006d1f272e17530c938fe39781ef4478_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

006d1f272e17530c938fe39781ef4478_JaffaCakes118
Size

674KB
MD5

006d1f272e17530c938fe39781ef4478
SHA1

29d7dea31639508169496ae1aecb6c89795c7d29
SHA256

d8f4db595da2b6e2afc21ddc00b83405c0a26b336855780b050bc933898f06d4
SHA512

bcc4e44b84b5ba3d4a02d24ab9d0a836d86987105c209ee3102ef7f5710ba58049183362be061cb6f4e41dce5cf3f640244f9449b817b5af96fb046296f1500c
SSDEEP

12288:vWrPeHQLV3z8fXs6QBrEizMv08rCRJC8p49eCotQSr5tmHqgo1+3VK57f:AmHQLVj8fs6QBrO7ynIesSKVo4U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
006d1f272e17530c938fe39781ef4478_JaffaCakes118

Files

006d1f272e17530c938fe39781ef4478_JaffaCakes118
.exe windows:4 windows x86 arch:x86

beece2e64ae785096c1280306edc594b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

k:\mucpol\kuo\renodz\oobtoggtp\odua\oqjdszoqo.pdb

Imports

comdlg32

GetOpenFileNameA
GetSaveFileNameA
GetFileTitleA

user32

GetDC
BeginPaint
SetRect
DrawTextW
EmptyClipboard
ShowWindow
ClientToScreen
GetNextDlgGroupItem
MonitorFromWindow
EnumWindows
SetWindowPos
DefWindowProcW
RegisterClassW
GetWindowPlacement
UpdateWindow
DrawFocusRect
GetAncestor
DestroyAcceleratorTable
GetMenuState
IsWindow
PostMessageW
ReleaseCapture
CreateWindowExW
MessageBoxW
GetCursorPos
RegisterClassExW
CheckMenuItem
GetParent
GetSysColorBrush
KillTimer
GetSystemMenu
UnionRect
GetMenuItemID
MoveWindow
IsChild
CloseClipboard
CreatePopupMenu
ScreenToClient
SetFocus
SetForegroundWindow
IsWindowVisible
GetClassInfoW
SetCursorPos
SetWindowLongW
SystemParametersInfoW
CallNextHookEx
GetActiveWindow
CopyRect
LoadCursorW
IsIconic
DestroyIcon
SetCapture
FrameRect
GetDCEx
PostQuitMessage
GetClientRect
SetScrollPos
DispatchMessageW
GetMenuDefaultItem
GetDlgCtrlID
BringWindowToTop
SetRectEmpty
GetScrollPos
GetWindowTextLengthW
EndPaint
GetMenuStringW
WaitMessage
InvalidateRect
DestroyMenu
DestroyWindow
GetSysColor
SendMessageA
GetMessagePos
GetMenuCheckMarkDimensions
ReleaseDC
EnableScrollBar
UnregisterClassA
SetCursor
DispatchMessageA

shell32

SHBrowseForFolderW
DragQueryFileW
SHGetSpecialFolderLocation
ord155

advapi32

RegEnumKeyExA
AllocateAndInitializeSid
RegCreateKeyExA
CreateServiceA
GetUserNameA
FreeSid
SetServiceStatus
RegOpenKeyA
GetLengthSid
CloseServiceHandle
OpenSCManagerA
RegSetValueExA
DeleteService
RegQueryValueExA
RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
DeregisterEventSource
RegCloseKey
ReportEventA
RegDeleteKeyA
GetTokenInformation
RegDeleteValueA
OpenProcessToken
OpenServiceA
RegisterEventSourceA
RegEnumValueA
RegQueryInfoKeyA

kernel32

GetSystemInfo
IsValidLocale
GetModuleHandleW
GetFileType
GetStdHandle
SetFilePointer
SetLastError
GetLocaleInfoW
IsBadWritePtr
GetLastError
CompareStringW
GetCPInfo
FlushFileBuffers
EnterCriticalSection
GetStringTypeA
GetModuleHandleA
TlsFree
HeapFree
GetDateFormatA
LCMapStringA
TlsGetValue
SetEnvironmentVariableA
HeapAlloc
RtlUnwind
GetCurrentThread
GetLocaleInfoA
FreeEnvironmentStringsA
WideCharToMultiByte
InterlockedExchange
TlsAlloc
GetOEMCP
FreeEnvironmentStringsW
RaiseException
HeapCreate
ReadFile
HeapReAlloc
GetCurrentThreadId
GetProcAddress
CreateMutexW
GetStartupInfoW
GetVersionExA
IsBadReadPtr
GetEnvironmentStringsW
GetModuleFileNameA
GetCurrentProcess
VirtualProtect
SetStdHandle
LoadLibraryA
GetTimeZoneInformation
GetCommandLineW
QueryPerformanceCounter
GetSystemTimeAsFileTime
MultiByteToWideChar
GetUserDefaultLCID
IsValidCodePage
WriteFile
ExitProcess
GetTickCount
CloseHandle
GetStartupInfoA
SetHandleCount
VirtualQuery
HeapSize
DeleteCriticalSection
CompareStringA
GetModuleFileNameW
TlsSetValue
GetStringTypeW
UnhandledExceptionFilter
IsBadCodePtr
TerminateProcess
InitializeCriticalSection
LCMapStringW
HeapDestroy
VirtualFree
GetTimeFormatA
SetUnhandledExceptionFilter
GetEnvironmentStrings
GetCurrentProcessId
GetCommandLineA
GetACP
VirtualAlloc
FatalAppExitA
SetConsoleCtrlHandler
LeaveCriticalSection

gdi32

SelectObject
SetBkColor
SelectClipRgn
GetPixel
DeleteObject
LineTo
SetBkMode
SetPolyFillMode
EndPage
Rectangle
EndDoc
CreatePolygonRgn
SetStretchBltMode
MoveToEx
GetPaletteEntries
Arc
GetObjectW
SetViewportOrgEx
SetWorldTransform
StretchBlt
PatBlt
BitBlt
CreateRectRgn
StartPage
EndPath
SetBrushOrgEx
SetROP2
SetWindowExtEx
BeginPath
GetRegionData
SetMapMode
CreateFontIndirectW
ExtTextOutW
CreateCompatibleDC
CreateEllipticRgn
SetTextAlign
ExtCreatePen
GetTextExtentPoint32W
SetViewportExtEx
TextOutW
CreateDIBSection
ExtSelectClipRgn
SetTextColor
GetTextCharsetInfo
CreateBitmap
SelectPalette
EnumFontFamiliesExW
GetBkColor
SetPixel
GetStockObject
SaveDC
Ellipse
OffsetRgn
CombineRgn
CreatePalette
GetRgnBox
GetTextMetricsW
GetTextMetricsA
CreateDCW
CreateSolidBrush
RestoreDC
DeleteDC
GetClipBox
GetDIBits
GetCharABCWidthsW
PolyBezier
CreateCompatibleBitmap
CreatePatternBrush
GetWindowExtEx
CreateRectRgnIndirect
Polyline
PtInRegion
RectInRegion
RealizePalette
GetDeviceCaps
Polygon
EqualRgn
RoundRect
GdiFlush
StretchDIBits
SetWindowOrgEx
CreatePen
SetGraphicsMode
StrokePath
GetTextColor

winspool.drv

ord204
ClosePrinter

Sections

.text
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 456KB - Virtual size: 456KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

beece2e64ae785096c1280306edc594b

Headers

File Characteristics

PDB Paths

Imports

comdlg32

user32

shell32

advapi32

kernel32

gdi32

winspool.drv

Sections

.text Size: 89KB - Virtual size: 88KB

.rdata Size: 456KB - Virtual size: 456KB

.data Size: 100KB - Virtual size: 110KB

.rsrc Size: 27KB - Virtual size: 27KB

.text
Size: 89KB - Virtual size: 88KB

.rdata
Size: 456KB - Virtual size: 456KB

.data
Size: 100KB - Virtual size: 110KB

.rsrc
Size: 27KB - Virtual size: 27KB