85e6ab0501aff24ac859e62c64fe4d00_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

85e6ab0501aff24ac859e62c64fe4d00_JaffaCakes118
Size

94KB
MD5

85e6ab0501aff24ac859e62c64fe4d00
SHA1

c91a6f3a4f2bfa583324bd5559bf8261dfd4e49d
SHA256

b325e5b7e23935ca86509bd25d4fee870006fe4e6cadbd350d05fcfca197a337
SHA512

c79ba8b88d86aad7a14faca91389ee17af161b59bc10911856187d6c3494507baa5cb40c5ce8da1e8c31dcde8dab50578d35027703541683ab8124cac19a048f
SSDEEP

1536:j0mZgNVE2xENUT97Y++IjgeU4Ew2Vh0fiHmZMQqv9utPeSFZT:QmZgs2xaU5s+NjzEvD0nZMQqm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
85e6ab0501aff24ac859e62c64fe4d00_JaffaCakes118

Files

85e6ab0501aff24ac859e62c64fe4d00_JaffaCakes118
.exe windows:13 windows x86 arch:x86

7e94f792da26445a4a61d4af031c443f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\Motor Life\Rotor.pdb

Imports

user32

IsWindow
GetMenuItemRect

kernel32

lstrcatW

shlwapi

ChrCmpIW
UrlGetPartA
StrCatChainW
UrlIsOpaqueA
PathIsFileSpecA
StrChrW
ord29

Exports

Exports

?GlobalKeyboardExFEPAJDE
?GetExpressionExPAXPAIK
?CrtHeaderOriginalPAGGPADPAFG
?HeightOriginalXGKFPAG
?InvalidateCommandLinePAHGNKPAK
?ModifyComponentNewJGEN
?CrtPathExAJH
?KillSystemAKPAG
?HidePointExPAKPAGJ
?GetFolderNewID
?ValidateTaskExWEG_ND
?SendDialogEx_NH
?FormatMessageExAFHDPAGD
?LoadHeaderNewPAGFPAHHK
?SetConfigOldFPAIF
?FindWindowInfoADG
?ValidateOptionNewEPAJPAHPAK
?CloseExpressionWDEK
?FindFunctionExAPAEPAHDD
?OnMediaTypeEKPANH
?CrtFolderPathExWPAMFPAM
?GlobalWidthWXN
?CancelWindowInfoAIPAFF
?OnPointerOldHMH
?FreeFolderPathOriginalPAME
?GlobalMemoryNewEGFPAEPAG
?ShowFilePathXK
?InsertDeviceWXPAJMN
?FormatPathExAPA_ND
?GenerateStateExAHPADMHPAM
?SetMonitorExWHPAFPAEJPAN
?FormatAnchorExWHHNPAH
?PutDialogOldMIKNJ
?KillProviderAJN
?InvalidateScreenNewXPAH
?GenerateRectAKDE
?InstallNameOriginalJPAINPAJ
?SendMutantExAPANJH
?FolderPathExADGEPAG
?AddPointerPAEE
?CallEventExWPADKEEF
?PutDateWXG
?GlobalFilePathNewIKFPAG
?CrtWidthOriginalFFFPAJ
?IsNotCommandLineExAPAMPAKDG
?RemoveStatePAJHPAEM
?DecrementHeaderOldPAHJPAH_NE
?DeleteSemaphoreOriginalPAGHIIF
?ShowWindowInfoExWPAFG
?EnumDialogXPAJPAKD
?IsNotWindowOldKPAI
?SendPathExWM_N
?DecrementFullNameWIIPA_N
?FindPathJPAEJPAEJ
?FormatListItemNew_NPAMF
?CopyProfileWHGKG
?RtlWindowAIPAKPAGPAG
?IsNotFunctionAHDIGN
?SendPenExWMIDJPAJ
?LoadPointPAEHGE
?AddObjectOldPAEH
?IsMessageK_N
?CancelComponentExAXPAF
?FormatHeightOriginalXPAFFFPAK
?FreeFileOriginalKPAGPAD
?SetPointerExWGMJGJ
?OnWidthExXPAHPAD
?FreePenExMI
?SetOptionExW_NKPAGMPAK
?CloseMessageWHH
?DeleteFilePathOldIE
?IncrementFileExPAXPAFG
?SetDeviceExWPAFJFPAHPAK
?CloseWindowPAHIJPAJPAF
?GlobalDateExAGPAMIIPAM
?FreePathExWNGPANPAMG
?PutDateExWKN
?ShowTaskNewPAJG
?FormatDate_NI
?SendDataAKPAGPANFPAH
?CloseTimerOriginalPAHDMI
?HideFunctionOldIGPAHMF
?InsertSemaphorePAXDG
?DeleteProjectNewEMIKPAE
?CancelVersionExWPAXDF
?IncrementListItemExIG
?RtlProfileExWPAXN_NM
?AddDataAKF
?ShowPointerAPAEEPAHPADPAD
?PutSectionNewIPAHPAD
?HideValueExKD_N
?GetMemoryExAMNPAEGPAD
?RtlKeyNameOriginalPAJHPAJF
?LoadDialogOldEPAJPAIN
?MutexJFK
?InstallThreadAFFGPAHD
?GenerateComponentExPAJJIG
?InsertListItemExWPAHMPAK
?HideTimerWPAHKPAI
?GenerateWindowExWKPAGEFI
?AddWindowInfoWDF
?HideOptionAGPAKFPAEK
?InstallWidthExA_NJ
?SetClassPAEIPAG
?DecrementFileOriginalPA_NFGPA_NPAM
?ShowPathExAGHPAM_NI
?GenerateNameXPAIH
?CrtEventExWPAFPADPAD
?HidePathWXHPAFEF
?RemoveHeightWXKGNN
?IsNotFilePathOldJPAHM
?CancelWindowNewIPAEFDG
?SendPenExAPAFK
?ValidateCharExPAXPAH
?GetHeaderFNI
?KillSystemOldX_NDDH
?InvalidateDateTimeAJKKPAKH
?EnumDirectoryAFK
?FindListJPANJ
?CancelSectionPAXJ
?ShowVersionExWGFM
?IsWindowInfoWEJ
?IsHeaderANEFPAI
?GetEventOldXJPADM
?ModifyTaskNewMGG
?RtlAnchorExWMEN
?TestingServ@@YGXUtest@CA7
?AddFunctionOriginalPAFIPAE
?AddListWFI
?DeletePointAIPAEG
?InvalidateOptionNewPAEDFEJ
?KillListItemExWMPAEN
?IncrementSectionExAPAGEMDK
?HideNameExFI
?EnumStringAKEPAJN
?SetProjectExAPAEHF
?RtlConfigWE_NPAED
?OnCommandLineOriginalPADFJG
?IsValidFolderPathExAPAG_NKEM
?AddConfigXJMPAE
?HideModuleExAPAEII
?GetMutexAXI
?CloseMutantExPAXPAI
?IsNotComponentAHIPA_N
?FindComponentExMPAH
?IsComponentExAXGPAHPAI
?CancelHeaderFPAF
?IsNotCommandLineWKPAN
?RtlWindowInfoFFPAG
?DeleteAnchorNew_NJ
?DecrementVersionExWPAFH

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dop1
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.must
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ping
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dop4
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dop3
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dop2
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e94f792da26445a4a61d4af031c443f

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 28KB - Virtual size: 28KB

.dop1 Size: 10KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 27KB

.must Size: 5KB - Virtual size: 4KB

.ping Size: 512B - Virtual size: 64B

.dop4 Size: 10KB - Virtual size: 10KB

.dop3 Size: 10KB - Virtual size: 10KB

.dop2 Size: 10KB - Virtual size: 10KB

.reloc Size: 11KB - Virtual size: 11KB

.rsrc Size: 2KB - Virtual size: 2KB

.text
Size: 28KB - Virtual size: 28KB

.dop1
Size: 10KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 27KB

.must
Size: 5KB - Virtual size: 4KB

.ping
Size: 512B - Virtual size: 64B

.dop4
Size: 10KB - Virtual size: 10KB

.dop3
Size: 10KB - Virtual size: 10KB

.dop2
Size: 10KB - Virtual size: 10KB

.reloc
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 2KB - Virtual size: 2KB