2f6e63d4e3047d9e46af7b0b6c7ec211_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2f6e63d4e3047d9e46af7b0b6c7ec211_JaffaCakes118
Size

754KB
MD5

2f6e63d4e3047d9e46af7b0b6c7ec211
SHA1

e743219d033fd2ae3460c2b764632fb7b2b99b43
SHA256

7b5fda9e1c053626d77e81c5c6ed8071b8086a145261d996c72f7372c0e4fc6f
SHA512

12c6948fac3da30501965b3fcee85a5ab34946bcecc06f689278e40e2b7ea55cba14334a92d8ef889cf94e2056ac36640395eb0f5e9a4d408a5424cb90f8c05c
SSDEEP

1536:GsxjMvEEDJdW4hj5vxiH89Rl3B/yqvxiH89Rl3B/y:XEDJ44hlx9Xacx9Xa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2f6e63d4e3047d9e46af7b0b6c7ec211_JaffaCakes118

Files

2f6e63d4e3047d9e46af7b0b6c7ec211_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1cbcf0cc5ab7b4473b260b4167fffcb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\johan\Documents\Visual Studio 2015\Projects\birdfont-windows\Release\birdfont.pdb

Imports

libbirdfont

bird_font_tab_content_draw
bird_font_tab_content_button_press
bird_font_tab_content_button_release
bird_font_printd
bird_font_tab_content_double_click
bird_font_tab_content_scroll_wheel_down
bird_font_tab_content_scroll_wheel_up
bird_font_tab_content_key_release
bird_font_tab_content_key_press
bird_font_main_window_get_glyph_canvas
bird_font_tab_bar_draw
bird_font_widget_allocation_new
bird_font_tab_bar_select_tab_click
bird_font_tab_bar_motion
bird_font_native_window_get_type
bird_font_task_get_type
bird_font_main_window_get_toolbox
bird_font_search_paths_set_resources_folder
bird_font_background_tool_load_background_image
bird_font_menu_tab_signal_file_loaded
bird_font_font_load
bird_font_menu_tab_signal_file_saved
bird_font_font_save
bird_font_menu_tab_start_background_thread
bird_font_get_version
bird_font_menu_tab_stop_background_thread
bird_font_export_callback_export_fonts
bird_font_description_display_set_copyright_editable
bird_font_main_window_show_message
bird_font_bird_font_get_current_font
bird_font_toolbox_set_tool_visible
bird_font_main_window_show_license_dialog
bird_font_main_window_set_native
bird_font_main_window_new
bird_font_toolbox_scroll_up
bird_font_toolbox_scroll_down
bird_font_toolbox_move
bird_font_toolbox_release
bird_font_toolbox_press
bird_font_toolbox_draw
bird_font_bird_font_set_settings_directory
bird_font_file_dialog_tab_add_drive_letter
bird_font_bird_font_init_gettext
bird_font_task_run
bird_font_set_logging
bird_font_bird_font_init
bird_font_bird_font_new
bird_font_font_set_default_license
bird_font_key_bindings_has_shift
bird_font_key_bindings_has_ctrl
bird_font_tab_content_reset_modifier
bird_font_menu_tab_quit
bird_font_recent_files_load_font
bird_font_main_window_open_recent_files_tab
bird_font_main_window_get_tab_bar
bird_font_toolbox_set_allocation
bird_font_preview_get_uri
bird_font_font_display_get_name
bird_font_bird_font_load_font_from_command_line
bird_font_toolbox_cache_all_tools
bird_font_menu_tab_show_file_dialog_tab
bird_font_tab_get_display
bird_font_key_bindings_set_modifier
bird_font_preview_get_html_path
bird_font_tab_content_motion_notify
bird_font_menu_tab_signal_file_exported

libcairo-2

cairo_create
cairo_scale
cairo_surface_flush
cairo_win32_surface_get_dc
cairo_destroy
cairo_surface_destroy
cairo_win32_surface_create_with_dib

cefclient

?bfCefResize@@YAXHHHH@Z
?bfCefDispatch@@YAXXZ
?bfCefInit@@YAPAUHWND__@@PAUHINSTANCE__@@0PA_WHPAU1@PBD@Z
?bfCefStart@@YAHPAUHINSTANCE__@@PA_W@Z
?bfLoadUrl@@YAXPBD@Z
?bfCefClose@@YAXXZ

libglib-2.0-0

g_free
g_log
g_utf16_to_utf8
g_log_set_default_handler
g_log_set_handler
g_return_if_fail_warning
g_strcmp0
g_strdup
g_strrstr
g_utf8_to_utf16
g_strndup
g_main_context_default
g_main_context_acquire
g_main_context_pending
g_once_init_leave
g_once_init_enter
g_main_context_release
g_main_context_iteration

libgobject-2.0-0

g_object_unref
g_type_init
g_signal_connect_object
g_object_ref
g_object_new
g_type_class_peek_parent
g_type_interface_peek_parent
g_type_register_static
g_type_add_interface_static
g_type_check_instance_cast

donated

?is_plus@@YA_NXZ
?has_donated@@YA_NXZ

kernel32

QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineW
lstrcmpW
LocalFree
GetCurrentProcessId
GetModuleFileNameW
InitializeCriticalSection
GlobalLock
GlobalUnlock
GlobalFree
CreateThread
CreateDirectoryW
AllocConsole
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLogicalDrives
GlobalAlloc

user32

BeginPaint
ShowCursor
PostQuitMessage
SetClipboardData
EmptyClipboard
EndPaint
CloseClipboard
GetClipboardData
OpenClipboard
RegisterClipboardFormatW
DefWindowProcW
SetFocus
GetClientRect
DispatchMessageW
CallMsgFilterW
TranslateMessage
TranslateAcceleratorW
GetMessageW
SetTimer
SetForegroundWindow
ShowWindow
CreateWindowExW
RegisterClassW
LoadCursorW
GetSysColorBrush
SendMessageW
GetSystemMetrics
LoadImageW
GetWindowRect
InvalidateRect
MoveWindow
IsClipboardFormatAvailable

gdi32

DeleteObject
SelectObject
BitBlt
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap

shell32

CommandLineToArgvW
DragAcceptFiles
DragQueryFileW

gdiplus

GdipDisposeImage
GdipSaveImageToFile
GdipCloneImage
GdipLoadImageFromFile
GdipFree
GdipAlloc
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdiplusShutdown

vcruntime140

strstr
__telemetry_main_invoke_trigger
memcpy
__telemetry_main_return_trigger
memset
_except_handler4_common

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
free

api-ms-win-crt-stdio-l1-1-0

freopen
__p__commode
__stdio_common_vfprintf
__acrt_iob_func
_set_fmode

api-ms-win-crt-runtime-l1-1-0

_initterm_e
exit
_exit
_cexit
_c_exit
_initterm
_get_wide_winmain_command_line
_register_thread_local_exe_atexit_callback
_configure_wide_argv
terminate
_controlfp_s
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_set_app_type
_initialize_wide_environment

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 725KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cbcf0cc5ab7b4473b260b4167fffcb4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

libbirdfont

libcairo-2

cefclient

libglib-2.0-0

libgobject-2.0-0

donated

kernel32

user32

gdi32

shell32

gdiplus

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 725KB - Virtual size: 724KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 725KB - Virtual size: 724KB

.reloc
Size: 2KB - Virtual size: 1KB