524dc2e86541e357b8d54ebf5235a665_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

524dc2e86541e357b8d54ebf5235a665_JaffaCakes118
Size

352KB
MD5

524dc2e86541e357b8d54ebf5235a665
SHA1

fb71855d020d3727aeb8d52eec12304a3d6d3bb5
SHA256

a6510ace010cf2bddd60f5e4b79ebd43fd33f7be7a10ec357309771d0121eaad
SHA512

dafbfb03b3ae87914eac5ebac86cc87bee5590881d917677ed5dbc18e4bce81e80537fb8ed83faa883e8e395b201e98e533382ffd16e229c04f3b73b1df5c450
SSDEEP

6144:EVk9RF4tvzDDzJMon6d/ed0SRdATt3XMoDEnEh:EVk9zYe/e2G6ZnDkY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
524dc2e86541e357b8d54ebf5235a665_JaffaCakes118

Files

524dc2e86541e357b8d54ebf5235a665_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3f5f0595447e3de262bf2bb0b13d8bd5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\documents and settings\administrator\desktop\compare.1.5.6.1\notepad++\plugins\ComparePlugin.pdb

Imports

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW

kernel32

FormatMessageW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CreateFileA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
InitializeCriticalSection
GetLocaleInfoW
GetLocaleInfoA
LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LocalFree
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
HeapSize
CloseHandle
SetFilePointer
ReadFile
Sleep
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
VirtualAlloc
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
GlobalFree
FindResourceW
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GetModuleHandleW
GetModuleFileNameW
lstrcpyW
lstrlenW
lstrcmpW
WritePrivateProfileStringW
GetPrivateProfileIntW
SetEndOfFile
CreateFileW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapAlloc
HeapReAlloc
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
WriteFile

user32

SystemParametersInfoW
GetSystemMetrics
ClientToScreen
DrawTextW
CreateCursor
SetCursor
EndDialog
GetDlgItemInt
SetDlgItemInt
DialogBoxParamW
PostQuitMessage
SetClassLongW
ReleaseCapture
SetCapture
GetCapture
GetDC
BeginPaint
EndPaint
GetWindowTextW
LoadImageW
GetMenuState
MessageBoxW
SendMessageA
ModifyMenuW
CreateDialogIndirectParamW
SetFocus
GetMenu
CheckMenuItem
DestroyCursor
CreateDialogParamW
FrameRect
GetSysColor
SendDlgItemMessageW
SendMessageW
SetWindowLongW
GetWindowLongW
CallWindowProcW
GetWindowDC
FillRect
GetFocus
InflateRect
DrawFocusRect
ReleaseDC
RedrawWindow
DestroyWindow
SetWindowPos
IsWindowVisible
GetWindowRect
GetClientRect
InvalidateRect
UpdateWindow
MoveWindow
ShowWindow
GetDlgItem
EnableMenuItem

gdi32

CreateCompatibleDC
SetTextColor
SetBkColor
CreateFontIndirectW
DeleteDC
CreateCompatibleBitmap
GetObjectW
SetStretchBltMode
StretchBlt
Rectangle
SetPixel
SetBkMode
GetStockObject
CreatePen
SelectObject
MoveToEx
LineTo
CreateSolidBrush
DeleteObject

comdlg32

ChooseColorW

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

Exports

Exports

beNotified
getFuncsArray
getName
isUnicode
messageProc
setInfo

Sections

.text
Size: 140KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3f5f0595447e3de262bf2bb0b13d8bd5

Headers

File Characteristics

PDB Paths

Imports

shlwapi

kernel32

user32

gdi32

comdlg32

shell32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 137KB

.rdata Size: 28KB - Virtual size: 26KB

.data Size: 8KB - Virtual size: 24KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 12KB - Virtual size: 11KB

.text Size: 152KB - Virtual size: 152KB

.text
Size: 140KB - Virtual size: 137KB

.rdata
Size: 28KB - Virtual size: 26KB

.data
Size: 8KB - Virtual size: 24KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 11KB

.text
Size: 152KB - Virtual size: 152KB