADPAD
?PutSectionNewIPAHPAD
?HideValueExKD_N
?GetMemoryExAMNPAEGPAD
?RtlKeyNameOriginalPAJHPAJF
?LoadDialogOldEPAJPAIN
?MutexJFK
?InstallThreadAFFGPAHD
?GenerateComponentExPAJJIG
?InsertListItemExWPAHMPAK
?HideTimerWPAHKPAI
?GenerateWindowExWKPAGEFI
?AddWindowInfoWDF
?HideOptionAGPAKFPAEK
?InstallWidthExA_NJ
?SetClassPAEIPAG
?DecrementFileOriginalPA_NFGPA_NPAM
?ShowPathExAGHPAM_NI
?GenerateNameXPAIH
?CrtEventExWPAFPADPAD
?HidePathWXHPAFEF
?RemoveHeightWXKGNN
?IsNotFilePathOldJPAHM
?CancelWindowNewIPAEFDG
?SendPenExAPAFK
?ValidateCharExPAXPAH
?GetHeaderFNI
?KillSystemOldX_NDDH
?InvalidateDateTimeAJKKPAKH
?EnumDirectoryAFK
?FindListJPANJ
?CancelSectionPAXJ
?ShowVersionExWGFM
?IsWindowInfoWEJ
?IsHeaderANEFPAI
?GetEventOldXJPADM
?ModifyTaskNewMGG
?RtlAnchorExWMEN
?TestingServ@@YGXUtest@CA7
?AddFunctionOriginalPAFIPAE
?AddListWFI
?DeletePointAIPAEG
?InvalidateOptionNewPAEDFEJ
?KillListItemExWMPAEN
?IncrementSectionExAPAGEMDK
?HideNameExFI
?EnumStringAKEPAJN
?SetProjectExAPAEHF
?RtlConfigWE_NPAED
?OnCommandLineOriginalPADFJG
?IsValidFolderPathExAPAG_NKEM
?AddConfigXJMPAE
?HideModuleExAPAEII
?GetMutexAXI
?CloseMutantExPAXPAI
?IsNotComponentAHIPA_N
?FindComponentExMPAH
?IsComponentExAXGPAHPAI
?CancelHeaderFPAF
?IsNotCommandLineWKPAN
?RtlWindowInfoFFPAG
?DeleteAnchorNew_NJ
?DecrementVersionExWPAFH

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dop1
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.must
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ping
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dop4
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dop3
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dop2
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e94f792da26445a4a61d4af031c443f

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.dop1 Size: 10KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 27KB

.must Size: 5KB - Virtual size: 4KB

.ping Size: 512B - Virtual size: 64B

.dop4 Size: 10KB - Virtual size: 10KB

.dop3 Size: 10KB - Virtual size: 10KB

.dop2 Size: 10KB - Virtual size: 10KB

.reloc Size: 11KB - Virtual size: 11KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 28KB

.dop1
Size: 10KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 27KB

.must
Size: 5KB - Virtual size: 4KB

.ping
Size: 512B - Virtual size: 64B

.dop4
Size: 10KB - Virtual size: 10KB

.dop3
Size: 10KB - Virtual size: 10KB

.dop2
Size: 10KB - Virtual size: 10KB

.reloc
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 2KB