438f79ff064a79137eca584cd7d9dca6_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

438f79ff064a79137eca584cd7d9dca6_JaffaCakes118
Size

720KB
MD5

438f79ff064a79137eca584cd7d9dca6
SHA1

f848cfe40a888ae30e60226903c5d4a2a26c3525
SHA256

3049ef725de334cce130c8405dd44d9a5e2a339629ac724cee4eb7b440a3d6ab
SHA512

e08ab769d1e3b909020842fca7b1ab373bf25d02064bd8faa7b7b5d0d0d71bc8b036e48011704f7b6e0625f7b61a4ce6ba12ac1b02671b0513a6371d7e5c1cd1
SSDEEP

12288:izSLJHEig7H2GOcBgtd7DRR9EHDy1DnRzkwNcqiBbfZYayuBqSk32K1TISztxQxt:kmngr2hcytd7DRR9WanRzv2qiBbfZYqX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
438f79ff064a79137eca584cd7d9dca6_JaffaCakes118

Files

438f79ff064a79137eca584cd7d9dca6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0abf5604c2948704943421d0c8e9fc5f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\dwnaeoyaq.PDB

Imports

comdlg32

GetSaveFileNameW
ChooseColorA
ReplaceTextW
GetOpenFileNameW

comctl32

ImageList_GetImageRect
ImageList_DragMove
MakeDragList
CreateToolbar
CreateStatusWindow
DrawStatusTextW
ImageList_GetFlags
ImageList_SetFlags
ImageList_DrawIndirect
ImageList_LoadImageA
CreateMappedBitmap
InitCommonControlsEx
InitMUILanguage
ImageList_LoadImage
CreatePropertySheetPageW
ImageList_Destroy
ImageList_SetOverlayImage
ImageList_DragLeave
ImageList_Copy
ImageList_DragEnter

kernel32

GetLastError
GetCommandLineA
FreeEnvironmentStringsW
GetCurrentThread
ReadFile
TlsSetValue
EnumDateFormatsExA
GetLocaleInfoA
CreateEventA
HeapCreate
CreateSemaphoreW
FindNextFileA
GetCurrentProcess
ExpandEnvironmentStringsA
SetHandleCount
UnmapViewOfFile
VirtualFree
LocalFree
GetStringTypeW
GetStartupInfoW
EnumCalendarInfoW
TlsAlloc
GetModuleFileNameA
IsValidLocale
GlobalReAlloc
SetLastError
SetEnvironmentVariableW
ExitProcess
GetCommandLineW
GetFileType
GlobalGetAtomNameA
GetStdHandle
MultiByteToWideChar
InterlockedExchange
GetProcessShutdownParameters
TlsFree
GetWindowsDirectoryW
UnhandledExceptionFilter
HeapFree
GetPrivateProfileStringW
VirtualProtect
WaitNamedPipeW
WideCharToMultiByte
lstrlenW
LeaveCriticalSection
GetStartupInfoA
LCMapStringW
FindClose
TerminateProcess
WriteConsoleInputW
GlobalFindAtomA
GetTickCount
GetEnvironmentStrings
VirtualAlloc
SetEnvironmentVariableA
RtlUnwind
LCMapStringA
GetCurrentProcessId
CreateMutexA
GetSystemInfo
IsValidCodePage
IsBadWritePtr
GlobalFix
LoadLibraryW
GetThreadPriority
TlsGetValue
LoadLibraryExA
GetACP
CreateProcessA
GetVolumeInformationA
HeapSize
GetStringTypeA
SetConsoleTitleA
LoadLibraryA
DebugActiveProcess
EnumDateFormatsW
FlushFileBuffers
GetOEMCP
GetLocaleInfoW
ReadConsoleOutputAttribute
WriteFile
OpenMutexA
FindAtomA
GetDateFormatA
CloseHandle
lstrlen
GetCPInfo
GetTimeZoneInformation
DeleteCriticalSection
lstrcpyW
GetVersionExA
GetModuleFileNameW
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
SetStdHandle
VirtualQuery
GetTimeFormatA
EnumTimeFormatsA
EnumResourceTypesA
EnumSystemLocalesA
CommConfigDialogA
VirtualAllocEx
SetFilePointer
HeapDestroy
OpenFileMappingA
GetEnvironmentStringsW
GetModuleHandleA
MoveFileExA
HeapAlloc
QueryPerformanceCounter
EnterCriticalSection
GetCurrentThreadId
GetProcAddress
CompareStringW
MoveFileW
InitializeCriticalSection
HeapReAlloc
CompareStringA
GetUserDefaultLCID

user32

SendMessageA
EndDialog
SendNotifyMessageW
RegisterClassExA
GetListBoxInfo
RegisterClassExW
GetProcessWindowStation
InternalGetWindowText
UnhookWinEvent
GetWindowDC
CharLowerBuffW
DdeDisconnect
IsZoomed
GetDlgItemTextW
RegisterWindowMessageA
DdeAddData
DrawTextA
EnumPropsExW
ClientToScreen
CreateDialogParamW
GetClipboardViewer
ChangeDisplaySettingsExA
AnyPopup
DeleteMenu
CreateWindowExW
DestroyAcceleratorTable
MessageBoxA
SetScrollRange
EnumWindows
InSendMessageEx
SetClassLongW
IsCharUpperA
GetMenuStringA
GetClipboardSequenceNumber
CharToOemA
DefWindowProcW
MessageBeep
LoadMenuIndirectA
RemovePropA
SendNotifyMessageA
GetClassInfoW
LookupIconIdFromDirectory
LoadMenuA
CreateIconFromResourceEx
GetSysColor
MessageBoxExA
PeekMessageW
GetSubMenu
MsgWaitForMultipleObjectsEx
ShowWindow
SetTimer
LoadKeyboardLayoutW
GetActiveWindow
CascadeWindows
SetScrollPos
DdeCmpStringHandles
MessageBoxIndirectA
RegisterClassA
wvsprintfW
GetProcessDefaultLayout
DlgDirListComboBoxW
DestroyWindow
CreateMDIWindowW
EditWndProc
OpenWindowStationW

gdi32

DeleteColorSpace
GdiFlush
GetDIBColorTable
GetBoundsRect
CopyEnhMetaFileA
SetMetaRgn
GetDeviceCaps
EndPage
GetLogColorSpaceW
SetPixel
LineDDA
CreateRectRgn
ResizePalette

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 452KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 136KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0abf5604c2948704943421d0c8e9fc5f

Headers

File Characteristics

PDB Paths

Imports

comdlg32

comctl32

kernel32

user32

gdi32

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 452KB - Virtual size: 449KB

.data Size: 136KB - Virtual size: 158KB

.rsrc Size: 36KB - Virtual size: 33KB

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 452KB - Virtual size: 449KB

.data
Size: 136KB - Virtual size: 158KB

.rsrc
Size: 36KB - Virtual size: 33KB