3dbcd1468fc89ad4f36c9d6fccbe8075_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3dbcd1468fc89ad4f36c9d6fccbe8075_JaffaCakes118
Size

86KB
MD5

3dbcd1468fc89ad4f36c9d6fccbe8075
SHA1

54cee56e2a31d7ce5fd7b0c8fcd04bdbdd9b0210
SHA256

0746b6c9eca19f59d201f3d3c677cecca1dbf88607786702a93a3d69b303f6e5
SHA512

eed87c46e5703df15fcf141e4739538ccec43a94d0f291152ca66c3338991d9f40e839479a587a7a50a4fc8b0db0ecf0bc0372ca17afd3f042d1e54c9a34ab8a
SSDEEP

1536:DPhqJt4DTrRaOmELnhmsErXhq5CbkMtGiSyX4sW2LsAeS:D54tQMOmE7wDDhq0bkGS/z2Li

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3dbcd1468fc89ad4f36c9d6fccbe8075_JaffaCakes118

Files

3dbcd1468fc89ad4f36c9d6fccbe8075_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bd080d8cff12e52e3aa8a053b9f1aafe

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\ccpemenhxJ\lwvPldohYbx\dsfzTexdeqbznC\cbqonekOhl.pdb

Imports

msvcrt

_controlfp
__set_app_type
__p__fmode
strrchr
__p__commode
_amsg_exit
_initterm
putc
atoi
wcstoul
strtol
bsearch
_acmdln
fputs
exit
iswprint
_ismbblead
mbstowcs
wcscoll
_XcptFilter
mktime
_exit
_cexit
fclose
sprintf
__setusermatherr
__getmainargs

kernel32

VirtualProtect
DisconnectNamedPipe
SetPriorityClass
LoadLibraryA
FileTimeToSystemTime
GetTickCount
InitializeCriticalSection
GetExitCodeThread
GetDateFormatW
WaitForSingleObject
GetTempFileNameA
IsValidLanguageGroup
RemoveDirectoryW
GetTempPathA
ExitProcess
CreateSemaphoreA
ReadFile
CopyFileW
SetWaitableTimer
SetNamedPipeHandleState
FindClose

shlwapi

StrToInt64ExW
PathRemoveBlanksW

comdlg32

PrintDlgExW
ChooseFontW

user32

TrackPopupMenu
CreateIconFromResource
RegisterWindowMessageW
DragObject
CreateMenu
SetDlgItemTextW
FindWindowA
GetMenuItemCount
CharToOemA
SetWindowLongW
RegisterClassW
MessageBoxW
GetSysColor
GetParent
DrawStateA
CreatePopupMenu
GetClassLongW
CharLowerW
IsMenu
GetMenuStringA
InsertMenuItemW
CharUpperW
SetRectEmpty
GetClassLongA
ChangeMenuW
GetScrollInfo
ScrollWindow
TranslateAcceleratorW
GetWindowDC
MessageBoxExW
GetDlgItemTextA
RegisterWindowMessageA
EnableWindow
SetFocus
wsprintfA
CharPrevA
GetUpdateRect
OpenDesktopW
InflateRect
mouse_event
SetSysColors
GetMenu
GetDoubleClickTime

gdi32

ResizePalette
GetBitmapBits
SetBkMode
Polyline
GetTextColor
CreateEllipticRgnIndirect
GetCharWidth32W
GetTextAlign
GetCurrentObject
SaveDC
GetStockObject
SetWindowOrgEx
PtVisible
DeleteObject
SetDIBits
CreateDIBitmap
GetBkMode
CreatePalette

Exports

Exports

?EnumConfigExW@@YGEPAKI_N&U
?DeleteFolderPathOriginal@@YGPAXG&U
?Expression@@YGMHPAED&U
?EnumProfileExW@@YGGPAFPA_NGI&U
?FormatProcess@@YGJEPAJJJ&U
?GetVersionA@@YGDPAF&U
?CancelFileNew@@YGIPAJIPAK&U
?IncrementHeightEx@@YGKDJ&U
?IsNotMutantOriginal@@YGPAKIJDPAM&U
?GetPenOld@@YGPAJJGPAI&U
?InsertThread@@YGFPAN&U
?PutConfigExW@@YGGJPAEM&U
?IsOptionA@@YGID&U
?FindEventExW@@YGFMED&U
?AddValueW@@YGIPAFDM&U
?HideCharExW@@YGPA_NIF&U
?IsValidMediaTypeA@@YGXPAJPADEPAE&U
?FormatProcessA@@YGXKEJ&U
?GetStateOld@@YGXPAF&U
?GenerateKeyboardExA@@YGPAXPAF&U
?InsertNameExW@@YGDPAHE&U
?EnumTimeExA@@YGPAKNF&U
?FormatValueNew@@YGXK&U
?CloseScreenOriginal@@YGDFPAEPAN&U
?IsNotScreenOriginal@@YGXEMPAMPAE&U
?FormatOption@@YGX_N&U
?InstallAppNameA@@YGMPAH&U
?IsMutantW@@YGXFPAE&U
?CloseObjectNew@@YGPAIMDPAM&U
?IsNotMemoryExW@@YGXF&U
?CancelDate@@YGJI&U
?CrtHeader@@YGIE&U
?GlobalListItemOriginal@@YGIKIFPAI&U
?FunctionW@@YGXPAN&U
?OnName@@YGFPAHPAMDJ&U
?CancelFilePathOld@@YGMPAI&U
?IsNotConfigW@@YGIFJ_N&U
?CopyTimerExW@@YGPAGI&U
?KillConfigW@@YGXJPAD&U
?HideStateA@@YGKKPAGMPAH&U
?HideArgumentA@@YGFGDPAM&U
?InvalidateFolderW@@YGKPAHI&U
?GetFullNameA@@YGII&U
?CopyConfigNew@@YGPAMPAEFPAIN&U
?RemoveTimeEx@@YGEE&U
?AddMonitorA@@YGKPAF&U
?ShowDataOriginal@@YGNPAKE&U
?InvalidateConfigOriginal@@YGPAXJF&U
?CloseProfile@@YGII&U
?KillDate@@YGPANPAGGPAJPAH&U
?LoadMutexOld@@YGPAXPAH&U
?InvalidateDialogNew@@YGKGIJ&U
?CancelModuleExW@@YGHDPAMIPA_N&U
?IsValidRectW@@YGMPAGPADNPAE&U
?FreeSystemNew@@YGPAIEE&U
?OnEvent@@YGIPAIPAH&U
?SendScreenW@@YGPAMPAI&U
?CancelFullNameEx@@YGMPAFEED&U
?RtlPointOriginal@@YGEPADIK&U
?DialogExA@@YGHIPA_NKPAI&U
?HideDataNew@@YGXEE&U
?SendMessageA@@YGHPAI&U
?RtlWidthA@@YGXPAIIIPAE&U
?KillStateA@@YGENJ&U
?IsValidWindowA@@YGPAXPAFHEPAK&U
?OnDeviceEx@@YGEJE&U
?CloseDialogOriginal@@YGJ_NGM&U
?CrtMessageEx@@YGFMPAI&U
?CrtHeightOriginal@@YGNPAKHPAF&U
?AddWindow@@YGHPAGDPA_N_N&U
?ShowTimerOld@@YGPAIIPA_NJ&U
?CharA@@YGDJ&U
?PutFolderNew@@YGPAXPA_NDPAMI&U
?IsVersionExA@@YGPAIIPAI&U
?CancelFullName@@YGNPAIPADI&U
?SendVersionOld@@YGJMDGPAE&U
?GenerateDataEx@@YGJPAGDI&U
?DecrementDirectoryOriginal@@YGIH_N&U
?GenerateMediaTypeOriginal@@YGJEI&U
?InvalidateProcessExW@@YGPAIPA_NND&U
?AddPoint@@YGPAMMI&U
?InsertAppNameA@@YGNJGF&U
?DecrementComponentExA@@YGPADPAFFPAK&U
?CancelCommandLineOld@@YGIG&U
?HideListExA@@YGFGMMPAI&U
?HideTimeW@@YG_NHDPAG&U
?GlobalOptionW@@YGDD_NPAJM&U
?GenerateHeightOld@@YGPAJI&U
?IncrementArgumentOriginal@@YGPAJG&U
?KillPointerOld@@YGPAJEPAGFPAG&U
?LoadDialogEx@@YGFE&U
?InvalidateAnchorNew@@YGKNMPAJ&U
?CancelWidthOriginal@@YGIDDE&U
?IsValidProviderW@@YGMPAHEE&U
?InsertPenExA@@YGM_NEG&U
?InstallTaskOld@@YGFPAI&U
?HideProvider@@YGPADGPAK&U
?FreeClassOld@@YGPAXNI&U
?KillProviderA@@YGFMI&U
?CopyMutexNew@@YGPAXPAINPA_N&U
?RemoveMessageExW@@YGJPAFPAKPAJ&U
?IsValidAppNameExW@@YGXPAN&U
?GetHeaderA@@YGPAJJPAEKE&U
?InstallHeightNew@@YGFFI&U
?LoadScreenA@@YGPAXEPAKPADPAM&U
?EnumAppName@@YGEEEJF&U
?FormatMonitorExW@@YGXJ&U
?DeleteListNew@@YGEJ&U
?IsValidMonitorExW@@YGXPAJMN&U
?ShowKeyNameOld@@YGPADI&U
?InstallDirectoryA@@YGIPAGK&U
?CloseStringOld@@YGPAXM&U
?PutMonitorEx@@YGJE&U
?ShowObjectA@@YGKEPANMPAJ&U
?IsExpressionEx@@YGDDJJ&U
?RemoveEventOld@@YG_NPAHKE&U
?CloseStateExW@@YGDPADKPANG&U
?PutWindowExW@@YGDHGPAH&U
?DeleteFilePathOriginal@@YGPAXHDD&U
?DecrementTaskNew@@YGFGPAI_NM&U
?InvalidateFunctionEx@@YGPAI_NPAJ&U
?RtlDateTimeEx@@YGDHN_ND&U
?InvalidateCharA@@YGXPAFPAE&U
?CallKeyNameExA@@YGPAMG&U
?OnHeightExW@@YGMPAJ&U
?SendTimeW@@YGPAIKPAMD&U
?PutExpressionNew@@YGXHIPAK&U
?CancelTextOriginal@@YGPAXIIJ&U
?DeleteSizeNew@@YGKPADDF&U
?OnValueA@@YGEPAEPAN&U
?LoadFolderPathW@@YGKNHPAN&U
?PutPointExW@@YGIDPAIPAG&U
?IsMemoryW@@YGKGMJJ&U
?RtlProjectOriginal@@YGEFKM&U
?CrtAppNameW@@YGIPAF&U
?SendChar@@YGDPAD&U
?HideDataEx@@YGJJ&U
?DeleteMemoryEx@@YGPAG_NPAIJI&U
?CancelStateExW@@YGFKPAEG&U
?InsertFullNameEx@@YGPAJPAHPAKIPAI&U
?CloseSystemA@@YGPA_NPAIPAGEPAH&U
?IsStateW@@YGPAKPAEGK&U
?CopyFileOriginal@@YGPA_NID&U
?AddEggLogicDiuyhJD@@YGKPA_WKH@Z
?CallSizeEx@@YGPAGPAIIPAE&U

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.simp
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbug
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.stit
Size: 512B - Virtual size: 508B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.set
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sdbg
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dvar
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dpt
Size: 512B - Virtual size: 349B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wdata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.raw
Size: - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd080d8cff12e52e3aa8a053b9f1aafe

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

shlwapi

comdlg32

user32

gdi32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.simp Size: 2KB - Virtual size: 2KB

.dbug Size: 512B - Virtual size: 28B

.stit Size: 512B - Virtual size: 508B

.set Size: 5KB - Virtual size: 5KB

.sdbg Size: 512B - Virtual size: 80B

.dvar Size: 512B - Virtual size: 44B

.dpt Size: 512B - Virtual size: 349B

.wdata Size: 512B - Virtual size: 260B

.data Size: 1KB - Virtual size: 1KB

.raw Size: - Virtual size: 54KB

.rsrc Size: 49KB - Virtual size: 49KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 21KB

.simp
Size: 2KB - Virtual size: 2KB

.dbug
Size: 512B - Virtual size: 28B

.stit
Size: 512B - Virtual size: 508B

.set
Size: 5KB - Virtual size: 5KB

.sdbg
Size: 512B - Virtual size: 80B

.dvar
Size: 512B - Virtual size: 44B

.dpt
Size: 512B - Virtual size: 349B

.wdata
Size: 512B - Virtual size: 260B

.data
Size: 1KB - Virtual size: 1KB

.raw
Size: - Virtual size: 54KB

.rsrc
Size: 49KB - Virtual size: 49KB

.reloc
Size: 1KB - Virtual size: 1KB