31d271fc8e262bec25b0af2df8773928_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

31d271fc8e262bec25b0af2df8773928_JaffaCakes118
Size

2.1MB
MD5

31d271fc8e262bec25b0af2df8773928
SHA1

89e0010c402b07476eab62fbddcd279b74bb51dd
SHA256

cbd46af08bfcd765fcae576a1bc15831518b8ec6955d44d5d5fbe99f6e943887
SHA512

5c81f0f31db378c923ec3477ed3603637012f8cb9b19f153577e5ea1b2dc44133a171bc0511b2a683dbe60f4ca9afe9574f09067d58418d9528d2c120f183f3c
SSDEEP

49152:MrVSvo9cLzi2BfVJdd0h2eI2M36JLkiCA5iYn6MnwllmG:Mr8lziq9B04N6JL7z/6MD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31d271fc8e262bec25b0af2df8773928_JaffaCakes118

Files

31d271fc8e262bec25b0af2df8773928_JaffaCakes118
.exe windows:5 windows x86 arch:x86

1731b5ca5c742c8cde002e0b47f523c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

P:\ktfgnlG\esfCswjvfly\DhNkDme.pdb

Imports

user32

SetWindowRgn
FrameRect
GetMessageA
GetParent
OemToCharA
CharLowerW
DestroyMenu
LoadBitmapA
InvalidateRgn
GetMenuStringW
IsCharAlphaNumericW
WindowFromPoint
GetUpdateRect
ChangeMenuW
DialogBoxParamW
CharLowerA
IsCharLowerA
InsertMenuA
CheckMenuRadioItem
IsZoomed
CharUpperW
CallWindowProcW
IsWindowUnicode
TileWindows
LoadStringW
SetScrollPos
GetLastActivePopup
InSendMessage
SetWindowPlacement
GetMenuItemRect
ActivateKeyboardLayout
GetKeyboardLayoutList
DrawMenuBar
GetMessageExtraInfo
MoveWindow
GetKeyNameTextW
DispatchMessageA
InvertRect
DefDlgProcW
DestroyAcceleratorTable
SetMenuDefaultItem
LoadAcceleratorsA
GetScrollRange
CharNextExA
GetWindowLongW
DrawEdge
ChildWindowFromPointEx
MessageBoxW
wsprintfA
SetDlgItemTextA
IsIconic
GetMenu
SetScrollInfo
GetKeyboardLayoutNameW
SwitchToThisWindow
SendInput
GetFocus
AdjustWindowRectEx
LoadImageW
ValidateRect
SendDlgItemMessageW
ChildWindowFromPoint
GetDlgItem
GetActiveWindow
SetWindowTextW
CharNextW
DrawFocusRect
DrawStateW
GetSystemMetrics
RedrawWindow
AttachThreadInput
RegisterClassA
DeleteMenu
CreateWindowExA
EnumThreadWindows
CharToOemBuffA
SendDlgItemMessageA
GetWindowRect
FindWindowW
ScreenToClient
MapVirtualKeyW
wsprintfW
GetWindowPlacement
ShowWindowAsync
LoadStringA
GetDCEx
InSendMessageEx
RegisterWindowMessageW
IsCharAlphaA
SetWindowLongA
IsChild
SetScrollRange
AdjustWindowRect
CopyAcceleratorTableW
MapWindowPoints
MessageBoxA
DefFrameProcW
InsertMenuW
CreateIconIndirect
LockWindowUpdate
GetClassInfoA
OffsetRect
GetAsyncKeyState
DrawTextA
IsDialogMessageW
TrackPopupMenu
SetFocus
AllowSetForegroundWindow
GetWindowTextW
GetMenuStringA
mouse_event
InternalGetWindowText
BeginPaint
CharNextA
SetWindowPos
GrayStringW
DialogBoxParamA
SetLastErrorEx
CallWindowProcA
keybd_event
RegisterClassExW
IsWindowEnabled
LoadIconW
CharToOemW
CheckRadioButton

shlwapi

UrlGetPartW

kernel32

GetFileAttributesExW
CancelWaitableTimer
GlobalLock
GetSystemWindowsDirectoryA
CreateFileW
IsBadStringPtrW
lstrlenW
DeleteCriticalSection
LocalAlloc
GetModuleFileNameA
CompareStringW
lstrcatW
TryEnterCriticalSection
CreateSemaphoreA
LockResource
GetModuleFileNameW
GetCommModemStatus
SleepEx
DeviceIoControl
GetDateFormatA
LoadResource
IsBadCodePtr
OpenEventW
GetVersion
EnumSystemLocalesA
GetLocaleInfoA
CloseHandle
GetTempPathA
CreateDirectoryA
TlsSetValue
FormatMessageW
GetSystemTimeAdjustment
InitializeCriticalSection
GetLocalTime
GetThreadPriority
GetFileInformationByHandle
lstrcmpA
FileTimeToLocalFileTime
GetModuleHandleA
SetThreadAffinityMask
GetTickCount
GetCommProperties
RegisterWaitForSingleObject
HeapAlloc
SetFileApisToOEM
LockFile
DefineDosDeviceW
GlobalAddAtomW
FindCloseChangeNotification
EscapeCommFunction
LocalUnlock
LCMapStringW
CreateMailslotW
MulDiv
IsBadWritePtr
GetStartupInfoW
PulseEvent
GetTimeFormatA

msvcrt

clock
fwrite
isdigit
_controlfp
fprintf
iswprint
__set_app_type
towupper
mbstowcs
setvbuf
__p__fmode
localtime
setlocale
__p__commode
gmtime
iswalpha
system
_amsg_exit
floor
wcscpy
fseek
wcspbrk
wcscspn
isalnum
exit
strcspn
fgetc
strerror
towlower
_vsnwprintf
_initterm
wcstombs
_ismbblead
_XcptFilter
_exit
strtoul
wcstoul
_cexit
__setusermatherr
fputc
sscanf
vswprintf
__getmainargs
printf
wcsncmp
free
fclose
srand

Exports

Exports

@$xp$11Forms@TFo:O
@$xp$11TTrayIcon:O
@$xp$12Forms@TFra:O
@$xp$13Forms@TScre:O
@$xp$14Forms@Forms_:O
@$xp$14Forms@IOleFo:O
@$xp$14Forms@TMonit:O
@$xp$15Forms@TPopupW:O
@$xp$15Forms@TPositi:O
@$xp$15Forms@TTileMo:O
@$xp$16Controls@TCurs:O
@$xp$16Forms@PCursorR:O
@$xp$16Forms@TCursorR:O
@$xp$16Forms@TFormCla:O
@$xp$16Forms@TFormSta:O
@$xp$16Forms@TFormSty:O
@$xp$16Forms@THelpEve:O
@$xp$16Forms@TIdleEve:O
@$xp$16Forms@TPopupFo:O
@$xp$16Forms@TPopupMo:O
@$xp$16Forms@TScrollB:O
@$xp$16Forms@TTimerMo:O
@$xp$17Forms@TBorderIc:O
@$xp$17Forms@TCloseEve:O
@$xp$17Forms@TCustomFo:O
@$xp$17Forms@TFocusSta:O
@$xp$17Forms@TGlassFra:O
@$xp$17Forms@TPrintSca:O
@$xp$17Forms@TShowActi:O
@$xp$17Forms@TWindowHo:O
@$xp$18Forms@TApplicati:O
@$xp$18Forms@TBorderIco:O
@$xp$18Forms@TBorderSty:O
@$xp$18Forms@TCloseActi:O
@$xp$18Forms@TCustomFra:O
@$xp$18Forms@TWindowSta:O
@$xp$19Forms@IDesignerHo:O
@$xp$19Forms@TMessageEve:O
@$xp$19Forms@TScrollBarI:O
@$xp$20Forms@TPopupWndArr:O
@$xp$20Forms@TScrollBarKi:O
@$xp$20Forms@TShortCutEve:O
@$xp$20Forms@TShowHintEve:O
@$xp$21Forms@TCustomDockFo:O
@$xp$21Forms@TDefaultMonit:O
@$xp$21Forms@TExceptionEve:O
@$xp$21Forms@TGetHandleEve:O
@$xp$21Forms@TPopupFormArr:O
@$xp$21Forms@TScrollBarSty:O
@$xp$22Forms@TCMHintShowPau:O
@$xp$22Forms@TCloseQueryEve:O
@$xp$22Forms@TCustomFormCla:O
@$xp$22Forms@TFormBorderSty:O
@$xp$22Forms@_TApplication@:O
@$xp$23Forms@TControlScrollB:O
@$xp$23Forms@TCustomActiveFo:O
@$xp$23Forms@TCustomFrameCla:O
@$xp$23Forms@TMonitorDefault:O
@$xp$25Forms@TSettingChangeEve:O
@$xp$26Forms@TScrollingWinContr:O
@$xp$28Forms@TActiveFormBorderSty:O
@$xp$28Lmdbarbase@TLMDBarControll:O
@$xp$30Lmdexplorerbar@TLMDBarDrawIn:O
@$xp$30Lmdexplorerbar@TLMDExplorerB:O
@$xp$31Lmdexplorerbar@TLMDBarPaintIn:O
@$xp$31Lmdexplorerbar@TLMDBarSortEve:O
@$xp$32Lmdbarhtmllabel@TLMDBarHTMLLab:O
@$xp$33Forms@TSetLayeredWindowAttribut:O
@$xp$33Lmdbarhtmllabel@TLMDBarHTMLStri:O
@$xp$33Lmdexplorerbar@TLMDBarHeaderSta:O
@$xp$33Lmdexplorerbar@TLMDBarHeaderSty:O
@$xp$34Lmdexplorerbar@TLMDExplorerBarIt:O
@$xp$35Lmdexplorerbar@TLMDBarDrawInfoEve:O
@$xp$35Lmdexplorerbar@TLMDExplorerBarIte:O
@$xp$35Lmdexplorerbar@TLMDExplorerBarLab:O
@$xp$35Lmdexplorerbar@TLMDExplorerBarPan:O
@$xp$35Lmdexplorerbar@TLMDExplorerBarSty:O
@$xp$37Lmdexplorerbar@TLMDExplorerBarSecti:O
@$xp$37Lmdexplorerbar@TLMDExplorerBarStora:O
@$xp$38Lmdexplorerbar@TLMDExplorerBarSectio:O
@$xp$38Shockwaveflashobjects_tlb@TFlashObje:O
?CreatDlgItemList@@YGKPBDDPAX:O

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.exp
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edit
Size: 1KB - Virtual size: 3.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ixport
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sims
Size: 1024B - Virtual size: 619B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ndat
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1731b5ca5c742c8cde002e0b47f523c5

Headers

File Characteristics

PDB Paths

Imports

user32

shlwapi

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 23KB - Virtual size: 22KB

.exp Size: 3KB - Virtual size: 3KB

.edit Size: 1KB - Virtual size: 3.7MB

.data Size: 2KB - Virtual size: 2KB

.ixport Size: 6KB - Virtual size: 5KB

.sims Size: 1024B - Virtual size: 619B

.ndat Size: 512B - Virtual size: 192B

.tls Size: 512B - Virtual size: 512B

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.text
Size: 23KB - Virtual size: 22KB

.exp
Size: 3KB - Virtual size: 3KB

.edit
Size: 1KB - Virtual size: 3.7MB

.data
Size: 2KB - Virtual size: 2KB

.ixport
Size: 6KB - Virtual size: 5KB

.sims
Size: 1024B - Virtual size: 619B

.ndat
Size: 512B - Virtual size: 192B

.tls
Size: 512B - Virtual size: 512B

.rsrc
Size: 2.0MB - Virtual size: 2.0MB