3c342715481a92c962a4d4df525cd7ab_JaffaCakes118

General

Target

3c342715481a92c962a4d4df525cd7ab_JaffaCakes118
Size

157KB
MD5

3c342715481a92c962a4d4df525cd7ab
SHA1

70faa5d2ab3c745ecaf30d4508df47ff2da1855d
SHA256

5b5a89ace18e3bbd57933e0d5b5babcc7c9d5292c264b6127f897a81038e3cb5
SHA512

2909072cf174aab424abaf4d500ea73296f4816daf13d46aff1638747b06dee121e6d69481ada7497a663c6b11a94e284c996cbe657439a4899663bbb4d323f8
SSDEEP

3072:advLpchEWnE6CC46wNNSzYpkjG/P7TGkzKA7Frq6pV:kvcEgCCyNQwyYKAxnpV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c342715481a92c962a4d4df525cd7ab_JaffaCakes118

Files

3c342715481a92c962a4d4df525cd7ab_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1c6839e54ccb4a38d621163f259c29b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\FomIF\jgnPodS\ycZU\bixXB.pdb

Imports

gdi32

Escape
CreateICW
SelectObject
CreateRectRgn
SetLayout
GetTextExtentPointA
GetBkMode

msvcrt

memcpy
_wcslwr
_wcsupr

shlwapi

StrCatBuffW
StrCpyNW
PathGetArgsA

kernel32

GetVersionExW
IsBadReadPtr
IsBadWritePtr
GetCommandLineA
lstrlenW
LCMapStringA
TryEnterCriticalSection
MoveFileA
GetStartupInfoA
GetCommandLineW
lstrcpynW
FileTimeToLocalFileTime
GlobalFindAtomW

user32

SetForegroundWindow
SetInternalWindowPos
UnloadKeyboardLayout
SetCursorPos
CharPrevA
ArrangeIconicWindows
CharToOemA
GetUserObjectInformationA
GetPropW
InternalGetWindowText
IsWindowEnabled
SwitchToThisWindow
SendMessageA

Exports

Exports

?Omziiofopengv@@YGJPAM@Z
?_CeeivnDzWgpvpwzrcy@@YGKPAJ@Z
?BuxfQxPtpwjewtk@@YGJD@Z
?XemeenKy@@YGPAXK@Z
?ZnrqtizycgwmfAm@@YGPAIFH@Z
?_TlvpyhyeqHxJ@@YGIPAD@Z

Sections

.text
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 229KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c6839e54ccb4a38d621163f259c29b0

Headers

File Characteristics

PDB Paths

Imports

gdi32

msvcrt

shlwapi

kernel32

user32

Exports

Exports

Sections

.text Size: 29KB - Virtual size: 29KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 5KB - Virtual size: 229KB

.rsrc Size: 113KB - Virtual size: 113KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 29KB - Virtual size: 29KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 5KB - Virtual size: 229KB

.rsrc
Size: 113KB - Virtual size: 113KB

.reloc
Size: 3KB - Virtual size: 2KB