222e4b34edec8f07c44d17e98d16c2fd_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

222e4b34edec8f07c44d17e98d16c2fd_JaffaCakes118
Size

588KB
MD5

222e4b34edec8f07c44d17e98d16c2fd
SHA1

b7f84a3bcf21617afa2995f45f3468bda0303f00
SHA256

a32ec14dd67f692d3a4bf1576a82f8754719272e14e8beb0ef51830500a56c30
SHA512

e79f156f722f003284fe8ee86bf575cd85f9d5a8962d88016cbc553eac75f845bb2e190e9b82a11018bff1c8c06b404ac69df0648f7d2099c82f503b1286b9f5
SSDEEP

6144:E6k2FeRSO8G1QwiwSsKp94s96owI9AV187MR+tUAjV2CQk9UTxX9JmDv1W8P5F:Tk20R6GlKXgI9412MRwhyTxX9JmDv/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
222e4b34edec8f07c44d17e98d16c2fd_JaffaCakes118

Files

222e4b34edec8f07c44d17e98d16c2fd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

faca93f159c7d2b6983f233dd4a0171f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\MyWork\WorkProjects\NetNucleosProjects\WhereSphere_Rebranding\gabpath\GabPath_recover_only\code\projets\contextuel_popper\exe\src\SAccRecover\Release_GP\GPRecover.pdb

Imports

rpcrt4

UuidCreate

kernel32

FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
GetVolumeInformationW
GetFullPathNameW
GetShortPathNameW
CreateFileW
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesW
GetFileAttributesW
GetFileTime
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
GetCommandLineA
HeapAlloc
GetProcessHeap
GetStartupInfoA
HeapReAlloc
HeapSize
ExitThread
CreateThread
ExitProcess
Sleep
HeapDestroy
HeapCreate
VirtualFree
SetFilePointer
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetConsoleCtrlHandler
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
CreateFileA
SetEnvironmentVariableA
WriteFile
ReadFile
lstrcmpiW
GetStringTypeExW
DeleteFileW
MoveFileW
SetErrorMode
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
GetLocaleInfoW
CompareStringA
InterlockedExchange
GetModuleHandleA
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
LoadLibraryA
GetVersionExA
CreateEventW
SuspendThread
SetEvent
ResumeThread
SetThreadPriority
SystemTimeToFileTime
GetThreadLocale
lstrcmpA
GetAtomNameW
GlobalGetAtomNameW
GlobalFlags
lstrcmpW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleHandleW
GetVersion
InterlockedDecrement
SetLastError
GlobalFree
CopyFileW
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceW
LoadResource
LockResource
SizeofResource
MulDiv
GetSystemTime
LocalFree
SetCurrentDirectoryW
GetCurrentDirectoryW
GetCurrentThreadId
GetLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
OutputDebugStringW
FormatMessageW
FindFirstFileW
FindNextFileW
FindClose
LoadLibraryW
GetProcAddress
GetModuleFileNameW
GetLastError
CompareStringW
GetTempPathW
GetTempFileNameW
FreeLibrary
lstrlenW
lstrlenA
lstrcpynW
GetVersionExW
WideCharToMultiByte
MultiByteToWideChar
InterlockedCompareExchange
GetCurrentProcessId
InterlockedIncrement
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateMutexW
FatalAppExitA

user32

SetCursor
PostQuitMessage
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
EndPaint
BeginPaint
GetWindowDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
SetScrollRange
GetScrollRange
SetForegroundWindow
ShowScrollBar
ShowOwnedPopups
GetClientRect
GetMenu
PostMessageW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EndDialog
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
CopyRect
SetWindowPlacement
DefWindowProcW
CallWindowProcW
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
SetWindowPos
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowLongW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemInt
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
CheckRadioButton
DeleteMenu
GetDialogBaseUnits
CreateDialogIndirectParamW
UpdateWindow
GetNextDlgTabItem
CheckDlgButton
GetScrollPos
SetScrollPos
SetFocus
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
GetWindowTextLengthW
UnregisterClassW
GetFocus
GetDesktopWindow
DestroyIcon
ScreenToClient
CharUpperW
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
GetWindowTextW
SetWindowTextW
GetWindowThreadProcessId
SendMessageW
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
UnhookWindowsHookEx
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
GetActiveWindow
MessageBoxW
EnumThreadWindows
IsWindowVisible
EnableWindow
IsWindow
SetDlgItemTextW
UnregisterClassA

gdi32

GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateCompatibleDC
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
ScaleWindowExtEx
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateFontIndirectW
GetTextExtentPoint32W
CreateRectRgnIndirect
SetRectRgn
StartDocW
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextMetricsW
GetPixel
BitBlt
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
CopyMetaFileW
CreatePen
GetDeviceCaps
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
GetObjectW
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
CreateBitmap
DeleteObject
CreateDCW
PtVisible

comdlg32

GetFileTitleW
GetOpenFileNameW
GetSaveFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyW
RegSetValueW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegCloseKey
RegCreateKeyW

shell32

SHGetFileInfoW
ExtractIconW

ole32

CreateBindCtx
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
ReleaseStgMedium
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
StringFromGUID2
CoTaskMemAlloc
StringFromCLSID
CoTreatAsClass
OleDuplicateData
CoDisconnectObject
CoCreateInstance
CLSIDFromString
WriteClassStg

oleaut32

SafeArrayGetElement
VariantInit
VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayCopy
SysFreeString
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantChangeType
VariantCopy
SafeArrayAllocData
SafeArrayAllocDescriptor

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveExtensionW

Sections

.text
Size: 460KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

faca93f159c7d2b6983f233dd4a0171f

Headers

File Characteristics

PDB Paths

Imports

rpcrt4

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 460KB - Virtual size: 457KB

.rdata Size: 104KB - Virtual size: 100KB

.data Size: 16KB - Virtual size: 28KB

.rsrc Size: 4KB - Virtual size: 620B

.text
Size: 460KB - Virtual size: 457KB

.rdata
Size: 104KB - Virtual size: 100KB

.data
Size: 16KB - Virtual size: 28KB

.rsrc
Size: 4KB - Virtual size: 620B