8b1b9c573430c219995395d93b29b5c7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8b1b9c573430c219995395d93b29b5c7_JaffaCakes118
Size

192KB
MD5

8b1b9c573430c219995395d93b29b5c7
SHA1

79f8fc7d2ffc51cb9915eef0fb2ea68a20ed5747
SHA256

984692f4c0d0fc779b9ead0f588d60af88b571ed6d992e84b0dee05768234215
SHA512

6608253a86cd504d2eb4ac360b06e220b2720e437201c12eeab42db689bafaa68b5931ab691302e04d185acc2537a7d9ee3ca9f6399f5b6e8784d583e7445758
SSDEEP

3072:5xqgb+RLmOoUb7wuP56jquTPei39YLC9Lp6+niHiCfwqxv9E:PqgQ6OTRgmujei3yL66siCuwiE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8b1b9c573430c219995395d93b29b5c7_JaffaCakes118

Files

8b1b9c573430c219995395d93b29b5c7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

cc92192e6e13158dede44830b322b128

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

PDB Paths

assoc2.pdb

Imports

gdi32

GetTextFaceW
GetCurrentObject

kernel32

lstrcmpW
GetThreadLocale
GetUserDefaultLangID
GetUserDefaultLCID
GetLastError
FreeConsole
GetDiskFreeSpaceA
GetProcAddress
GetDiskFreeSpaceW
LoadLibraryW
WritePrivateProfileStringA
GetConsoleScreenBufferInfo
GetSystemDefaultLCID
ReadFileScatter
DeleteTimerQueueTimer
CancelTimerQueueTimer
SetCommBreak
ExitProcess
RemoveDirectoryW
GetConsoleWindow
ExitThread

user32

GetClassNameA
ShowWindow
GetShellWindow

comctl32

FlatSB_GetScrollProp
ImageList_GetImageCount
ImageList_SetDragCursorImage
CreatePropertySheetPageA
InitializeFlatSB
ImageList_LoadImageA
ImageList_Copy
ImageList_LoadImageW
ImageList_GetDragImage
ImageList_DrawEx
ImageList_GetIconSize
ord15
ImageList_EndDrag
ImageList_Duplicate
PropertySheetW
ord17
ImageList_GetIcon
ImageList_SetImageCount
CreateStatusWindowW
PropertySheetA
ord6
ord5
ImageList_DragShowNolock
FlatSB_EnableScrollBar
FlatSB_GetScrollPos
FlatSB_ShowScrollBar

shlwapi

StrDupA
PathFindSuffixArrayA
PathGetCharTypeW
PathParseIconLocationA
StrCpyNW
StrIsIntlEqualA
PathCreateFromUrlW
StrCmpIW
StrRetToBufW
StrFormatKBSizeW
SHRegCreateUSKeyW
UrlIsOpaqueW
UrlHashA
PathRelativePathToA
PathRemoveExtensionA
UrlCompareW
SHCopyKeyW
PathFindSuffixArrayW
SHQueryValueExW
SHRegGetPathA
PathFindNextComponentW
AssocQueryStringW
StrFormatByteSizeA
ord515
PathCanonicalizeW
PathIsFileSpecA
PathSearchAndQualifyA
StrFormatKBSizeA
SHSetValueW
StrNCatA
StrStrNW
UrlEscapeW
PathUnquoteSpacesA

msvcrt

memset

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CDRPART
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CODE
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc92192e6e13158dede44830b322b128

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

kernel32

user32

comctl32

shlwapi

msvcrt

Sections

.text Size: 80KB - Virtual size: 78KB

CDRPART Size: 4KB - Virtual size: 2KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 12KB - Virtual size: 11KB

.edata Size: 8KB - Virtual size: 4KB

CODE Size: 68KB - Virtual size: 66KB

.rsrc Size: 4KB - Virtual size: 704B

.text
Size: 80KB - Virtual size: 78KB

CDRPART
Size: 4KB - Virtual size: 2KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 12KB - Virtual size: 11KB

.edata
Size: 8KB - Virtual size: 4KB

CODE
Size: 68KB - Virtual size: 66KB

.rsrc
Size: 4KB - Virtual size: 704B