2c2b166b00bcc129089e4ac07df0d1aa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2c2b166b00bcc129089e4ac07df0d1aa_JaffaCakes118
Size

76KB
MD5

2c2b166b00bcc129089e4ac07df0d1aa
SHA1

c792f69b39948773286ee885ae3b02b3b02ec980
SHA256

3737d1e623bb68a8c4c632f0ee1fdfd5d170be6a494ed78a2f553584b0f55835
SHA512

a5cb00c4e9f9020e3b1d2f3cea3f853ee066b0d9acb7abee45eb708aba4c68bce229a6b2f88009a915477cdfefafd75e666535bbbe82bc36362272173d6ed600
SSDEEP

1536:HL2VU2uTlBZVDp649uoZ2V+Zz/ud5SWf3awJQjsKtfK:r2u2uXw82V+Z/USGQjrf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c2b166b00bcc129089e4ac07df0d1aa_JaffaCakes118

Files

2c2b166b00bcc129089e4ac07df0d1aa_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d20ed9e9b9e384b5e3a8fb469448b17c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\KXzvddrznokd\oWDHJmL\AnfnoeloilRTiR.pdb

Imports

user32

SetWindowLongA
DestroyIcon
OffsetRect
GetDlgCtrlID
ShowCursor
SetRectEmpty
GetDlgItemTextA
DialogBoxParamA
GetCaretPos
SendInput
DeferWindowPos
LoadMenuA
GetForegroundWindow
DragObject
CallWindowProcA
DestroyMenu
CreateDialogParamA
SetWindowRgn
LoadIconW
LoadCursorA
GetWindowTextW
DrawFocusRect
AdjustWindowRectEx
LoadCursorW
SetWindowLongW
wvsprintfW
GetDialogBaseUnits
EndDialog
IsCharAlphaNumericW
GetIconInfo
GetClassInfoExA
TranslateMessage
AdjustWindowRect
SystemParametersInfoW
DestroyAcceleratorTable
EnumThreadWindows
GetWindowTextLengthW
RemovePropW
IsWindowEnabled
DrawAnimatedRects
mouse_event
EnableScrollBar
CopyRect
AttachThreadInput
MessageBoxA
LoadStringA
SetScrollInfo
CreateAcceleratorTableW
MessageBoxW
SetDlgItemInt
LoadBitmapA
BringWindowToTop
DialogBoxParamW
CharUpperW
ExitWindowsEx
GetMenuItemRect
GetMenuState
CreateIconFromResource
CheckMenuRadioItem
SetActiveWindow
wsprintfW
GetMenuCheckMarkDimensions
GetScrollInfo
RegisterClassExW
CharNextA
GetAsyncKeyState
CreateCursor
DrawIconEx
LoadMenuW
GetPropW
IsCharLowerA
GetClipCursor
SwitchToThisWindow
ArrangeIconicWindows
IntersectRect
WindowFromPoint
IsDialogMessageA
InsertMenuW
CharLowerA
SetCaretPos
PeekMessageA
CharToOemA
SetWindowPlacement
GetDoubleClickTime
GetMessagePos
ClientToScreen
GetSystemMetrics
InternalGetWindowText
GetClassInfoW
GetClassLongA
CreateIconIndirect
RemoveMenu
CreateMenu
SetDlgItemTextA
SystemParametersInfoA
CreateDialogIndirectParamW
SetWindowTextW
MessageBoxExA
FindWindowW
CreateWindowExW
DefWindowProcA
InsertMenuItemW
GetWindowRect
GetScrollRange
GetFocus
GetSubMenu
GetSysColor
WaitMessage
GetKeyboardLayout
DrawStateA
MonitorFromRect
IsWindowVisible
CharNextExA
EnumWindows
ReplyMessage
ActivateKeyboardLayout
GetMessageExtraInfo
ClipCursor

comctl32

ImageList_GetIcon
CreateStatusWindowW
CreatePropertySheetPageA
ImageList_Draw
DestroyPropertySheetPage
ImageList_LoadImageW

gdi32

SelectObject
CreatePenIndirect
CreateFontIndirectA
CreateSolidBrush
CreatePen
GetTextMetricsA
SetBitmapDimensionEx
GetCurrentObject
UnrealizeObject
DPtoLP
GetDIBits
GetTextColor
EnumFontFamiliesExW
GetBkMode
GetNearestPaletteIndex
GetTextAlign
GetDeviceCaps
SetPixel
GetTextCharsetInfo
SetDIBitsToDevice
SetBkColor
SetRectRgn
SetPaletteEntries
CreateFontA
SetTextAlign
CreateRoundRectRgn
CreateBitmap
ResizePalette
SetTextColor
EnumFontsW
EnumFontFamiliesW
SetBitmapBits
RemoveFontResourceW
SetViewportOrgEx
GetPixel
RoundRect
SetLayout
SetWindowOrgEx
EndPage
CreateBrushIndirect
BeginPath
AddFontResourceW
CreateDIBSection
GetTextFaceW
GetTextMetricsW
CreateDCW
GetMapMode
SetAbortProc
RestoreDC
Escape
SetStretchBltMode

msvcrt

strerror
swscanf
_controlfp
__set_app_type
time
localtime
atoi
wcscpy
__p__fmode
iswspace
strncmp
__p__commode
fputc
calloc
ftell
wcstoul
swprintf
wcsncmp
malloc
islower
mktime
strchr
_amsg_exit
_initterm
mbstowcs
setlocale
sscanf
_acmdln
strcpy
exit
putchar
_ismbblead
putc
isprint
_XcptFilter
fwrite
isxdigit
wcsstr
_exit
strstr
tolower
fputs
_cexit
towupper
strtol
__setusermatherr
__getmainargs
qsort

kernel32

GetSystemDefaultUILanguage
VirtualProtect
GetLocalTime
TransactNamedPipe
CreateNamedPipeW
GetUserDefaultLCID
GetSystemDirectoryA
GlobalMemoryStatus
GetWindowsDirectoryW
FlushFileBuffers
GlobalMemoryStatusEx
GetCurrentThreadId
FreeLibrary
GetModuleHandleW
CreateNamedPipeA
FreeResource
ReleaseSemaphore
GlobalAddAtomW
GetSystemDirectoryW
GetCommandLineA
CreateSemaphoreW
SetCommBreak
GetComputerNameW
IsBadReadPtr
CallNamedPipeW
GetFileAttributesExW
SetSystemTime
CreateFileW
SetEndOfFile
DeviceIoControl
SetThreadExecutionState
MulDiv
QueryDosDeviceW
LoadLibraryExW
GetModuleHandleA
GetCurrentThread
LoadLibraryA
GetFileAttributesExA
GetModuleFileNameA
FormatMessageW
RemoveDirectoryA
QueryPerformanceCounter
HeapWalk
lstrcpyA
lstrlenW
GetThreadPriority
OpenEventW
SearchPathW
GetCommConfig
GlobalDeleteAtom
lstrcatW
SetCurrentDirectoryW
GetFileAttributesA
GetFullPathNameW
lstrlenA
lstrcmpA

Exports

Exports

?FindSizeExA@@YGGFPAKPAH]A
?CrtFullNameExW@@YGDMEPAG]A
?FreeSystemNew@@YGFI]A
?DecrementHeightNew@@YGPANEH]A
?RemoveSystemW@@YGPAXPAHK]A
?FormatDataEx@@YGJI]A
?DeleteMonitorA@@YGXMD]A
?AddConfig@@YGPAMJ]A
?InvalidateSystemA@@YGIGPA_N]A
?CallTimerA@@YGPADIPAEF]A
?IncrementConfig@@YGNPAM]A
?ShowStateA@@YGMPAKGIPAM]A
?RemoveMemoryA@@YGIPAI_NM]A
?DecrementThreadExA@@YGHPAEM]A
?AddKeyboardEx@@YGPAKPAHE]A
?CancelComponentEx@@YGDPAHD]A
?IsNotMutantOriginal@@YGPAHGEPAH]A
?KillFunction@@YGPAXJJD]A
?GetMessageA@@YGDGDH]A
?InsertClassOriginal@@YGPA_NIGPADH]A
?AddConfigNew@@YGDFPAID]A
?IsNotObjectOld@@YGXNGIN]A
?GlobalArgumentW@@YGIPAJ]A
?RtlValueExW@@YGMGI]A
?GlobalFunctionA@@YGPAGFG]A
?CallRect@@YGPAJPAJ_NPADG]A
?FindHeaderEx@@YGPAMDE]A
?ShowSemaphoreExW@@YGXI]A
?EnumProjectEx@@YGGFK]A
?ValidateTimeExW@@YGPAGJPAF]A
?FormatThreadExA@@YGGMHMD]A
?HideSystemExA@@YGFPAHGM]A
?RemoveTimerExA@@YGPAJEPAHPAJ]A
?OnAppNameW@@YGXPADPAE]A
?ShowHeaderExW@@YGPAJI]A
?DeleteArgumentExA@@YGPAHPAFE_NE]A
?InstallMessageEx@@YGPAGFN]A
?DecrementHeightOld@@YGPAKPAHPAJJ]A
?CancelCharW@@YGPAFMPAHPAKE]A
?PutDataOriginal@@YGDHPAID]A
?SendComponentExA@@YGXIPAH]A
?LoadFunctionNew@@YGPADPAD]A
?InvalidateSystemExW@@YGPAIMPAH]A
?HideDataOld@@YGXPAMHPAM]A
?KillNameExW@@YGNPAK]A
?RemoveDateTimeOriginal@@YGJEPAE]A
?HideModuleA@@YGPAMMK]A
?IsFolderPathOriginal@@YGFPAJPAFHJ]A
?SetWindowInfoExW@@YGMKPAGF]A
?DirectoryEx@@YGPADHPAHPAD]A
?IsValidArgumentExW@@YGHEPAIMD]A
?IsNotProfileW@@YGPAXDIF]A
?LoadMediaTypeW@@YGDPAI]A
?InsertStringExA@@YGXFGDD]A
?AddSemaphoreW@@YGPAKPAEFPAJH]A
?KillProviderEx@@YGNFPAEN]A
?FreeNameNew@@YGXEGM]A
?OnString@@YGMGIPA_N_N]A
?ValidateStringExA@@YGPAXPAEPAF]A
?LoadRect@@YGFPAKG]A
?EnumObjectW@@YGKDPAMGPAH]A
?CloseVersion@@YGPAKJD]A
?ValidateSemaphoreExW@@YG_NDEI]A
?OnValueExW@@YGDF]A
?ModifyTextExW@@YGPAIKDGI]A
?KillMemoryExW@@YGHPAI]A
?GenerateProviderOriginal@@YGXPAI]A
?GlobalTimeExW@@YGPAEPAGDD]A
?HideTimeA@@YGEDPA_NPAHF]A
?KillNameA@@YGIPAIJ]A
?GlobalFilePath@@YGPAJIF]A
?DecrementFolderA@@YGMMHFPAG]A
?FormatConfigExW@@YGGGPADPAIPAG]A
?CloseStateA@@YGFPAKDPAH]A
?DecrementTimerOriginal@@YGMPAF]A
?GlobalDirectory@@YG_NNE]A
?HideFilePathExA@@YGPANJ]A
?CancelPathExW@@YGPAKHKPAIJ]A
?CopyArgumentNew@@YGPAMJPAI]A
?IsOptionEx@@YGPAEPA_NPADI]A
?InvalidateMutexExW@@YGPAX_NPA_N]A
?CancelProfileOriginal@@YGXPAEMPA_N]A
?EnumWindowNew@@YGPAEPAGGPAK]A
?InvalidateSizeOld@@YGKGEG]A
?AddTimeNew@@YGPAJPA_NKIF]A
?EnumMediaTypeExW@@YGDMPAH]A
?CrtHeightNew@@YGJIDPAHPAN]A
?IsNotTimerExW@@YGMJH]A
?LoadDateTimeA@@YGPAKEFKH]A
?IsNotStateExW@@YGHM]A
?RtlKeyNameExA@@YGPADHM]A
?KillDate@@YGXEG]A
?EnumFunctionEx@@YGHPAHIPAD]A
?IsNotComponentNew@@YGXJ]A
?ModifyDeviceEx@@YGIIKM]A
?CallThreadOld@@YGPAGMJPAN]A
?IsValidValueExW@@YGMIMGH]A
?OnPenW@@YGMKFIPAG]A
?RemoveValueEx@@YGPAHE]A
?KillEvent@@YGXPAJPAKIPAI]A
?IsValidPenNew@@YGIPAFPAG]A
?ShowTimer@@YGPAEHM]A
?ShowTimerW@@YGEF]A
?CrtDataExA@@YGIF]A
?FreeSystemOriginal@@YGKMGPAK]A
?IsThreadEx@@YGMPAI]A
?EnumVersion@@YGPAXGGPAMG]A
?FormatMutexExW@@YGXHPAM]A
?MonitorA@@YGXJM]A
?HidePointEx@@YGPADIGNE]A
?CopyAppNameW@@YGPAKPAGM]A
?InsertListItemOld@@YGPAEGPANEH]A
?AddCharOriginal@@YGPAEPAIDD]A
?LoadMonitorNew@@YGPADFPAGPAD]A
?RtlFileOriginal@@YGMPADEG]A
?DecrementDeviceW@@YGJPAEIGN]A
?GetExpressionNew@@YGPAXPADFEPAD]A
?IsNotSectionOld@@YGPAXGH_N]A
?DecrementWindowW@@YGPAGPAD]A
?FreeCharA@@YGNMPANK]A
?ValidateOptionExW@@YGNPAGIE]A
?IsValidPen@@YGXIPAHF]A
?IsNotFolderPathExW@@YGDPAG]A
?DeleteMessageA@@YGPAEPAGKF]A
?DeleteProfileOriginal@@YGPAMPA_NMPAN]A
?FindCommandLineNew@@YGPAXPAEEEPAH]A
?InsertDialogOld@@YGPADK]A
?InsertDateOld@@YGPAEJPA_N]A
?IsValidPenA@@YGKG]A
?OnChar@@YGPADPADE]A
?CrtSemaphore@@YGGEIPAG]A
?ModifyEventEx@@YGMNPAJ]A
?FreeListItemExW@@YGKPAFPAK]A
?IsTimeExA@@YGX_N]A
?IsListOriginal@@YGXHPAE_NG]A
?InstallSystemA@@YGDI]A
?IsNotClassOriginal@@YGNGMPAE]A
?RemoveStringA@@YGDF]A
?ShowMemory@@YGPAGPAIPAM]A
?DestinationSysCounterDnDHuuey@@YGKGHE@Z
?LoadText@@YGHPAMPAK]A
?KillTextExW@@YGD_NE]A
?CrtProfileOld@@YGHPAHPAGPA_N]A
?GenerateDateEx@@YGIPAHEPAK_N]A
?HideVersionNew@@YGGPAJHEI]A
?ShowTimeA@@YGEKPAHH]A
?PutPathOriginal@@YGFFPAKD]A
?GlobalScreenOriginal@@YGHPAJH]A
?SendFileOriginal@@YGEDD]A
?ModifySemaphoreOriginal@@YGXPADPAKPAIPAF]A
?GlobalFolderOld@@YG_NE]A
?CrtWidthA@@YGXHFJ]A
?SendWindowOld@@YGKEJ]A
?ValidateSectionOld@@YGPANGH]A
?AddAppNameA@@YGXPAFNMF]A
?SetPathW@@YGIPAMDK]A
?KillWindowInfoEx@@YGD_NIHG]A
?SendDirectoryOriginal@@YGNPAF]A
?GetAnchorNew@@YGGEPAGJ]A
?ShowObjectW@@YGXJKK]A
?EnumDateOriginal@@YGGPAKJPAF]A
?GenerateThreadOriginal@@YGEPAEIPAE]A
?RemoveWindowInfoEx@@YGHGPAM]A
?DecrementFolder@@YGPAGPAFPAGN]A
?IsValidCharOriginal@@YGHEKGPAH]A
?PutSection@@YGPAIPAJJK]A
?ShowNameNew@@YGEM]A
?FullNameOriginal@@YGNFFFPAH]A
?InsertMemoryOld@@YGPAMKH]A
?EnumVersionExW@@YGPAMHKPAKF]A
?FindPathW@@YGJMPAJK]A
?IncrementProfileW@@YGPAHPAD]A
?AddClassNew@@YGXPAHJPAJPAE]A
?InstallStateExA@@YGPAEPA_NPAK]A
?ShowSection@@YGDMPAM]A
?FreeAnchorNew@@YGHN]A
?FreeSizeEx@@YGXEMI]A
?CancelScreen@@YGXMHPAM]A
?CopyRectEx@@YGEPAGPADPAEPAF]A
?IsProfileOld@@YGNKHF]A
?IsHeightOld@@YGIK]A
?DecrementMonitorNew@@YGPAXPADPAIIF]A
?SetArgumentEx@@YGPAHI]A
?EnumProjectNew@@YGFEM_N]A
?DeleteOptionNew@@YGEKG]A
?OnPointer@@YGXM]A
?EnumVersionEx@@YGXMH]A
?IsCommandLineExA@@YGPAXIM]A
?KillVersionW@@YGPAIPAEEPAN]A
?PutPointW@@YGPAKGPAF]A
?ValidateFolderPathNew@@YGEHPAIE]A
?ValidateConfigExW@@YGPAEEKNI]A
?GlobalSizeNew@@YGXG]A
?KillFolder@@YGNJ]A
?KillFilePathW@@YGDPADG]A
?GlobalAppNameOld@@YGEG]A
?InvalidateMessageW@@YGIPAIK]A
?SetArgumentOld@@YGMD]A
?IsNotThreadEx@@YGKJM]A
?IsNotSystemA@@YGPAMPAKF]A
?EnumDialogExW@@YGGPAGEPAGI]A
?InsertListItemExW@@YGKPAG]A
?IsValidFunction@@YGPAHPAJ]A
?CopyMutantExW@@YGJIK_N]A
?RtlTask@@YGJD]A
?DecrementSizeExW@@YGPAGM]A
?CopyDialog@@YGPADMG]A
?ValidateDeviceOriginal@@YGIH]A
?KillKeyboardExW@@YGPANHPAKPAF]A
?RemoveProfileExW@@YGPA_NPANPAGN_N]A
?GlobalSectionOld@@YGGKIJ]A
?MemoryExW@@YGPAXEPAF]A
?FreeString@@YGXGE]A
?ModifySemaphoreOld@@YGPA_NFGEM]A
?SendDialogOriginal@@YGDPAIPAEPAEPAH]A
?CloseAnchorA@@YGPAGPAG]A
?IsValidPenExW@@YGIPAD]A
?DeleteMemoryOriginal@@YGGPAJGHG]A
?FindFolderW@@YGMPAIMJ]A
?CloseData@@YGMPAJPAF]A
?CloseProvider@@YGPAXPAEGE]A

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d20ed9e9b9e384b5e3a8fb469448b17c

Headers

File Characteristics

PDB Paths

Imports

user32

comctl32

gdi32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.idata Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 34KB

.tls Size: 512B - Virtual size: 512B

.rsrc Size: 31KB - Virtual size: 31KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 31KB - Virtual size: 30KB

.idata
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 34KB

.tls
Size: 512B - Virtual size: 512B

.rsrc
Size: 31KB - Virtual size: 31KB

.reloc
Size: 2KB - Virtual size: 1KB