31d091c9880a838a42e214f3b6247851_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

31d091c9880a838a42e214f3b6247851_JaffaCakes118
Size

219KB
MD5

31d091c9880a838a42e214f3b6247851
SHA1

5f0acda0d3d5440bb9121dc0e548122b977aec61
SHA256

7dd9cba695277bbedfb3fcb746759cfa99a4ccec57e2f8430634e37e8695b325
SHA512

1a42dc58f07afde04a8d936dace58c5b4a92681ccfdbb3d3442c0f609c4f8fe738dee79f1000c29d682c3ca96b7a85bf10c769f5a5c987813503f95700301f91
SSDEEP

6144:2uNzUt+NAnHabhPSaNIf3aDZcSPzMJAEplNAYo/:9NQja96aHDZcSPzuAEpcYo/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
31d091c9880a838a42e214f3b6247851_JaffaCakes118

Files

31d091c9880a838a42e214f3b6247851_JaffaCakes118
.exe windows:5 windows x86 arch:x86

da6d5bcd73068a9dbda31000dc66336b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

H:\awmPejfUg\xwIrcdVRb\CzQaSsZyhgcjH\raybwOVh\QfPiMsDgvxjf.pdb

Imports

msvcrt

floor
strrchr
_controlfp
__set_app_type
__p__fmode
isalnum
clock
malloc
__p__commode
gmtime
wcschr
swscanf
isupper
mktime
setlocale
fputs
fwrite
fclose
_amsg_exit
strtol
_initterm
getenv
_ismbblead
getc
wcstok
wcsstr
_XcptFilter
ungetc
strcpy
putc
isspace
_exit
_cexit
wcscat
swprintf
fputc
puts
wcspbrk
bsearch
__setusermatherr
toupper
__getmainargs
strcoll
atoi

user32

IntersectRect
PostThreadMessageA
wvsprintfW
GrayStringW
OpenIcon
GetDCEx
GetSysColor
InvertRect
GetWindowTextLengthW
SendMessageW
MapVirtualKeyA
IsIconic
SetMenu
GetKeyNameTextW
EnableScrollBar
GetSysColorBrush
CharToOemA
SendDlgItemMessageA
EqualRect
AppendMenuA
CharNextExA
IsCharAlphaNumericW
ShowScrollBar
CharUpperA
SwitchToThisWindow
GetIconInfo
SendMessageTimeoutW
GetFocus
PostQuitMessage
GetSystemMetrics
SetWindowLongW
SetActiveWindow
SetScrollRange
GetWindowDC
SetWindowTextA
DrawIconEx
InvalidateRgn
CreateDialogParamW
HideCaret
CloseDesktop
GetKeyboardType
OemToCharBuffA
GetMessageTime
DrawTextA
GetMenuItemInfoW
ReleaseDC
CharLowerBuffW
DrawStateA
CreateWindowExA
DestroyAcceleratorTable
UnloadKeyboardLayout
GetUserObjectInformationW
SetDlgItemInt
ChangeMenuW
CharNextW
ValidateRect
LoadImageA
GetSubMenu
GetScrollRange
GetMessageExtraInfo
BeginPaint
SystemParametersInfoA
PostMessageW
DrawStateW
CheckDlgButton
LoadCursorW
SendDlgItemMessageW
GetWindowTextW
AppendMenuW
PostThreadMessageW
RedrawWindow
CreateCaret
SetSysColors
GetDialogBaseUnits
GetWindowRect
DrawEdge
RegisterWindowMessageW
mouse_event
GetParent
SetScrollInfo
GetClassInfoExA
IsDialogMessageW
GetKeyboardLayoutList
SetForegroundWindow
SendMessageTimeoutA
DrawFrameControl
GetUserObjectInformationA
GetMenuStringA
SetMenuDefaultItem
SetDlgItemTextA
GetKeyboardLayout
DrawIcon
GetClassInfoExW
OpenInputDesktop
SetCaretPos
LookupIconIdFromDirectory
UnionRect
WaitForInputIdle
DefFrameProcA
LoadMenuA
DestroyMenu
LoadCursorA
ChildWindowFromPointEx
EnumWindows
LoadStringA
IsWindow
InsertMenuW
DrawTextW
DrawFocusRect
InflateRect
IsCharLowerA

kernel32

SetFilePointer
GlobalCompact
CompareStringA
LocalUnlock
OpenEventA
ConnectNamedPipe
FileTimeToLocalFileTime
GetWindowsDirectoryA
FindNextChangeNotification
UnlockFile
GetUserDefaultUILanguage
LoadResource
CreateWaitableTimerA
RtlUnwind
FormatMessageW
SetMailslotInfo
FormatMessageA
lstrcmpiW
SetSystemTimeAdjustment
SetFileAttributesA
FlushFileBuffers
LocalAlloc
EnterCriticalSection
GetCurrentDirectoryW
LCMapStringW
VirtualProtect
DeleteFileA
FreeResource
CreateEventA
CreateMailslotW
GetStdHandle
CreatePipe
CreateFileMappingA
lstrcpynW
HeapFree
TlsGetValue
GetFileAttributesExW
EscapeCommFunction
HeapAlloc
MultiByteToWideChar
WriteFile
AddAtomA
GetDateFormatW
CreateThread
CancelIo
HeapLock
QueryDosDeviceW
GetCommTimeouts
FindResourceW
LockResource
GetProcessHeap
CreateNamedPipeA
EnumResourceNamesW
OpenFile

comdlg32

ChooseColorW
PageSetupDlgW
GetFileTitleW
FindTextW
PrintDlgExW

gdi32

GetObjectA
SetBitmapBits
SelectPalette
CreateDiscardableBitmap
GetPaletteEntries
SelectObject
GetTextExtentPointW
TextOutW
StartDocW
SetPixel
StretchDIBits
OffsetViewportOrgEx
ExtTextOutA
PtVisible
SetMapMode
GetBitmapBits
GetROP2
RectVisible
SetBkColor
EnumFontFamiliesW
GetTextMetricsW
SetWindowOrgEx
GetObjectW
CreatePen
GetSystemPaletteEntries
SetTextAlign
ScaleWindowExtEx
GetTextMetricsA
CreateSolidBrush
ExcludeClipRect
SetBkMode
DPtoLP
PtInRegion
SetPaletteEntries
UnrealizeObject
TranslateCharsetInfo
GetStockObject
CreateFontIndirectA
GetSystemPaletteUse
GetFontData
GetLayout
EndDoc
GetCurrentObject
CreateFontIndirectW
GetDIBits
GetNearestPaletteIndex
CreatePolygonRgn

psapi

GetProcessImageFileNameA

Exports

Exports

?IsFullName@@YGPAGNDPAMD]A
?FindString@@YGPAIPAM_NPAID]A
?GetPointExW@@YGPAXHNEPAH]A
?RemoveMessageA@@YGIG_NHJ]A
?HideProviderExW@@YGNPAJPAG]A
?IsTimerNew@@YGXGKNPAF]A
?GetFolder@@YGFHPAM]A
?GetStringExW@@YG_NMPAIN]A
?CancelDialog@@YGJKDK]A
?InsertHeaderExW@@YGPAJHPA_N]A
?IsNotDialogW@@YGPAX_NDHE]A
?CancelCommandLineEx@@YGED]A
?KillPointerNew@@YGIJ]A
?IsNotDialogExW@@YGPAINKPA_N]A
?LoadMutantW@@YGPAXM]A
?InstallHeaderEx@@YGIHPADH]A
?DeletePathEx@@YGGPAGGK]A
?InvalidatePathNew@@YGHEKDPAD]A
?ShowDateTimeNew@@YGKKJI]A
?EnumListOld@@YGIKIPAKPAM]A
?RemoveArgumentA@@YGPANPANEPAK]A
?GlobalFilePathExA@@YGEN]A
?DecrementTimerOld@@YGPAGPAFEEE]A
?FormatFilePathOld@@YGPAXPAGH]A
?RemoveHeightExA@@YGEIFPAGPAD]A
?RemoveProjectExW@@YGPAGPAKPAMPAKPAI]A
?ShowWindowInfo@@YGEPAKPAKD]A
?InvalidateFullNameA@@YGGF_N]A
?State@@YGFNPAHPAJPAH]A
?DecrementSemaphoreNew@@YGID]A
?InsertMediaTypeOld@@YGEIPAGPAH_N]A
?GetFileOriginal@@YGGKPAD]A
?OnProfileOriginal@@YGEIPAMM]A
?InsertProjectOld@@YGJHIPAI]A
?HideCommandLineA@@YGGNPAJG]A
?GenerateDataA@@YGPAGD]A
?CallCommandLineW@@YGPAXE]A
?CopyDateExA@@YGHGPAMH]A

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da6d5bcd73068a9dbda31000dc66336b

Headers

File Characteristics

PDB Paths

Imports

msvcrt

user32

kernel32

comdlg32

gdi32

psapi

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 192KB

.data Size: 23KB - Virtual size: 23KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 192KB - Virtual size: 192KB

.data
Size: 23KB - Virtual size: 23KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 1KB