d8d7c9135cf801501a787fef9b77d09b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

d8d7c9135cf801501a787fef9b77d09b_JaffaCakes118
Size

560KB
MD5

d8d7c9135cf801501a787fef9b77d09b
SHA1

b13ca8a3c0f7a09bc4ec841d6396ce2886da5ce4
SHA256

7795e943de64578ae3041fdad8671c084bec5f0783990206d76b3c54297f13a4
SHA512

005d574aba8877f4d12d57e65c0c195e8b0e01832c3dda670d2110aef4f908b6068fce6d669bfb62d94b195ec24ce48a2bd5c7924d2d2104267c6527e331aad7
SSDEEP

12288:HbW49SBrQ6wCPHZTFx7V2QYkY7NkY8HeMAh8SF6UZ:HbW49SBrQ6wctFxM/kUkYUedhrF6G

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d8d7c9135cf801501a787fef9b77d09b_JaffaCakes118

Files

d8d7c9135cf801501a787fef9b77d09b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0ca8fd97d93758c8e87d0cc6211bc089

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

H:\moved\referenced\GPRS\challengi.pdb

Imports

kernel32

LoadLibraryW
WriteConsoleW
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
GetLocaleInfoW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
FreeEnvironmentStringsW
GetModuleFileNameA
CloseHandle
GetTimeZoneInformation
CreateFileA
SetLastError
TlsFree
TlsSetValue
WaitForSingleObject
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
FlushFileBuffers
HeapAlloc
ReadFile
GetModuleFileNameW
ExitProcess
GetModuleHandleW
HeapCreate
IsProcessorFeaturePresent
GetConsoleMode
GetConsoleCP
WriteFile
CreateFileW
SetEndOfFile
GetProcessHeap
CompareStringW
lstrcpyA
GetVersion
GetModuleHandleA
WritePrivateProfileStringA
LoadLibraryA
GetProcAddress
lstrcmpiA
GetLastError
GetStartupInfoA
GetExitCodeProcess
Sleep
GetPrivateProfileIntA
GetEnvironmentStrings
GetCommandLineA
GetTickCount
GetCurrentThreadId
FreeEnvironmentStringsA
SetStdHandle
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetEnvironmentVariableA
GetFileType
TlsGetValue
GetEnvironmentStringsW
MoveFileExA
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
GetCPInfo
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
RtlUnwind
RaiseException
GetStartupInfoW
HeapSetInformation
GetDateFormatA
lstrlenA
GetEnvironmentVariableW
SetFilePointer
GetFullPathNameA
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapFree
GetTimeFormatA

user32

GetDialogBaseUnits
DialogBoxParamA
SetClipboardData
UpdateWindow
SetWindowTextA
GetSystemMetrics
DispatchMessageA
EndPaint
ClientToScreen
DestroyWindow
GetMessageA
CloseClipboard
GetClassNameA
GetWindowRect
CreateDialogParamA
InsertMenuItemA
GetWindowDC
DrawIconEx
SetMenuItemBitmaps
CopyImage
LoadBitmapA
GetParent
IsWindowEnabled
wsprintfA
WindowFromPoint
GetClientRect
SendMessageA
SetRectEmpty
BeginPaint
GetDC
TranslateMessage
GetMenu
GetWindowTextA
CheckMenuRadioItem
MessageBoxA
GetWindowLongA
ReleaseDC
EmptyClipboard
DefWindowProcA
GetDesktopWindow
GetSysColor
SetWindowPos
GetMenuItemInfoA
ShowWindow
EnumDesktopsA

gdi32

GetTextExtentPoint32A
SetTextColor
DeleteDC
CreateFontA
GetDeviceCaps
SetBkColor
CreateDCA
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CombineRgn
CreateCompatibleBitmap
SaveDC
CreateRectRgn
Polyline
CreatePen
GetStockObject
RestoreDC
TextOutA
PatBlt

winspool.drv

GetPrinterA
FindFirstPrinterChangeNotification
ClosePrinter
OpenPrinterA
EnumPrintersA
FindClosePrinterChangeNotification
EnumJobsA

comdlg32

FindTextW

advapi32

AccessCheckByType

shell32

FindExecutableA

oleaut32

OleSavePictureFile

msimg32

GradientFill

shlwapi

StrToIntExA
UrlCompareA
wnsprintfA
PathUnmakeSystemFolderA

comctl32

ImageList_AddMasked
InitCommonControlsEx
ImageList_Create

Exports

Exports

Out

Sections

.text
Size: 357KB - Virtual size: 356KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ca8fd97d93758c8e87d0cc6211bc089

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

comdlg32

advapi32

shell32

oleaut32

msimg32

shlwapi

comctl32

Exports

Exports

Sections

.text Size: 357KB - Virtual size: 356KB

.rdata Size: 110KB - Virtual size: 109KB

.data Size: 49KB - Virtual size: 57KB

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 357KB - Virtual size: 356KB

.rdata
Size: 110KB - Virtual size: 109KB

.data
Size: 49KB - Virtual size: 57KB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 12KB - Virtual size: 11KB