29c3e6924bce697db1fb964f73dea4a6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

29c3e6924bce697db1fb964f73dea4a6_JaffaCakes118
Size

201KB
MD5

29c3e6924bce697db1fb964f73dea4a6
SHA1

9f5cdec85081df9c5528629aab043d3bfa93041a
SHA256

c41f1b224cdff8e3e4f7e893a61403b40b3a999914ec13a4194b9f3bd9631fd8
SHA512

025d22482eeef76fc77fce93dff57e4f8156c7952ceaffded34db56e9b3fbd4debcd4ec6d721c2098bcc506b50020bf72fbe0643b0b61c3bd3b6b09a722171ce
SSDEEP

6144:NcUcxVD01TbgHV2zdayD8Eu8XOzLP0NDa37rJVN0S/:N+xiUHVWdatEhe2u37rJs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
29c3e6924bce697db1fb964f73dea4a6_JaffaCakes118

Files

29c3e6924bce697db1fb964f73dea4a6_JaffaCakes118
.exe windows:11 windows x86 arch:x86

2ae99847441fc9c7b9c28b364e23e8ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\Call\Heap\font.pdb

Imports

user32

MapDialogRect
DestroyAcceleratorTable

shlwapi

UrlIsOpaqueW
PathIsNetworkPathA
StrCatChainW
ord29
ChrCmpIW
StrChrA
UrlGetPartA

kernel32

lstrcatW

Exports

Exports

?SetProviderJPAHJK
?HideStateExWDF
?CopyDateNewXFJPAE
?CrtValueOldPAHM
?KillStringExGPAMF
?EnumTimerJMPAFJ
?KillKeyboardIPAN_NFH
?KillFilePathWGPAHIDH
?CopyFilePathExWJ_N
?LoadWindowInfoOriginalXPANPAGPA_N
?FreeModulePAFDPAE
?SetSizePAJII
?IsValidKeyboardKIEF
?InvalidateAppNameOldPAHJ
?GlobalWindowOldPAGPAIFPAMPAF
?SendTaskWPADPAGHKE
?FindFile_NPAFHJPAG
?EnumListItemGF
?CloseListItemAXDGK
?InstallFolderOldKPAFPAD
?CallFolderPathOld_NJD
?FunctionOldPAXE
?CallAppNameOldJPAK
?DecrementProviderEKMPAH
?IsFunctionAEPAD
?DeletePointWPAXE_NPAFD
?CloseProfileNewPAXPAJJG
?FindOptionNewXKMEPAI
?RtlProfileMDPAIHK
?IsNotProviderPADPAGKM
?GetSemaphoreOriginalK_NMPAKK
?LoadTextOriginalHPAHPAHMPAI
?OnConfigExMPAI
?CancelThreadAMPAG
?LoadPointerMPAIPAGPAF
?FreeFileNewPAFPAJF
?ModifyAnchorOld_NIPAKPAG
?AddWidthOldMK
?TestingServ@@YGXUtest@CA7
?GenerateOptionExAPAFPAEK
?EnumModuleOldHMH
?CopyModuleNewFFPANPAH
?CancelDateExAXH
?DecrementMessageOldMFK
?SendDataAJFFPANPAK
?LoadPointerExAPAXFFPAG
?CrtCharAHPAD
?KillStateNewPAJIPAGPADJ
?AddFilePathExWPAGKPAFJ
?InsertFunctionAXPAHG
?CancelAppNameOldJHJ
?RemovePointExAPAEKNPAK
?CopyFileExJI
?InvalidateMemoryHDNIK
?InstallThreadNewPAN_N
?SetPenXIPAG
?IsValidFilePathExWGPAH
?IncrementKeyboardNewXPAJK
?FindAnchorExAGI
?DeleteProfileAG_NHD
?CallDataOriginalXFNK
?CloseProfilePAXDPAENI
?PutMemoryOldII
?InstallKeyNameExAHK
?CancelTimeExAMEH_NN
?CloseProcessW_NGDPAK
?SetPathExAEGH
?OnMessageAJPAJPAFPAFH
?AddObjectWEFE
?ModifyKeyboardWKMPAFME
?OnNameExAPAX_N
?InsertDirectoryOldX_NPAMFI
?IsWindowInfoDM
?GetThreadADFGJ
?HideHeightOriginalDD
?FreeTextPAXF
?CloseProviderOriginalJPAGPAE
?ValidateVersionNJD
?DecrementOptionAMGPAF
?KillTaskExAXJJDPAD
?CloseAnchorAIIPAK
?AddHeightOriginalEIPAM
?CopyProcessOriginalHPAJIE
?CrtKeyNameExAHK
?DeleteWidthPAMGIE
?ValidateExpressionKPADH
?ShowClassOldJPAFPAMHPAD
?RtlProviderExAGDPAK
?SendConfigExDM
?FindFolderPathWNPAF_NPAF
?IsArgumentNewXM
?EnumKeyNameWPAJNJ
?InstallTimeEx_NE_N
?CallDataOldPAGJ
?EnumDataXPAHKJPAI
?IsNotKeyboardExWDPAHEE
?InvalidateSizeNewXK
?InsertFileOldXPAMPANPAK
?CloseWindowOriginalKD
?LoadSemaphoreExAPAIE
?CloseArgumentAPAMPAD_NE
?ConfigPAXHJPAE_N
?HideKeyboardExAPAJEFPAI
?CancelListExWXPAH
?ArgumentExWGPAJ
?CrtMutantExPAJJJFN
?SendCharWNPAMJMD
?ValidatePointerAMPAMPAEI
?PutAppNameExAMPAIM
?ModifyClassExAEDIGK
?ShowWindowInfoOriginalPAXKFPAH
?LoadTimerOriginalPAGDK
?GenerateStateOldKMPAH
?AddModuleNewGPAI
?FormatHeaderExWDEPAG
?RemoveObjectExAXH_NPAD
?CloseMutexExAFPAHJGPAE
?IsNotPenAFEPAF
?GlobalSystemNewX_NK
?RemovePenAKPAFPAK
?SetListIPAHPAFME
?SendHeightExGEJIPAJ
?PutWidthOldPAHG
?ShowScreenW_NH
?PutPathPAGI
?GlobalFilePathExWPADEPAID
?IsNotExpressionWXPAD
?CallMessageExAXG
?ModifyFullNameExAHPAIK
?ValidateFunctionOriginalPAGKH
?FormatScreenWFNHJ
?ModifyObjectWJPAMPADEPA_N
?LoadConfigExXM
?CancelSizeNewEPAM
?FindFunction_NPAGHF
?SendDirectoryExWPAMPAGDPAJPAI
?CrtCharOldPAXNI
?IsValidStringNewXHPAD
?KillClassOriginalFPAKI
?IsNotDateTimeExWEMPAI
?CopyArgumentNewPAXEH
?EnumDataExWXJ
?CallDateExIPAK
?PutPenExWEN
?OnFullNameExAEIH
?HideDateTimeExJPAGPAM_NPAF
?LoadMutexExAPAGIPAK
?GlobalPenOldXPAK
?DeleteStateNewME
?ValidateKeyNameWPAKF
?GlobalTimeWPANPADHPAJ

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.must
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ping
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dop4
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dop3
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dop2
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dop1
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ae99847441fc9c7b9c28b364e23e8ef

Headers

File Characteristics

PDB Paths

Imports

user32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.data Size: 5KB - Virtual size: 41KB

.must Size: 5KB - Virtual size: 4KB

.ping Size: 512B - Virtual size: 64B

.dop4 Size: 31KB - Virtual size: 31KB

.dop3 Size: 31KB - Virtual size: 31KB

.dop2 Size: 31KB - Virtual size: 31KB

.dop1 Size: 33KB - Virtual size: 32KB

.reloc Size: 32KB - Virtual size: 31KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 28KB - Virtual size: 28KB

.data
Size: 5KB - Virtual size: 41KB

.must
Size: 5KB - Virtual size: 4KB

.ping
Size: 512B - Virtual size: 64B

.dop4
Size: 31KB - Virtual size: 31KB

.dop3
Size: 31KB - Virtual size: 31KB

.dop2
Size: 31KB - Virtual size: 31KB

.dop1
Size: 33KB - Virtual size: 32KB

.reloc
Size: 32KB - Virtual size: 31KB

.rsrc
Size: 2KB - Virtual size: 1KB