01caa0a740e5b8cef2aa35e171cab079_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

01caa0a740e5b8cef2aa35e171cab079_JaffaCakes118
Size

140KB
MD5

01caa0a740e5b8cef2aa35e171cab079
SHA1

1afc2dc76a55504bb251fd6709228984c09a6d96
SHA256

6b278f13ff98c1cdc61927f223d738fe2ec224967dbd579652c930c73a11409f
SHA512

15c93dd49276eccc8a1c0edd4c5e3b96af4af98f0424a0512af36397973fb560b66a97d0d344e6bffde8d9f0d412a8d75bc259a43852dec2cbf3162cca472985
SSDEEP

3072:7HjtJPT81W+oSCUn1abwbicy300gP4Sw9PEfkQpOAN:77bq1QwGce0iSw9PE8zAN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
01caa0a740e5b8cef2aa35e171cab079_JaffaCakes118

Files

01caa0a740e5b8cef2aa35e171cab079_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9ca4e6b7645e5eb136ada7c3ce3b2ed9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Y:\UoyZzumdfxfFg\cqptZBSYxve\uuQQmvwrGvkq.pdb

Imports

shlwapi

PathIsUNCA

comdlg32

PrintDlgW
ChooseColorW
GetSaveFileNameA
ChooseFontW
GetOpenFileNameW

user32

SendMessageA
GetFocus
LoadImageW
DestroyCaret
GetKeyboardLayoutList
GetClassInfoExA
ShowScrollBar
CharUpperBuffA
CreateAcceleratorTableW
SetWindowPlacement
GetNextDlgTabItem
SendNotifyMessageW
RemoveMenu
wsprintfA
DrawFrameControl
SendDlgItemMessageW
MessageBoxExW
GetWindow
FindWindowExW
GetMenuItemInfoW
UpdateWindow
GetMenuItemRect
SetLastErrorEx
InflateRect
DrawTextA
IsZoomed
DeferWindowPos
GetNextDlgGroupItem
RegisterHotKey
IsDialogMessageA
IsCharUpperA
DialogBoxIndirectParamA
GetUpdateRect
PostThreadMessageA
GetSystemMenu
CallWindowProcA
SetWindowPos
SystemParametersInfoA
CreatePopupMenu
SetPropW
ChildWindowFromPointEx
LockWindowUpdate
GetUserObjectInformationA
AppendMenuA
GetClassInfoExW
InsertMenuItemW
IsDialogMessageW
LoadCursorA
DispatchMessageW
GetMenuItemID
GetIconInfo
GetCaretPos
EnableWindow
ReplyMessage
WindowFromPoint
GetMessageW
GetTopWindow
ScrollWindowEx
DrawEdge
FillRect
GetMonitorInfoW
RegisterWindowMessageW
BeginPaint
ArrangeIconicWindows
RegisterWindowMessageA
SendInput
SetMenu
MapVirtualKeyA
GetMessageExtraInfo
DestroyMenu
AllowSetForegroundWindow
InSendMessage
RemovePropW
SetForegroundWindow
DrawStateA
OpenIcon
CharLowerBuffW
MonitorFromRect
GetCursorPos
RegisterClassW
CheckMenuItem
BeginDeferWindowPos
SetDlgItemTextA
GetDlgItem
IsCharAlphaW
CreateDialogParamW
OemToCharBuffA
LoadMenuA
GetMenuState
GetWindowTextLengthW
CheckRadioButton
DefWindowProcA
DefFrameProcA
IsWindowUnicode
GetKeyState
CharToOemA
TileWindows
DestroyAcceleratorTable
IsWindow
DrawMenuBar
MapVirtualKeyExW
DestroyIcon
GetClipCursor
MessageBoxW
LoadIconW
ScrollWindow
SetCursorPos
ModifyMenuW
GetPropW
HiliteMenuItem
InvalidateRgn
AppendMenuW
EndDialog
SetWindowLongW
TranslateMessage
MessageBoxExA
ValidateRect
LoadImageA
CopyRect
GetClassLongW
SetRect

msvcrt

atoi
strcspn
vsprintf
isalnum
strtok
perror
strncpy
free
wcscspn
fwrite
_controlfp
time
iswdigit
__set_app_type
wcstod
fread
isdigit
__p__fmode
toupper
printf
__p__commode
_amsg_exit
puts
_initterm
fseek
clearerr
isupper
_ismbblead
towlower
malloc
isxdigit
setvbuf
fputs
mbstowcs
_XcptFilter
memset
atol
strerror
strtoul
_exit
swprintf
_cexit
fgets
__setusermatherr
iswctype
__getmainargs
qsort
realloc
wcstoul
strrchr

kernel32

TlsGetValue
FreeResource
RemoveDirectoryW
Sleep
LCMapStringW
CreateNamedPipeA
SetFilePointer
ResumeThread
CreatePipe
lstrcpyA
GetStartupInfoA
lstrlenW
GetCommConfig
AreFileApisANSI
GetWindowsDirectoryA
RegisterWaitForSingleObject
SetSystemTime
VirtualFree
WaitCommEvent
SetPriorityClass
GetFileAttributesExW
lstrcatW
TlsSetValue
VirtualProtect
GlobalFindAtomW
FileTimeToDosDateTime
IsBadWritePtr
GetTimeFormatA
CreateWaitableTimerA
GlobalMemoryStatus
SetFileTime
SuspendThread
SetHandleInformation
GetShortPathNameA
OpenFile
ResetEvent
GetCommState
FormatMessageW
CreateEventA
HeapWalk
RemoveDirectoryA
SetThreadPriority
GetLastError
SearchPathW
InitializeCriticalSection
GlobalAddAtomW
GetBinaryTypeA
GetSystemDefaultUILanguage
ExitThread
DeleteFileA
SetTimerQueueTimer
VirtualQuery
GetDateFormatA
EnumSystemLocalesA
DisconnectNamedPipe

Exports

Exports

?ForwardControlItem@@YGK_KK:O

Sections

.itext
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ips1
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ips2
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.read
Size: 1024B - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ips3
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ips4
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ca4e6b7645e5eb136ada7c3ce3b2ed9

Headers

File Characteristics

PDB Paths

Imports

shlwapi

comdlg32

user32

msvcrt

kernel32

Exports

Exports

Sections

.itext Size: 21KB - Virtual size: 21KB

.ips1 Size: 6KB - Virtual size: 5KB

.ips2 Size: 512B - Virtual size: 88B

.read Size: 1024B - Virtual size: 124KB

.ips3 Size: 1024B - Virtual size: 704B

.data Size: 3KB - Virtual size: 2KB

.ips4 Size: 31KB - Virtual size: 31KB

.rsrc Size: 73KB - Virtual size: 72KB

.reloc Size: 2KB - Virtual size: 1KB

.itext
Size: 21KB - Virtual size: 21KB

.ips1
Size: 6KB - Virtual size: 5KB

.ips2
Size: 512B - Virtual size: 88B

.read
Size: 1024B - Virtual size: 124KB

.ips3
Size: 1024B - Virtual size: 704B

.data
Size: 3KB - Virtual size: 2KB

.ips4
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 73KB - Virtual size: 72KB

.reloc
Size: 2KB - Virtual size: 1KB