2d26355e8b16e8d8d05824aac21815c7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2d26355e8b16e8d8d05824aac21815c7_JaffaCakes118
Size

243KB
MD5

2d26355e8b16e8d8d05824aac21815c7
SHA1

f5372b6bac522a77e2f1d0a2815bfa9a05f91e06
SHA256

cefe314d180d243878ae9e0653ef9ef17824e03635c8803754d2e6d6d4783a1e
SHA512

f7e984cd479fd1b4f8e6c2ddb6c9deb7817dd39fd6a6ccdf264df95eaaaa799b678aa42a098c7f000518f5a122e5555d454f493444d527c2fdc526962f8fa951
SSDEEP

3072:aoA2C33d8mHfSQZVnkfX9gVewvLi6yWFLsojWMCk6H8Chq+eE1LoACF9SJQNX3ZE:iD33+mHfSkFkfydzyqMvjE7wMfwwxP4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d26355e8b16e8d8d05824aac21815c7_JaffaCakes118

Files

2d26355e8b16e8d8d05824aac21815c7_JaffaCakes118
.dll windows:5 windows x86 arch:x86

a7749dbee9f6101268b6fc01b6b578dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

uxtheme.pdb

Imports

msvcrt

wcsstr
swscanf
wcschr
_vsnwprintf
memmove
free
??2@YAPAXI@Z
realloc
_wsplitpath
_ftol
floor
_adjust_fdiv
malloc
_initterm
_except_handler3
??3@YAXPAX@Z

ntdll

NtConnectPort
RtlInitUnicodeString
NtRequestWaitReplyPort
RtlUnhandledExceptionFilter
RtlCreateUserThread
NtQueryInformationProcess
RtlInitializeCriticalSection

kernel32

QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
IsBadCodePtr
SetUnhandledExceptionFilter
SizeofResource
LoadResource
LockResource
GetFileAttributesW
ReadFile
GetFileSize
ExpandEnvironmentStringsW
GetProcAddress
ReleaseActCtx
DeactivateActCtx
ActivateActCtx
FindFirstFileW
FindNextFileW
FindClose
IsBadStringPtrW
IsBadWritePtr
WaitForSingleObject
GetExitCodeThread
CreateFileMappingW
ExitThread
IsDebuggerPresent
GetACP
MapViewOfFile
GetCurrentProcess
DuplicateHandle
CreateSemaphoreW
UnmapViewOfFile
GetSystemDirectoryW
GetFullPathNameW
InterlockedExchange
GetModuleHandleW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
InterlockedCompareExchange
InterlockedDecrement
IsBadReadPtr
InterlockedIncrement
lstrcmpW
GetSystemInfo
VirtualFree
GetUserDefaultUILanguage
GetFileTime
LoadLibraryW
LocalAlloc
GetCurrentThread
CreateThread
FreeLibrary
LocalFree
FreeLibraryAndExitThread
lstrcpynW
VirtualAlloc
SetLastError
GetAtomNameW
GetLastError
MulDiv
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameW
CreateFileW
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
lstrcmpiW
lstrlenW
WriteFile
WideCharToMultiByte
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
CreateActCtxW
LoadLibraryExW
GetStringTypeW
SetFilePointer
FindResourceW
AddAtomW
DeleteAtom
MultiByteToWideChar
CompareStringW
UnhandledExceptionFilter

user32

GetSubMenu
LoadMenuW
NotifyWinEvent
InvertRect
DrawFrameControl
SetTimer
GetDoubleClickTime
GetMessagePos
DispatchMessageW
TranslateMessage
CallMsgFilterW
GetMessageW
ShowCaret
KillTimer
GetKeyState
EnableWindow
GetScrollInfo
DestroyMenu
TrackPopupMenuEx
SystemParametersInfoA
SystemParametersInfoW
AdjustWindowRectEx
RegisterUserApiHook
UnregisterUserApiHook
GetScrollBarInfo
GetClassInfoW
LoadCursorW
RegisterClassW
CreateWindowExW
SetWindowTextW
DestroyWindow
IsServerSideWindow
LoadStringW
PaintMenuBar
SetWindowPos
GetMenuBarInfo
GetMenuItemCount
DrawMenuBar
TrackMouseEvent
DrawIconEx
IsWindowVisible
DrawEdge
SetCapture
MsgWaitForMultipleObjectsEx
PeekMessageW
ReleaseCapture
GetCapture
LoadIconW
InflateRect
CalcMenuBar
GetForegroundWindow
IsZoomed
MonitorFromWindow
GetMonitorInfoW
InvalidateRect
DrawTextW
GetClientRect
GetSysColorBrush
IsWindowInDestroy
SetWindowRgn
WindowFromDC
GetParent
GetWindowInfo
SetMenuItemInfoW
DefWindowProcW
DefFrameProcW
OffsetRect
GetWindowRect
InternalGetWindowText
GetWindowTextW
SetRectEmpty
GetSysColor
GetWindowRgnBox
GetClassLongW
GetTitleBarInfo
GetSystemMenu
GetMenuItemInfoW
SendMessageW
GetDCEx
IsRectEmpty
GetAncestor
MapWindowPoints
GetDesktopWindow
PostMessageW
SetSysColors
GetDC
GetClassNameW
EnumDesktopsW
OpenDesktopW
EnumDesktopWindows
CloseDesktop
GetWindow
EnumChildWindows
GetWindowLongW
SetWindowLongW
RemovePropW
SetPropW
GetPropW
GetWindowThreadProcessId
DrawTextExW
GetWindowDC
ReleaseDC
GetGUIThreadInfo
GetProcessWindowStation
GetUserObjectInformationW
GetSystemMetrics
CopyRect
PtInRect
IntersectRect
FillRect
SetRect
IsWindow
IsChild
CharNextW
SendMessageTimeoutW
GetThreadDesktop
EnumDisplaySettingsW
EnumDisplayDevicesW
LoadImageW
IsCharAlphaNumericW
IsIconic

gdi32

Rectangle
GetStockObject
CreateSolidBrush
CreatePen
IntersectClipRect
GetBkColor
ExtTextOutW
SetBkColor
PathToRegion
CreateFontIndirectW
PtInRegion
Arc
GetObjectW
DeleteDC
StretchBlt
SetStretchBltMode
SetLayout
CreateCompatibleDC
GetDeviceCaps
GetLayout
RoundRect
SetTextColor
SetBkMode
GetRgnBox
CreateRectRgnIndirect
CreatePatternBrush
GetTextExtentPoint32W
SetBrushOrgEx
GetClipBox
ExcludeClipRect
SetTextAlign
GetTextAlign
CreateCompatibleBitmap
RectVisible
CreateFontW
SetDIBits
CreateDIBSection
ExtCreateRegion
CombineRgn
OffsetRgn
CreateBitmap
GetTextColor
StrokeAndFillPath
AbortPath
GetTextMetricsW
SetViewportOrgEx
GetViewportOrgEx
GdiGradientFill
GdiDrawStream
ClearBitmapAttributes
BeginPath
Ellipse
EndPath
SelectClipPath
BitBlt
SelectClipRgn
CreateRectRgn
GetClipRgn
SelectObject
CreateDIBitmap
GetDIBits
GetRegionData
DeleteObject

advapi32

CryptVerifySignatureW
CryptHashData
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptCreateHash
RegQueryValueExW
RegOpenCurrentUser
OpenProcessToken
GetTokenInformation
RegCreateKeyExW
RegEnumValueW
RegDeleteValueW
OpenThreadToken
ImpersonateLoggedOnUser
RevertToSelf
RegSetValueExW
RegOpenKeyExW
RegCloseKey

Exports

Exports

CloseThemeData
DrawThemeBackground
DrawThemeBackgroundEx
DrawThemeEdge
DrawThemeIcon
DrawThemeParentBackground
DrawThemeText
EnableThemeDialogTexture
EnableTheming
GetCurrentThemeName
GetThemeAppProperties
GetThemeBackgroundContentRect
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBool
GetThemeColor
GetThemeDocumentationProperty
GetThemeEnumValue
GetThemeFilename
GetThemeFont
GetThemeInt
GetThemeIntList
GetThemeMargins
GetThemeMetric
GetThemePartSize
GetThemePosition
GetThemePropertyOrigin
GetThemeRect
GetThemeString
GetThemeSysBool
GetThemeSysColor
GetThemeSysColorBrush
GetThemeSysFont
GetThemeSysInt
GetThemeSysSize
GetThemeSysString
GetThemeTextExtent
GetThemeTextMetrics
GetWindowTheme
HitTestThemeBackground
IsAppThemed
IsThemeActive
IsThemeBackgroundPartiallyTransparent
IsThemeDialogTextureEnabled
IsThemePartDefined
OpenThemeData
SetThemeAppProperties
SetWindowTheme

Sections

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a7749dbee9f6101268b6fc01b6b578dc

Headers

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernel32

user32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 188KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 38KB - Virtual size: 38KB

.text
Size: 188KB - Virtual size: 188KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 38KB - Virtual size: 38KB