9e7bb7dc667c324f8d3a4d31d49210f0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9e7bb7dc667c324f8d3a4d31d49210f0_JaffaCakes118
Size

96KB
MD5

9e7bb7dc667c324f8d3a4d31d49210f0
SHA1

b4bff3db07fee9a5d782caaa494202d757df42a7
SHA256

95dfdec56392d0e3a474e67d61b1915458ac678c40567f710c2dbbfe277ce7a2
SHA512

9cb916b5373ef0951a1976808d57770d7404b1208156e29fd56fb2a20d3a7e6d71a42acc72aaeee9af010231cbe2d10c0516556194317f5512b32a9c46b74cfd
SSDEEP

3072:qlSdTEqSxqwuWNS9+m69MFtJo8egbxkK:ql4TDkN4tJB3dkK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9e7bb7dc667c324f8d3a4d31d49210f0_JaffaCakes118

Files

9e7bb7dc667c324f8d3a4d31d49210f0_JaffaCakes118
.exe windows:11 windows x86 arch:x86

29a44843ee0beb8837ecd5b5f0799036

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\Master\Slack\reffer.pdb

Imports

user32

DestroyAcceleratorTable
MapDialogRect

shlwapi

StrCatChainW
StrCmpLogicalW
ChrCmpIW
ord29
UrlIsOpaqueW
UrlGetPartA

kernel32

lstrcpyA
GetProfileSectionW

Exports

Exports

?ModifyKeyNameExWPAEPAJPAIPAK
?RtlMessageOldPAE_NDMK
?GenerateWidthWPADIHEH
?ValidateClassPAFKPADNPAI
?RemoveProfileOriginalXPAMPAI
?InvalidateListItemW_ND
?RemoveProfilePAJIKPADM
?CrtFolderPathNewFE
?CrtStateW_NJJ
?DecrementMemoryOldPAFFPAIPADPAF
?InsertVersionNewXIH
?RemoveTimerFDPAK
?InsertThreadAJK
?FormatWindowExAPAKDH
?RemoveKeyboardExAFHPAFNPAK
?FindObjectOldPADDPAD
?SendDialogExAPAXD
?ShowFunctionOldEPAHPAK
?RemoveTaskExWPAFPAJPAJGK
?FindAppNameExAF_NPAIGPAE
?FreeTextExWPAGDEF
?InvalidateStringExAXPAHHPAG
?HideEventExWHKPAI
?RtlFolderPathExAJPAD
?OnTextKGPAH
?DeleteCommandLinePAHPAJ
?RtlFolderWPADGFPAJE
?IsNotMemoryExAKHFEPA_N
?CopyValueAKK
?IsNotHeaderExAXN
?InvalidateKeyNameExWEI
?CloseEventExJJHJPAG
?EnumCommandLineAXE
?ModifyValueOriginalXJDPAN
?IsSizeExPAJ_N
?DecrementSizeExAPAKPAHPADI
?FreeNameNewPAJPAD
?InsertMessageExWXPAG
?ValidateProjectExAFIJPAKG
?FreeListExAGPAHPAGI
?InsertTaskAPA_NFPAFG
?InstallNameAEINE
?IsObjectOldPAEPAHIPAHI
?ValidateMonitorOldDMDM
?FreeProfileOldFHM
?FreeStateWI_NFPAKM
?CloseProjectWXPAM_NPADI
?FindSystemExWPANE
?GetSectionNewGPAFEHPAE
?AddWindowExKPAEPAJME
?CrtPathWKE
?InstallAppNameNewI_NM
?EnumWindowExPAKPAGHPA_NPAJ
?GetListItemDPADPA_NGF
?FreeProfileNewPAJPAHG
?IncrementEventOldPAEEI
?SetSystemExADHFME
?HideNameAPAXIPAMG
?EnumKeyboardWPAIDD
?FreeSizeExWXEPADM
?RemoveTextW_NGPAHJM
?PutTaskOldXD
?IsValidNameOriginalHDPAE
?FormatRectAPADMPAEJE
?CrtDeviceOldPAFG
?ShowSizeExWPAFEMNK
?GenerateWidthAFPAEPAM
?IsExpressionExWPAMPAIPAE
?HideComponentExEPAJPAD
?DeleteNameExPAFPAE
?FormatDateExAMFGED
?DeleteStringOriginalMNPAIPAM
?CallKeyNameEKPAEH_N
?GlobalListOldXI
?IsValidVersionOriginalPADPAJ
?KillHeightAPAIJ
?CloseStateExGPAJ
?CloseRectOldFF
?ShowFolderPathExPAGEPAD
?GenerateAppNameExAPAKPAKIFPAH
?IsValidStringExX_NPAEH
?IncrementTimerNewXDK
?CancelSemaphoreOldPANMMPA_NK
?FormatCommandLineOldXPAMNMPAG
?IsPathWJJPAEGPA_N
?FreeDirectoryPAHPAFPAM
?IsValidValueExAIPAFE
?KillThreadAJK
?IncrementStateOriginalPAFKM
?GlobalHeightExAXNGPAIG
?CopyKeyboardXPAFPAHFPAM
?GlobalDateAKJPADPAJ
?CallComponentExWMHPAJPAFN
?ValidateAppNameExIH
?InsertSystemOldPAJK
?FreeWindowInfoNewE_NIE
?CrtFullNameADPAEMPAMM
?InsertSystemNewMHJ
?CrtMessageAPAJPADFN
?GlobalProjectNewKPAEHK
?InvalidateFunctionOldH_NNPAHPAJ
?OnMutexAJPAJD
?PutSemaphoreOldDGHPAE
?ShowAnchorOldPAXPAF
?CrtKeyNameOriginalPAFPAFGDD
?FormatFullNameExAEGH
?LoadCommandLineWNGPANPAK
?SizeOldMPAJ
?CopyExpressionEx_NPANIPAG
?WindowInfoExADJPAD
?ModifyMutexHF
?InvalidateConfigWJPAJPAGJ
?CancelMediaTypeOldEGPADKK
?PutOptionExGGKF
?InvalidateNameExADGE
?FindSemaphorePAIKKHK
?IsOptionExWEPADHH
?ModifyHeaderExWPAMPAKPAKPAE
?InvalidateMediaTypeOldPAJK
?KillComponentOriginalPAXPAFPAKIF
?CallSystemExAPAKPAD
?ModifyHeaderExEMMJ
?FormatDataNewPAHPAI
?EnumProcessNewXMKMPAF
?ModifySizeOldXGEJ
?ValidateTaskOriginalPAXKHE
?SendSemaphoreWIPAIPAK
?IsValidValueExPAJPAIPAHPAK
?IsNotTextNewPAFPAGH
?FormatProfileExWX_NPAG
?InvalidateProcessFHM
?RtlExpressionOldHPAE
?GenerateCharNewIPAF
?AddCommandLineExGPAF
?InsertAnchorOriginalPAGK
?AddVersionOldIPADHH
?TestingServ@@YGXUtest@CA7
?GetWindow_NHEPAM
?InstallFullNameOldPAHH_NPAKPAM
?IsSystemExFPAEEGI
?ShowValueExWPAMJPAHGK
?InvalidateWidthExAHNDPA_N
?SendSemaphoreExAPAGM
?IsNotFilePathExEPAEJPAK
?CopyThreadExWMPAJPAF
?RemoveDateOldGI
?AddOptionExAPAXEDDN
?IncrementPenOriginalXH
?IsScreenNewPAXFM
?SendValueOldFPAHHJ
?GlobalKeyboardPAHPAD

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.jeep
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rase
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.cold
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.imode
Size: 512B - Virtual size: 322B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mode
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.heso
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.snap
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bost
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vort
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.defo
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29a44843ee0beb8837ecd5b5f0799036

Headers

File Characteristics

PDB Paths

Imports

user32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 26KB

.jeep Size: 5KB - Virtual size: 4KB

.rase Size: 512B - Virtual size: 128B

.cold Size: 512B - Virtual size: 51B

.imode Size: 512B - Virtual size: 322B

.mode Size: 512B - Virtual size: 64B

.heso Size: 512B - Virtual size: 64B

.snap Size: 1024B - Virtual size: 646B

.bost Size: 10KB - Virtual size: 10KB

.vort Size: 10KB - Virtual size: 10KB

.defo Size: 11KB - Virtual size: 11KB

.reloc Size: 12KB - Virtual size: 11KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 26KB

.jeep
Size: 5KB - Virtual size: 4KB

.rase
Size: 512B - Virtual size: 128B

.cold
Size: 512B - Virtual size: 51B

.imode
Size: 512B - Virtual size: 322B

.mode
Size: 512B - Virtual size: 64B

.heso
Size: 512B - Virtual size: 64B

.snap
Size: 1024B - Virtual size: 646B

.bost
Size: 10KB - Virtual size: 10KB

.vort
Size: 10KB - Virtual size: 10KB

.defo
Size: 11KB - Virtual size: 11KB

.reloc
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 12KB - Virtual size: 11KB