2cfb225b1e6a83d98810e3c4eb954929_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2cfb225b1e6a83d98810e3c4eb954929_JaffaCakes118
Size

223KB
MD5

2cfb225b1e6a83d98810e3c4eb954929
SHA1

1a33661d800ce617c69b64ff9c022659674cc6b0
SHA256

2132074ad295179362c3297729530d6c837781de9393647aee97aa57bd9c66e1
SHA512

de33b02a493af11b19910a583f9bfa708e9c619338914dcdcac355fa2d99bd9cff9f641540aadb8cc8b613701ab9ba77899ebeee064a8ff0d7f294dbf0060b3a
SSDEEP

6144:7la98QzjXB/fnnAE50iVXdPjtCEGO4zJqK0:AnAm1VXdbtCEQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2cfb225b1e6a83d98810e3c4eb954929_JaffaCakes118

Files

2cfb225b1e6a83d98810e3c4eb954929_JaffaCakes118
.exe windows:5 windows x86 arch:x86

902d49fb18a40923e3f47d7bc7daec1a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

R:\yhqkgxcudl\isJivmocRpf\ttyLGnEum.pdb

Imports

msvcrt

setlocale
ungetc
wcscoll
_controlfp
atol
vswprintf
isdigit
__set_app_type
__p__fmode
strstr
strcspn
__p__commode
towlower
wcscspn
isupper
getenv
mktime
printf
strchr
strpbrk
_amsg_exit
strtol
_initterm
_acmdln
floor
exit
fclose
fseek
iswalpha
isspace
_ismbblead
wcstoul
wcstod
strtok
time
realloc
strrchr
wcscat
_XcptFilter
islower
_exit
_cexit
__setusermatherr
strspn
__getmainargs

comdlg32

GetFileTitleW
PrintDlgW
GetSaveFileNameW
GetOpenFileNameW
PageSetupDlgW

gdi32

AddFontResourceW
DeleteDC
SetRectRgn
SetViewportOrgEx
SelectObject
CombineRgn
CreateDCW
GetDIBits
CreateHatchBrush
GetTextAlign
GetTextCharsetInfo
EndPath
CreateHalftonePalette
SetPixel
DPtoLP
TranslateCharsetInfo
SetTextAlign
SetBkColor
IntersectClipRect
EndPage
GetBitmapBits
CreateBitmapIndirect
ExtFloodFill
StartPage
GetDIBColorTable
CreateCompatibleBitmap
SetBkMode
CreatePen
SetBitmapBits
GetFontData
PathToRegion
Polygon
RealizePalette
GetStockObject
RectVisible
SetStretchBltMode
GetLayout
RectInRegion
CreatePatternBrush
GetWindowOrgEx
DeleteObject
OffsetViewportOrgEx
OffsetRgn
StartDocW

user32

OpenDesktopW
SetMenuItemBitmaps
DestroyCursor
GetUpdateRgn
GetDlgItemTextA
LoadBitmapW
RegisterWindowMessageA
GetKeyboardType
GetForegroundWindow
InSendMessage
OffsetRect
GetDlgCtrlID
RegisterWindowMessageW
MonitorFromPoint
TrackPopupMenu
FrameRect
GetWindowLongA
RemoveMenu
CharPrevA
GetWindowDC
GetSystemMenu
MessageBoxW
GetKeyNameTextW
IsCharAlphaNumericW
DefFrameProcA
SetMenu
InvertRect
SetTimer
InsertMenuItemW
RegisterClassW
RedrawWindow
SystemParametersInfoW
GetActiveWindow
CreateWindowExW
SetClassLongW
EnumChildWindows
SetPropW
ClipCursor
SetWindowTextW
IsDialogMessageA
TrackPopupMenuEx
ArrangeIconicWindows
InvalidateRgn
AttachThreadInput
DrawIcon
EnumWindows
LoadCursorA
ClientToScreen
CreatePopupMenu
CopyRect
SetDlgItemTextW
UnionRect
IsDlgButtonChecked
PeekMessageW
AppendMenuA
SendInput
MapWindowPoints
BringWindowToTop
SetMenuDefaultItem
GetWindowTextA
MapDialogRect
GetClassLongA
TranslateAcceleratorW
CharUpperBuffW
GetPropW
DrawMenuBar
SetRectEmpty
GetSysColorBrush
wvsprintfA
SendMessageA
CharToOemBuffA
SetForegroundWindow
GetMenuState
IsRectEmpty
IsWindowEnabled
LoadIconW
GetMessageTime
ValidateRect
DrawTextW
BeginDeferWindowPos
HideCaret
DestroyAcceleratorTable
GetFocus
CharLowerW
EnableMenuItem
IsWindowVisible
CopyAcceleratorTableW
DefDlgProcW
GetDlgItemInt
PostMessageW
MessageBoxExW
DragObject
SetLastErrorEx
SetWindowTextA
IntersectRect
IsIconic
GetUpdateRect
IsZoomed
DeferWindowPos
VkKeyScanW
SwapMouseButton
DefFrameProcW
ReplyMessage
WindowFromPoint
InsertMenuW
GetDesktopWindow
SetFocus
GetWindowTextLengthW

kernel32

FindResourceExW
FreeResource
SetMailslotInfo
TryEnterCriticalSection
GetLocalTime
GetCPInfo
TransactNamedPipe
CreateSemaphoreA
CancelWaitableTimer
IsDBCSLeadByte
GetCurrentProcessId
WriteConsoleInputA
CompareStringW
LeaveCriticalSection
MapViewOfFile
GetDateFormatA
CreateFileW
CopyFileW
GetAtomNameA
GetCommState
FindCloseChangeNotification
GlobalAddAtomA
GetFileInformationByHandle
CreateFileMappingA
AreFileApisANSI
IsBadWritePtr
GetFullPathNameA
CloseHandle
GetFileTime
IsValidLocale
GetBinaryTypeW
SetTimerQueueTimer
GetCurrentProcess
GetModuleFileNameA
GetSystemWindowsDirectoryW
GlobalCompact
GetThreadTimes
DefineDosDeviceW
SetErrorMode
lstrcmpiW
GetCommProperties
WinExec
MultiByteToWideChar
FlushFileBuffers
GetNumberFormatW
GetVersionExW
SetFileTime
TlsFree
DeleteFileA
VirtualAlloc
GetCommTimeouts
GetUserDefaultLCID
GetTempPathA
FindNextFileA

comctl32

ImageList_GetIcon
PropertySheetA
DestroyPropertySheetPage
ImageList_Write
ImageList_SetIconSize
ImageList_GetIconSize

Exports

Exports

?CloseFunctionOld@@YGHPAK~U
?CopyRectExA@@YGXK~U
?FormatStateW@@YGPAIPAGD~U
?SetSize@@YGPA_NKPAHM~U
?InvalidateDialogW@@YGPAEH_NPAGJ~U
?GetSystem@@YGPAMPA_N~U
?IsNotScreenA@@YGPA_NPANHHF~U
?GetValueEx@@YGX_NGN~U
?FreeList@@YGPAKE~U
?RemoveSizeExW@@YGFPAKPAIPAG~U
?FindWindowInfoW@@YGFK~U
?ValidateStringOld@@YGPAIPANF~U
?GenerateDataOriginal@@YGPAXPAIDPAEI~U
?SendHeightA@@YG_NM~U
?CancelList@@YGPAFPAJJME~U
?OnModuleOriginal@@YGPANFI_NN~U
?ValidatePointerW@@YGXPAH~U
?GetArgumentNew@@YGPAXHD~U
?RtlPointerExA@@YGPAXMPAKID~U
?OnThread@@YGMN~U
?InstallPointW@@YGMI~U
?DecrementProject@@YGPAXPADG~U
?CloseDateExW@@YGXEFJPAI~U
?SetPathExW@@YGMI~U
?ValidateSize@@YGPAGI_NJPA_N~U
?IncrementFileOriginal@@YGXMHNPAH~U
?DeleteSemaphoreExW@@YGXPAHPAM~U
?PutSystemA@@YGGH~U
?FindTask@@YGPAJJ~U
?AddSectionOld@@YGFI~U
?CallFunction@@YGMH~U
?ModifyValueEx@@YGPAHKEG~U
?KillComponentExW@@YGPADPA_NPAFK~U
?RtlArgumentExW@@YGFFPAJ~U
?FreeFunctionA@@YGFDHH~U

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tbl_i
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tbl_e
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bitdat2
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bitdat0
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bitdat1
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vptr4
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 999B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

902d49fb18a40923e3f47d7bc7daec1a

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comdlg32

gdi32

user32

kernel32

comctl32

Exports

Exports

Sections

.text Size: 194KB - Virtual size: 194KB

.tbl_i Size: 1KB - Virtual size: 1KB

.tbl_e Size: 1KB - Virtual size: 1KB

.bitdat2 Size: 5KB - Virtual size: 5KB

.bitdat0 Size: 512B - Virtual size: 32B

.bitdat1 Size: 512B - Virtual size: 44B

.vptr4 Size: 512B - Virtual size: 32B

.data Size: 13KB - Virtual size: 13KB

.rdata Size: 1024B - Virtual size: 999B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 194KB - Virtual size: 194KB

.tbl_i
Size: 1KB - Virtual size: 1KB

.tbl_e
Size: 1KB - Virtual size: 1KB

.bitdat2
Size: 5KB - Virtual size: 5KB

.bitdat0
Size: 512B - Virtual size: 32B

.bitdat1
Size: 512B - Virtual size: 44B

.vptr4
Size: 512B - Virtual size: 32B

.data
Size: 13KB - Virtual size: 13KB

.rdata
Size: 1024B - Virtual size: 999B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 2KB