JaffaCakes118_7b29e9ab51d3bdabde942c8da805d991

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_7b29e9ab51d3bdabde942c8da805d991
Size

391KB
MD5

7b29e9ab51d3bdabde942c8da805d991
SHA1

e7b65e9a457db22345971b0a00f66468a9a0a0b7
SHA256

78468eaefce5c2b6928e65b6dad9d8ef6a107e3ce5b41a3e6be8ceaca8c6e4d6
SHA512

35ba4c5f6b017ef2d652a93d83c514be966e4c6e70168bbcf4c5505e75e9e9db9f608322a84bd9f01c132a493ee72d327bc2664941cfc6ce393b55f75c30d9ba
SSDEEP

6144:EJYEfES83VkAbIQpT+v1iGcEEBXiCb/14mQ/K3nUNU0CIuR+SYVR+K:KIS83VJbhpT+v1tEnN4LUx8SsRp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_7b29e9ab51d3bdabde942c8da805d991

Files

JaffaCakes118_7b29e9ab51d3bdabde942c8da805d991
.exe windows:5 windows x86 arch:x86

12f669a4867d2d43793827cc05524605

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NO_BIND

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_SYSTEM

PDB Paths

F:\date\lookout\SMTP\identities\UI.pdb

Imports

kernel32

GetLastError
lstrcmpiA
GetProcAddress
GetProcessHeaps
LoadLibraryA
GetConsoleScreenBufferInfo
lstrcmpiW
FillConsoleOutputAttribute
CloseHandle
GetFileInformationByHandle
GetSystemTime
LocalFileTimeToFileTime
SetStdHandle
WriteConsoleW
SetFilePointer
FlushFileBuffers
GetConsoleMode
GetConsoleCP
HeapReAlloc
HeapSize
RtlUnwind
LoadLibraryW
Sleep
GetStringTypeW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
GetStdHandle
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
FreeEnvironmentStringsW
GetModuleFileNameA
MultiByteToWideChar
LCMapStringW
WideCharToMultiByte
LeaveCriticalSection
EnterCriticalSection
HeapCreate
GetModuleFileNameW
WriteFile
IsProcessorFeaturePresent
GetCurrentProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
SetLastError
GetModuleHandleW
TlsFree
DecodePointer
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetConsoleCursorPosition
GetConsoleWindow
FindResourceExA
ExitProcess
GetEnvironmentStrings
GetUserDefaultLangID
FormatMessageA
GetProcessHeap
FreeEnvironmentStringsA
GetEnvironmentStringsW
HeapFree
SystemTimeToFileTime
HeapAlloc
LoadResource
FindResourceExW
lstrcpynA
lstrlenA
CreateFileA
EncodePointer
IsValidCodePage
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
RaiseException
GetStartupInfoW
HeapSetInformation
GetCommandLineA
FillConsoleOutputCharacterA
GetCommandLineW
QueryPerformanceCounter
CreateFileW

user32

MoveWindow
GetWindow
DestroyMenu
DestroyIcon
GetClientRect
DestroyWindow
SetCursor
GetClassNameA
GetSystemMenu
CreateDialogParamA
SendDlgItemMessageA
DeleteMenu
LoadBitmapA
UpdateWindow
LoadMenuA
CreateMenu
SetFocus
GetWindowTextLengthA
SendMessageA
GetIconInfo
GetDC
GetMenu
GetWindowTextA
CreateWindowExA
GetClassNameW
GetDlgItem
DefWindowProcA
ShowWindow
SetMenu
SetWindowTextA
SendMessageW

gdi32

SetWindowOrgEx
BitBlt
SetViewportOrgEx
SetWindowExtEx
GetDeviceCaps
CreateFontIndirectA
CreateBitmap
DeleteObject
SelectObject
CreateCompatibleDC
CombineRgn
SetMapMode
RealizePalette
StretchDIBits
SelectPalette
SetStretchBltMode
CreateRectRgn
SetViewportExtEx
GetPixel
CreateCompatibleBitmap

comdlg32

FindTextW

shell32

DragFinish
SHGetFolderPathA
SHGetFolderPathW
DragQueryFileA
CommandLineToArgvW
Shell_NotifyIconA

ole32

CoInitialize
CreateBindCtx

netapi32

NetWkstaUserGetInfo

version

GetFileVersionInfoW

shlwapi

PathAppendA
StrRChrA

comctl32

ImageList_Create
ImageList_AddMasked

msi

ord40

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 61KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12f669a4867d2d43793827cc05524605

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

shell32

ole32

netapi32

version

shlwapi

comctl32

msi

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 183KB - Virtual size: 183KB

.data Size: 61KB - Virtual size: 68KB

.rsrc Size: 81KB - Virtual size: 80KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 183KB - Virtual size: 183KB

.data
Size: 61KB - Virtual size: 68KB

.rsrc
Size: 81KB - Virtual size: 80KB

.reloc
Size: 7KB - Virtual size: 7KB