36364914e388411f2825601cf1d86525_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

36364914e388411f2825601cf1d86525_JaffaCakes118
Size

140KB
MD5

36364914e388411f2825601cf1d86525
SHA1

304a42872a239c4292bb326406907f0ffafdf924
SHA256

49be6d1717ff3adad89a71c4c7a0f9ff5e417c1aa7506ec518a235cf9f6d1c35
SHA512

c89ef98af2898fc475797e188eb831f48c46d334f834e5cff15ee3e2101a960d9a8a291daa49d34d1521375c298c59bda28215e02b35522471730c9ff6d9cb3d
SSDEEP

3072:7HjtJPT81W+oYCUn1abwbicy300gP4Sw9PEfkQpOAN:77bc1QwGce0iSw9PE8zAN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
36364914e388411f2825601cf1d86525_JaffaCakes118

Files

36364914e388411f2825601cf1d86525_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9ca4e6b7645e5eb136ada7c3ce3b2ed9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Y:\UoyZzumdfxfFg\cqptZBSYxve\uuQQmvwrGvkq.pdb

Imports

shlwapi

PathIsUNCA

comdlg32

PrintDlgW
ChooseColorW
GetSaveFileNameA
ChooseFontW
GetOpenFileNameW

user32

SendMessageA
GetFocus
LoadImageW
DestroyCaret
GetKeyboardLayoutList
GetClassInfoExA
ShowScrollBar
CharUpperBuffA
CreateAcceleratorTableW
SetWindowPlacement
GetNextDlgTabItem
SendNotifyMessageW
RemoveMenu
wsprintfA
DrawFrameControl
SendDlgItemMessageW
MessageBoxExW
GetWindow
FindWindowExW
GetMenuItemInfoW
UpdateWindow
GetMenuItemRect
SetLastErrorEx
InflateRect
DrawTextA
IsZoomed
DeferWindowPos
GetNextDlgGroupItem
RegisterHotKey
IsDialogMessageA
IsCharUpperA
DialogBoxIndirectParamA
GetUpdateRect
PostThreadMessageA
GetSystemMenu
CallWindowProcA
SetWindowPos
SystemParametersInfoA
CreatePopupMenu
SetPropW
ChildWindowFromPointEx
LockWindowUpdate
GetUserObjectInformationA
AppendMenuA
GetClassInfoExW
InsertMenuItemW
IsDialogMessageW
LoadCursorA
DispatchMessageW
GetMenuItemID
GetIconInfo
GetCaretPos
EnableWindow
ReplyMessage
WindowFromPoint
GetMessageW
GetTopWindow
ScrollWindowEx
DrawEdge
FillRect
GetMonitorInfoW
RegisterWindowMessageW
BeginPaint
ArrangeIconicWindows
RegisterWindowMessageA
SendInput
SetMenu
MapVirtualKeyA
GetMessageExtraInfo
DestroyMenu
AllowSetForegroundWindow
InSendMessage
RemovePropW
SetForegroundWindow
DrawStateA
OpenIcon
CharLowerBuffW
MonitorFromRect
GetCursorPos
RegisterClassW
CheckMenuItem
BeginDeferWindowPos
SetDlgItemTextA
GetDlgItem
IsCharAlphaW
CreateDialogParamW
OemToCharBuffA
LoadMenuA
GetMenuState
GetWindowTextLengthW
CheckRadioButton
DefWindowProcA
DefFrameProcA
IsWindowUnicode
GetKeyState
CharToOemA
TileWindows
DestroyAcceleratorTable
IsWindow
DrawMenuBar
MapVirtualKeyExW
DestroyIcon
GetClipCursor
MessageBoxW
LoadIconW
ScrollWindow
SetCursorPos
ModifyMenuW
GetPropW
HiliteMenuItem
InvalidateRgn
AppendMenuW
EndDialog
SetWindowLongW
TranslateMessage
MessageBoxExA
ValidateRect
LoadImageA
CopyRect
GetClassLongW
SetRect

msvcrt

atoi
strcspn
vsprintf
isalnum
strtok
perror
strncpy
free
wcscspn
fwrite
_controlfp
time
iswdigit
__set_app_type
wcstod
fread
isdigit
__p__fmode
toupper
printf
__p__commode
_amsg_exit
puts
_initterm
fseek
clearerr
isupper
_ismbblead
towlower
malloc
isxdigit
setvbuf
fputs
mbstowcs
_XcptFilter
memset
atol
strerror
strtoul
_exit
swprintf
_cexit
fgets
__setusermatherr
iswctype
__getmainargs
qsort
realloc
wcstoul
strrchr

kernel32

TlsGetValue
FreeResource
RemoveDirectoryW
Sleep
LCMapStringW
CreateNamedPipeA
SetFilePointer
ResumeThread
CreatePipe
lstrcpyA
GetStartupInfoA
lstrlenW
GetCommConfig
AreFileApisANSI
GetWindowsDirectoryA
RegisterWaitForSingleObject
SetSystemTime
VirtualFree
WaitCommEvent
SetPriorityClass
GetFileAttributesExW
lstrcatW
TlsSetValue
VirtualProtect
GlobalFindAtomW
FileTimeToDosDateTime
IsBadWritePtr
GetTimeFormatA
CreateWaitableTimerA
GlobalMemoryStatus
SetFileTime
SuspendThread
SetHandleInformation
GetShortPathNameA
OpenFile
ResetEvent
GetCommState
FormatMessageW
CreateEventA
HeapWalk
RemoveDirectoryA
SetThreadPriority
GetLastError
SearchPathW
InitializeCriticalSection
GlobalAddAtomW
GetBinaryTypeA
GetSystemDefaultUILanguage
ExitThread
DeleteFileA
SetTimerQueueTimer
VirtualQuery
GetDateFormatA
EnumSystemLocalesA
DisconnectNamedPipe

Exports

Exports

?ForwardControlItem@@YGK_KK:O

Sections

.itext
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ips1
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ips2
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.read
Size: 1024B - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ips3
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ips4
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9ca4e6b7645e5eb136ada7c3ce3b2ed9

Headers

File Characteristics

PDB Paths

Imports

shlwapi

comdlg32

user32

msvcrt

kernel32

Exports

Exports

Sections

.itext Size: 21KB - Virtual size: 21KB

.ips1 Size: 6KB - Virtual size: 5KB

.ips2 Size: 512B - Virtual size: 88B

.read Size: 1024B - Virtual size: 124KB

.ips3 Size: 1024B - Virtual size: 704B

.data Size: 3KB - Virtual size: 2KB

.ips4 Size: 31KB - Virtual size: 31KB

.rsrc Size: 73KB - Virtual size: 72KB

.reloc Size: 2KB - Virtual size: 1KB

.itext
Size: 21KB - Virtual size: 21KB

.ips1
Size: 6KB - Virtual size: 5KB

.ips2
Size: 512B - Virtual size: 88B

.read
Size: 1024B - Virtual size: 124KB

.ips3
Size: 1024B - Virtual size: 704B

.data
Size: 3KB - Virtual size: 2KB

.ips4
Size: 31KB - Virtual size: 31KB

.rsrc
Size: 73KB - Virtual size: 72KB

.reloc
Size: 2KB - Virtual size: 1KB