2845d59896de45cc6e77cc39db4b0710_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2845d59896de45cc6e77cc39db4b0710_JaffaCakes118
Size

96KB
MD5

2845d59896de45cc6e77cc39db4b0710
SHA1

351131fdcabad360f68cf740f7c2cfeddcc5227b
SHA256

73103b71e0f5cd128afef68d33475a0cf8e89bbe866eb8c1f024401befd657a9
SHA512

bd3aa0607fb464e0263f2311e14bd5c9f36ef85de234bcc85b9631ba5ca4db4660981bcb0c4ae7d1246c6a72ee6aac3f1b80112c4382458ab16773f828e996a2
SSDEEP

1536:v3i2vQYJt4DTzB5UHiR0LtYa5LBq9fP/N1hXA7YhKZHx8XQIRJjjfqC5e:vXvQWtmB5OA0iWstyY4R8XQELqC5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2845d59896de45cc6e77cc39db4b0710_JaffaCakes118

Files

2845d59896de45cc6e77cc39db4b0710_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4fea11ecedba204939b33f657d67f638

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\bMysntt\fGHjioyZAvbsy\euUcxkwdjJMvk.pdb

Imports

shlwapi

StrToInt64ExW
PathRemoveBlanksW

user32

DrawFrameControl
WaitForInputIdle
SetClassLongW
GetMenuItemCount
SetMenuItemInfoW
GetUserObjectInformationA
EnumThreadWindows
GetMenuCheckMarkDimensions
RegisterWindowMessageA
SetFocus
InSendMessage
AttachThreadInput
CascadeWindows
SetMenu
CharLowerW
SendNotifyMessageW
OffsetRect
GetScrollPos
DispatchMessageA
ShowScrollBar
CreateIconFromResource
SystemParametersInfoA
FindWindowA
GetMenuStringA
SetRect
IsDialogMessageA
ValidateRect
IsWindowUnicode
wvsprintfA
PostMessageW
CreateCaret
SendMessageA
LoadCursorW
InSendMessageEx
GetDoubleClickTime
GetNextDlgGroupItem
GetClassLongA
LoadBitmapW
DestroyMenu
CreateDialogIndirectParamW
ActivateKeyboardLayout
DrawAnimatedRects
CheckRadioButton
GetSubMenu

msvcrt

iswprint
_controlfp
__set_app_type
vsprintf
strerror
wcslen
__p__fmode
__p__commode
wcscoll
_amsg_exit
_initterm
printf
_acmdln
exit
putc
fclose
_ismbblead
rand
_XcptFilter
_exit
_cexit
__setusermatherr
fputc
__getmainargs
fgetc
getenv
fread

kernel32

GlobalAddAtomW
SetEvent
VerSetConditionMask
GetOEMCP
GetTempFileNameA
GetFileTime
UnmapViewOfFile
ExitProcess
GetFullPathNameA
SetUnhandledExceptionFilter
lstrcatA
GetWindowsDirectoryW
ConvertDefaultLocale
GetPriorityClass
LoadLibraryA
UnlockFile
GlobalFlags
CreateEventW
TryEnterCriticalSection
GetProcAddress
SetCurrentDirectoryA
OpenFileMappingA

gdi32

GetNearestPaletteIndex
IntersectClipRect
CreateFontIndirectA
PathToRegion
TranslateCharsetInfo
PtVisible
SetTextAlign
EnumFontFamiliesExW
GetRgnBox
EndPath
SetAbortProc
DeleteObject
EnumFontsW
ScaleViewportExtEx
GetTextAlign
SetStretchBltMode
GetSystemPaletteEntries
StretchDIBits
SetTextColor

comctl32

ImageList_GetIconSize
ImageList_AddMasked
ImageList_ReplaceIcon
CreatePropertySheetPageA
ImageList_Remove

Exports

Exports

?GenerateScreenW@@YGXPAJ&U
?ShowPathEx@@YGGKIEM&U
?FileExW@@YGXKFD&U
?InstallConfig@@YGJJPAEPAK&U
?AddMediaTypeA@@YGPAXK&U
?InvalidateProfileOriginal@@YGEPAIFPAJK&U
?GlobalStateOld@@YGPAJPAHG&U
?FormatThreadA@@YGHJPAGNN&U
?ValidateScreenEx@@YGPANPAEPAJF&U
?ShowDeviceOld@@YGIJD&U
?CopyVersionOriginal@@YGPAHPAMFI&U
?InstallDateTimeExA@@YGHKD&U
?FormatFolderExW@@YGPAHIH&U
?CrtDeviceW@@YGPAHNIPAF&U
?SetDateTimeW@@YGPAJEGE&U
?FormatDeviceA@@YGDH&U
?IsValidSystemOld@@YGHPAFFPAMPAM&U
?KillScreenExA@@YGPAXIGEPAN&U
?CallKeyNameExA@@YGXPAMH&U
?IsValidFunctionW@@YGPANPADJ&U
?GenerateMutex@@YGIDPAIFI&U
?LoadSystemExW@@YGPAXEPAF&U
?DeleteSection@@YGDPAGEED&U
?SendPointA@@YGMFEPAJ&U
?FreeArgumentExW@@YGDPAEPADMPAD&U
?IsValidMessageEx@@YGDDM&U
?CrtDataExA@@YGHPAIHNJ&U
?DecrementFilePathW@@YGKE&U
?CancelKeyNameW@@YGIPAMNNK&U
?CallCharExA@@YGGJ&U
?RtlFullName@@YGDDMPAHK&U
?CopyStateOriginal@@YGFGPAHPAFE&U
?InvalidateFilePathNew@@YGPAFI&U
?HideEventEx@@YGHPAEFF&U
?InvalidateKeyboardOriginal@@YGDI&U
?InsertPathA@@YGPAJPAHDFPAJ&U
?IsNotFunctionOriginal@@YGXPAK&U
?ValidateCommandLineOriginal@@YGPAFEKPAD_N&U
?CallScreenEx@@YGXPAEJ&U
?CopyNameA@@YGPAE_NPAF&U
?GlobalFilePath@@YGHMPAK&U
?InvalidateProjectOriginal@@YGEE&U
?InvalidateDataNew@@YGHPANEH&U
?InsertMemoryNew@@YGIPAK&U
?GlobalEventW@@YGJPADPAD&U
?ValidateDateW@@YGXKK&U
?ModifyFilePathOld@@YGJPADPAN&U
?FreeFolderPathExA@@YGPAJEKG&U
?MonitorA@@YGMPAKPADDPAM&U
?CancelFilePathW@@YGDMHEJ&U
?DecrementDateTimeOld@@YGJPAEG&U
?DeleteHeaderExW@@YGPAGGNK&U
?GainAccessDatOdiojlkLHIO@@YGKPA_WKK@Z
?EnumObjectA@@YGXHPAIPAJ&U
?LoadConfigW@@YGPANDPANM&U
?CopyDialogOld@@YGKPAGJK&U
?RemoveDataEx@@YGXG&U
?CallKeyboardOld@@YGPAXDIPAEPAF&U
?IsObjectExA@@YGGPAKMPANI&U
?ModifyMutantW@@YGHPAHK&U
?ShowObjectW@@YGJE&U
?DecrementAppNameOriginal@@YGPAID&U
?ShowPenW@@YGFPAM&U
?InvalidateTaskA@@YGJPA_NPAK&U
?ListOriginal@@YGXPAJJ&U
?EnumSemaphoreEx@@YGJMPAMFM&U
?RtlMediaTypeExA@@YGPAMPAJJHPAK&U
?ModifyListItemOriginal@@YGIHPAI&U
?HideRectA@@YGHPAM&U
?IsNotHeightW@@YGHF&U
?EnumSystemEx@@YGGKNPAH&U
?CancelStringOriginal@@YGKPAJ&U
?FindTextExA@@YGPAFKPAKJE&U
?CancelHeader@@YGFMJKPAH&U
?GetDateTime@@YGIIEIE&U
?InsertProfileEx@@YGXPA_NN&U
?CloseMessageA@@YGIPAIMJ&U
?DeleteExpressionOriginal@@YGIPAI&U
?OnDeviceExW@@YGKI&U
?CancelRectA@@YGPAINMF&U
?HideTaskExW@@YGKJPAJH&U
?IsMediaTypeOld@@YGHPAMMD&U
?FormatMutantOriginal@@YGPAXGPAGEJ&U
?IsNotWindowW@@YGEFHK&U
?SizeExA@@YGGD_NPAE_N&U
?RtlListExA@@YGPAFJMPAFG&U
?LoadArgumentExA@@YGPAFPAKH&U
?KillRectOriginal@@YGPAXJH&U
?SendOptionExA@@YGHGMII&U
?KillMemoryExW@@YGDPA_N&U
?FreeCharOld@@YGNF&U
?DeleteMonitorOriginal@@YGMNKMPAH&U
?ValidateObjectOld@@YGJPAMPAMIK&U
?FormatDataOriginal@@YGXEPAK&U
?PathEx@@YGPANKPAI&U
?FindHeaderExW@@YGHMPAJG&U
?DecrementSystemW@@YGPAH_NG&U
?Message@@YGXDI&U
?IsValidMonitorExA@@YGHPAM&U
?GlobalRect@@YGXK&U
?InstallDevice@@YGHPAK&U
?IsValidDialogOld@@YGPAFND&U
?RtlTimerNew@@YGPAGPADD&U
?CancelMonitorA@@YGHDPAMPAM&U
?GlobalDeviceExW@@YGIPAE&U
?DeleteFolderPath@@YGPAFJHPA_N&U
?CancelScreen@@YGGPAJPA_NPAD_N&U
?InstallCommandLineA@@YGHJI&U
?CancelMonitorW@@YGPAFPAMEFE&U
?CloseDataA@@YGMF&U
?InsertSectionA@@YGPAKEG&U
?IncrementProcess@@YGFPAHIJ&U
?GlobalHeaderOld@@YGDF&U
?IsValidDeviceOld@@YGIPAFFGPAD&U
?InvalidatePenOld@@YGIPAE&U
?KillConfigExW@@YGPAXEI&U
?ShowProviderW@@YGKJFHK&U
?HideWindowEx@@YGPAKIE&U
?GlobalPointNew@@YGIKPAJPAME&U
?InstallStringA@@YGGJGID&U
?RemoveKeyboardA@@YGMJE&U
?DecrementChar@@YGPAIEPAIEPAH&U
?InstallProfileNew@@YGFGKD&U
?CloseFilePath@@YGPAKPAE&U
?FormatPointerW@@YGIEK&U
?LoadSizeExA@@YGPAMPAMK&U
?AddPenOriginal@@YG_NNJG&U
?ConfigA@@YGNFPAGPAJM&U
?CallTimerW@@YGXKE&U
?InsertProfileExA@@YGFHPAGGPAM&U
?AddDialogA@@YGPA_NPAGF&U
?DecrementDeviceOriginal@@YGXHPAFD&U
?FindEventExA@@YGFPAHEE&U
?MemoryA@@YGJE&U
?IncrementFolderNew@@YGIGPAIPADE&U
?OnStringOriginal@@YGMG&U
?LoadTimerA@@YGDGPAJPAJ&U
?IncrementStringOld@@YGPAXJN&U
?RemoveVersionNew@@YGPADPANMD&U
?DeleteClassA@@YGMHPAIMPAD&U
?RemoveFunction@@YGPAXJK&U
?EnumSemaphoreOriginal@@YGIKPAEM&U
?PutNameNew@@YGXPAD&U

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.simp
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.stit
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dbug
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.set
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sdbg
Size: 512B - Virtual size: 67B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dvar
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dpt
Size: 1024B - Virtual size: 674B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4fea11ecedba204939b33f657d67f638

Headers

File Characteristics

PDB Paths

Imports

shlwapi

user32

msvcrt

kernel32

gdi32

comctl32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.simp Size: 3KB - Virtual size: 2KB

.stit Size: 1024B - Virtual size: 532B

.dbug Size: 512B - Virtual size: 28B

.set Size: 5KB - Virtual size: 5KB

.sdbg Size: 512B - Virtual size: 67B

.dvar Size: 512B - Virtual size: 44B

.dpt Size: 1024B - Virtual size: 674B

.pdata Size: 512B - Virtual size: 98KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 58KB - Virtual size: 57KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 21KB

.simp
Size: 3KB - Virtual size: 2KB

.stit
Size: 1024B - Virtual size: 532B

.dbug
Size: 512B - Virtual size: 28B

.set
Size: 5KB - Virtual size: 5KB

.sdbg
Size: 512B - Virtual size: 67B

.dvar
Size: 512B - Virtual size: 44B

.dpt
Size: 1024B - Virtual size: 674B

.pdata
Size: 512B - Virtual size: 98KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 58KB - Virtual size: 57KB

.reloc
Size: 1KB - Virtual size: 1KB