33619518a5453e2adbafbe3d6bb40514_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

33619518a5453e2adbafbe3d6bb40514_JaffaCakes118
Size

946KB
MD5

33619518a5453e2adbafbe3d6bb40514
SHA1

b73ef15f5d9180ba8f75f17d721a99bc5a4841f4
SHA256

90e756d8e3ad3d5882ddfcdd53134b4a4a9532b807c8888434cff578ca39c2bd
SHA512

c7592e65140f7181c410f26c253be6a0473428a40f7cd959d332bd4d5926486f0183455d13b4c989eafe8b58802a48d15cd60cab496bccaf83b1e2b4ca13fc14
SSDEEP

12288:5P72apyiwiaE51qviizQBODAFZCYylk25ZERX7s5Zx5Z25ZO:5TDpKm5kRzAFncToc5Yw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
33619518a5453e2adbafbe3d6bb40514_JaffaCakes118

Files

33619518a5453e2adbafbe3d6bb40514_JaffaCakes118
.exe windows:6 windows x86 arch:x86

ebcd9ab2dcb5c560eb2451ccd9cf584b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

mblctr.pdb

Imports

advapi32

TraceMessage
RegCloseKey
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
TraceEvent
RegEnumKeyExW
RegCreateKeyExW
RegQueryInfoKeyW
RegGetValueW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
EventRegister
EventUnregister
EventWrite

kernel32

LocalAlloc
GetSystemPowerStatus
FormatMessageW
SetEvent
DeleteCriticalSection
CreateEventW
InitializeCriticalSection
LocalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
WaitForSingleObject
GetSystemDirectoryW
CreateProcessW
ExpandEnvironmentStringsW
FlushInstructionCache
GetVersionExA
InterlockedExchange
MulDiv
CreateThread
OutputDebugStringA
LoadLibraryW
EnterCriticalSection
GetCurrentProcess
HeapSetInformation
GetCurrentThreadId
SetLastError
CloseHandle
RegisterApplicationRestart
ReleaseMutex
CreateMutexW
lstrcmpW
GetCommandLineW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
LeaveCriticalSection
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc
Sleep
RaiseException

gdi32

GetObjectW
Polygon
GetBkColor
SetBkColor
GetTextExtentPoint32W
CreateRectRgn
SelectClipRgn
GetLayout
SetLayout
SetViewportOrgEx
SetBrushOrgEx
BitBlt
GdiGradientFill
SetDCPenColor
MoveToEx
LineTo
CreateDIBSection
DeleteDC
GetTextMetricsW
SelectObject
CreateCompatibleDC
CreateFontIndirectW
DeleteObject
CreateSolidBrush
GetDeviceCaps
GetStockObject
SetBkMode
SetTextColor
GdiAlphaBlend

user32

QueryDisplayConfig
GetDisplayConfigBufferSizes
ValidateRect
EndPaint
BeginPaint
PtInRect
SetRect
DrawEdge
UnregisterClassA
GetDC
ReleaseDC
SetClassLongW
NotifyWinEvent
GetKeyState
GetFocus
GetDlgCtrlID
CallNextHookEx
IsWindowEnabled
DrawTextW
SetWindowPos
GetWindowInfo
MonitorFromRect
GetMonitorInfoW
SetScrollInfo
GetScrollInfo
SendDlgItemMessageW
SetTimer
InvalidateRect
UpdateWindow
GetActiveWindow
GetNextDlgTabItem
GetWindowPlacement
GetWindowRect
UnhookWindowsHookEx
MoveWindow
FillRect
DrawFocusRect
CopyRect
InflateRect
DrawIconEx
DefWindowProcW
GetWindowLongW
GetParent
CreateWindowExW
GetClientRect
MapWindowPoints
OffsetRect
DestroyWindow
FindWindowW
SetForegroundWindow
GetForegroundWindow
IsIconic
ShowWindow
GetClassInfoW
RegisterClassW
LoadIconW
KillTimer
EnableWindow
SetDlgItemTextW
GetWindowTextW
SetWindowTextW
CallWindowProcW
SetWindowsHookExW
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetClassLongW
ScrollWindow
FrameRect
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnregisterClassW
CreateDialogParamW
EnumDisplayDevicesW
PostQuitMessage
GetIconInfo
AllowSetForegroundWindow
LoadImageW
DestroyIcon
SendMessageW
GetDlgItem
PostMessageW
LoadStringW
EnumDisplaySettingsExW
ChangeDisplaySettingsExW
LoadCursorW
GetSysColor
GetSystemMetrics
SystemParametersInfoW
GetSysColorBrush
SetWindowLongW
EnumChildWindows

msvcrt

_unlock
_except_handler4_common
__dllonexit
realloc
??1type_info@@UAE@XZ
__set_app_type
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_ftol2
_purecall
__RTDynamicCast
memcpy
wcstok
wcstol
wcscspn
_wcsicmp
free
memmove_s
??_U@YAPAXI@Z
__CxxFrameHandler3
ceil
_ftol2_sse
??2@YAPAXI@Z
_lock
_onexit
?terminate@@YAXXZ
_controlfp
_vsnwprintf
memset
??_V@YAXPAX@Z
??3@YAXPAX@Z
_errno
__p__fmode

oleaut32

SysAllocString
VariantInit
VariantClear
SafeArrayGetElement
SysFreeString

powrprof

PowerSetActiveScheme
PowerReadDCValue
PowerSettingAccessCheck
GetPwrCapabilities
PowerGetActiveScheme
PowerDeterminePlatformRole
PowerReadFriendlyName

batmeter

GetBatteryStatusText
BatMeterOnDeviceChange
CreateBatteryData
SubscribeBatteryUpdateNotification
CleanupBatteryData
UnsubscribeBatteryUpdateNotification
QueryBatteryData
SetBatteryLevel
UpdateBatteryDataAsync

winmm

waveOutGetNumDevs
PlaySoundW

shell32

ord100
ord155
ShellExecuteExW
SHGetKnownFolderIDList
DuplicateIcon
ShellExecuteW

shlwapi

StrTrimW
PathRemoveBlanksW
PathGetArgsW
ord618
ord219
PathFileExistsW
ord437

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoSetProxyBlanket
CoInitializeSecurity
CreateStreamOnHGlobal
CLSIDFromString

slc

SLGetWindowsInformationDWORD

rpcrt4

UuidFromStringW

gdiplus

GdipCloneImage
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipImageRotateFlip
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipFree
GdipAlloc
GdiplusStartup
GdiplusShutdown
GdipDeletePen
GdipCreatePen1
GdipCreateLineBrush
GdipCloneBrush
GdipFillPath
GdipFillRectangle
GdipDrawLine
GdipSetSmoothingMode
GdipDeleteGraphics
GdipDeleteBrush
GdipCreateSolidFill
GdipDeletePath
GdipAddPathLine
GdipCreateFromHDC
GdipCreatePath

uxtheme

CloseThemeData
GetThemeColor
OpenThemeData
BufferedPaintUnInit
BufferedPaintInit
EndBufferedPaint
BufferedPaintSetAlpha
BeginBufferedPaint
DrawThemeTextEx
DrawThemeText
GetThemeTextExtent
GetThemeBackgroundContentRect
GetThemePartSize
DrawThemeBackground

wlanapi

WlanCloseHandle
WlanRegisterNotification
WlanGetInterfaceCapability
WlanQueryInterface
WlanOpenHandle
WlanEnumInterfaces
WlanSetInterface
WlanFreeMemory

wmi

WmiQueryAllDataW
WmiCloseBlock
WmiExecuteMethodW
WmiOpenBlock
WmiQuerySingleInstanceW
WmiNotificationRegistrationW

comctl32

ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
ImageList_DrawIndirect
ord344
ord345

dwmapi

DwmExtendFrameIntoClientArea
DwmIsCompositionEnabled

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

ntdll

EtwTraceMessage

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 781KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

njfoioa
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ebcd9ab2dcb5c560eb2451ccd9cf584b

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

gdi32

user32

msvcrt

oleaut32

powrprof

batmeter

winmm

shell32

shlwapi

ole32

slc

rpcrt4

gdiplus

uxtheme

wlanapi

wmi

comctl32

dwmapi

wtsapi32

ntdll

Sections

.text Size: 125KB - Virtual size: 124KB

.data Size: 2KB - Virtual size: 4KB

.rsrc Size: 781KB - Virtual size: 780KB

.reloc Size: 37KB - Virtual size: 38KB

njfoioa Size: - Virtual size: 4KB

.text
Size: 125KB - Virtual size: 124KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 781KB - Virtual size: 780KB

.reloc
Size: 37KB - Virtual size: 38KB

njfoioa
Size: - Virtual size: 4KB