421b6631c0e44d8516271aa01f0845d9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

421b6631c0e44d8516271aa01f0845d9_JaffaCakes118
Size

138KB
MD5

421b6631c0e44d8516271aa01f0845d9
SHA1

f9557c345eb10e582932e8d271a658e88e9bf0f4
SHA256

57179e75dafd00a3fdb960ad9786ee4172a4511e98f7e81f30621745a8686dbc
SHA512

eb646de9c1306014a6c0a0ee5abb15b80ad478a6283507b293c67e74e2b974e6d26ce2ac4ae94f28b4109a1d0fe4cf14751f64b3e93e847e53466b755c3aea14
SSDEEP

3072:c5fo9z5j7pPHcqJltwQjwFzZRP6iKu0lj6rmzf+7ARDwA6ruM7Q3cccWy:4Slh8qNwfFzmwmZRDbqrmcck

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
421b6631c0e44d8516271aa01f0845d9_JaffaCakes118

Files

421b6631c0e44d8516271aa01f0845d9_JaffaCakes118
.exe windows:5 windows x86 arch:x86

5097bfd849a75d79e94441cc391de2af

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

T:\earXqXtnfsik\dapkyzCgpafJ\WhwffctnmwgQ\eFaiApvuZ.pdb

Imports

comdlg32

PrintDlgExW
GetSaveFileNameW
ReplaceTextW
PrintDlgW
ChooseFontW

comctl32

ImageList_Read
CreateStatusWindowW
CreatePropertySheetPageW
ImageList_LoadImageW
ImageList_Draw

gdi32

GetTextExtentPoint32W
SetTextAlign
PtInRegion
ResizePalette
GetObjectA
ScaleWindowExtEx
GetMapMode
GetWindowOrgEx
GetTextColor
PatBlt
TextOutW
CreatePatternBrush
ExcludeClipRect
CreateBrushIndirect
GetObjectW
SetTextColor
BeginPath
CreateBitmapIndirect
CreateRectRgnIndirect
TextOutA
CreatePolygonRgn
GetStockObject
AddFontResourceW
GetDeviceCaps
CreateEllipticRgnIndirect
CreateFontA
OffsetViewportOrgEx
CreateDIBSection
CreateRectRgn
EnumFontFamiliesExW
CreatePen
SetBitmapBits
BitBlt
CreateCompatibleDC
StartDocW

msvcrt

wcscspn
_controlfp
isupper
__set_app_type
__p__fmode
iswprint
__p__commode
wcslen
iswdigit
printf
localtime
floor
swscanf
realloc
fputc
perror
wcstod
_amsg_exit
isdigit
_initterm
_acmdln
exit
wcscat
_ismbblead
strncpy
strcpy
puts
_XcptFilter
strcoll
vsprintf
strrchr
_exit
wcscoll
_cexit
atoi
wcstok
__setusermatherr
__getmainargs

user32

ShowWindow
DestroyMenu
SendMessageTimeoutA
RemovePropW
ActivateKeyboardLayout
InSendMessage
SendMessageA
ClipCursor
CreateCaret
EqualRect
ChildWindowFromPointEx
DefFrameProcW
GetClassNameW
InsertMenuW
LoadStringA
SetWindowTextW
ShowOwnedPopups
CharUpperW
RegisterClassExW
SetDlgItemTextA
CallWindowProcA
GetKeyNameTextW
GetClassInfoA
FindWindowExA
LoadBitmapW
MapWindowPoints
TabbedTextOutW
DefFrameProcA
LoadMenuW
SetClassLongW
mouse_event
GetSystemMenu
GetMessageTime
ShowScrollBar
GetClassInfoExW
GetSysColor
RegisterClassW
ChangeMenuW
GetKeyboardLayoutNameW
DeleteMenu
EndPaint
MessageBoxExA
IsRectEmpty
DefDlgProcW
ShowWindowAsync
GetWindowTextA
OpenInputDesktop
GetMonitorInfoW
GetWindow
DrawStateA
EnableWindow
GetPropW
GetMenuCheckMarkDimensions
GetMenuState
GetScrollRange
GetWindowPlacement
RegisterWindowMessageA
SystemParametersInfoA
SwapMouseButton
GetCursorPos
FindWindowA
GetWindowRect
InvalidateRgn
RemoveMenu
SetWindowLongA
GetDlgCtrlID
DefWindowProcW
GetClientRect
DestroyAcceleratorTable
GetFocus
SetWindowPos
CopyRect
CharNextA
GetNextDlgTabItem
WindowFromPoint
GetMenuStringA
GetSubMenu
CheckMenuItem
CreateDialogParamW
SetWindowPlacement
MonitorFromRect
IsCharAlphaW
LoadImageA
CheckMenuRadioItem
GetUserObjectInformationW
HiliteMenuItem
DrawMenuBar

kernel32

GetFileInformationByHandle
LCMapStringW
FlushViewOfFile
ConnectNamedPipe
LoadLibraryW
GlobalFindAtomW
GetThreadContext
HeapUnlock
ReadFile
SetHandleInformation
FindNextFileW
BuildCommDCBAndTimeoutsW
GetLongPathNameW
IsBadWritePtr
DuplicateHandle
SetThreadExecutionState
DisconnectNamedPipe
FindFirstFileW
GlobalFree
FindResourceA
GetVersionExW
TryEnterCriticalSection
CreateEventW
GetFileAttributesA
GetTickCount
GetComputerNameExW
VerSetConditionMask
GetNumberFormatW
FindResourceW
GetStringTypeExW
EnumResourceLanguagesA
GetVersion
CreateWaitableTimerA
GlobalFlags
GetWindowsDirectoryW
FindNextFileA
GetSystemInfo
GlobalAddAtomW
LoadLibraryExW
CompareFileTime
lstrcpynW

Exports

Exports

?SleepAhHJDud@@YGKEPA_WG@Z
?SleepUDSUDlkdlsds@@YGKEPA_WG@Z
?SleepUDudjkUD@@YGKEPA_WG@Z
?SleepYDyjDuUI@@YGKEPA_WG@Z

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5097bfd849a75d79e94441cc391de2af

Headers

File Characteristics

PDB Paths

Imports

comdlg32

comctl32

gdi32

msvcrt

user32

kernel32

Exports

Exports

Sections

.text Size: 70KB - Virtual size: 70KB

.data Size: 19KB - Virtual size: 18KB

.rdata Size: 1024B - Virtual size: 68KB

.rsrc Size: 118KB - Virtual size: 118KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 70KB - Virtual size: 70KB

.data
Size: 19KB - Virtual size: 18KB

.rdata
Size: 1024B - Virtual size: 68KB

.rsrc
Size: 118KB - Virtual size: 118KB

.reloc
Size: 2KB - Virtual size: 1KB