4559a18962c6c070216a5e29d28e448e_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4559a18962c6c070216a5e29d28e448e_JaffaCakes118
Size

341KB
MD5

4559a18962c6c070216a5e29d28e448e
SHA1

346753ece9e5483c48c5289747b3caddc097c637
SHA256

ad216454b091c6682893a3f43a76a101dc5e4ef2e7e27df226a252b0ecea4036
SHA512

fd238caa85e14fc8664e54d063242db1a6526e02847c9d8ab4ae529a2c950b9b84cd79c5537dbdb41b6498a8a6e9c674de656943d158640a98d268000813ec99
SSDEEP

6144:NJP19Lh/WpWkuAljUNZk0g6wY4GJjc9hk1S:NVLwpWkujC6wY4GJjc9hoS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4559a18962c6c070216a5e29d28e448e_JaffaCakes118

Files

4559a18962c6c070216a5e29d28e448e_JaffaCakes118
.exe windows:5 windows x86 arch:x86

a2b878b326df77e318cd123a7cc5139e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

eudcedit.pdb

Imports

comdlg32

ChooseFontW
GetOpenFileNameW
GetSaveFileNameW

shell32

ShellAboutW

gdi32

GetFontData
SelectObject
CreateFontIndirectW
GetObjectW
CreateSolidBrush
GetTextExtentPoint32W
EnumFontFamiliesW
EnableEUDC
GetStockObject
CreatePen
CreateBitmap
SetBitmapBits
DeleteObject
CreateCompatibleBitmap
CreatePolygonRgn
GetRgnBox
CreateCompatibleDC
FillRgn
Ellipse
Rectangle
PatBlt
BitBlt
StretchBlt
DeleteDC
GetTextExtentExPointW
TranslateCharsetInfo
ExtTextOutA
GetTextExtentPoint32A
OffsetRgn
GetTextMetricsW
SetBkColor
SetTextColor
ExtTextOutW
GetTextExtentPointW
GetBitmapBits

imm32

ImmGetConversionStatus
ImmGetCompositionStringW
ImmEnumRegisterWordW
ImmCreateContext
ImmDestroyContext
ImmAssociateContext
ImmConfigureIMEW
ImmRegisterWordW
ImmIsIME
ImmSetCompositionStringW
ImmSetConversionStatus
ImmEscapeW

mfc42u

ord567
ord825
ord1143
ord800
ord3087
ord4155
ord5977
ord540
ord2634
ord2854
ord2506
ord5261
ord4992
ord6048
ord1767
ord4401
ord5276
ord4419
ord3592
ord324
ord4219
ord5798
ord6237
ord6195
ord4704
ord4370
ord5949
ord3093
ord4847
ord1850
ord4240
ord674
ord823
ord3688
ord3614
ord3566
ord3701
ord1633
ord5781
ord4292
ord4128
ord4215
ord2576
ord3649
ord2430
ord1637
ord2859
ord2371
ord2093
ord1230
ord613
ord289
ord5783
ord5784
ord640
ord2397
ord2444
ord323
ord2442
ord5785
ord6168
ord5871
ord5790
ord6115
ord4282
ord4452
ord5095
ord2715
ord2382
ord3054
ord5094
ord5098
ord4461
ord4298
ord3346
ord5006
ord976
ord5468
ord3398
ord2874
ord2873
ord4147
ord4072
ord5233
ord2374
ord5279
ord2641
ord1658
ord4430
ord3634
ord2437
ord4421
ord401
ord755
ord470
ord5446
ord6390
ord5436
ord6379
ord5025
ord3716
ord795
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord6211
ord4445
ord4269
ord815
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord5303
ord5285
ord5710
ord4616
ord3733
ord561
ord2717
ord4692
ord535
ord858
ord3517
ord3516
ord2613
ord1197
ord1821
ord4270
ord6125
ord3605
ord656
ord6017
ord5764
ord6126
ord3737
ord818
ord5869
ord6185
ord1922
ord1569
ord2577
ord6150
ord2522
ord4359
ord4051
ord5467
ord4116
ord2381
ord5079
ord1702
ord1707
ord4398
ord5230
ord6365
ord5275
ord5254
ord2436
ord796
ord529
ord2109
ord3792
ord2072
ord4448
ord6065
ord6193
ord6063
ord3477
ord1851
ord4241
ord3864
ord2119
ord2383
ord5096
ord5099
ord3345
ord975
ord2875
ord4148
ord2375
ord5280
ord4431
ord5251
ord4422
ord807
ord5996
ord4118
ord4294
ord3133
ord4143
ord554
ord402
ord2084
ord5879
ord2112
ord3491
ord4071
ord2486
ord4495
ord4407
ord6819
ord5026
ord2618
ord2619
ord4140
ord4451
ord1150
ord1172
ord2567
ord4390
ord3569
ord609
ord2566
ord3567
ord4142
ord6213
ord2070
ord5568
ord2910
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord5157
ord2377
ord5237
ord4395
ord1768
ord4073
ord6051
ord2573
ord4214
ord2016
ord2405
ord6362
ord1764
ord2855
ord1634
ord3568
ord2406
ord3621
ord1165
ord3658
ord641
ord4229
ord6370
ord2637
ord692
ord5250
ord4260

msvcrt

free
wcsrchr
__CxxFrameHandler
malloc
_wtoi
wcstok
wcstol
wcschr
_ftol
wcsstr
qsort
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
_controlfp
?terminate@@YAXXZ

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExA
RegQueryValueExA
RegEnumValueW
RegDeleteKeyW

kernel32

WideCharToMultiByte
GetSystemDefaultLCID
lstrcpyW
lstrlenW
MultiByteToWideChar
GlobalAlloc
GlobalLock
lstrcmpW
GlobalUnlock
GlobalFree
CloseHandle
lstrcmpA
CreateFileW
lstrcmpiW
GetACP
SetUnhandledExceptionFilter
LoadLibraryA
GetModuleHandleA
GetStartupInfoW
GetSystemWindowsDirectoryW
MoveFileExW
GetTempFileNameW
GetTempPathW
GetTickCount
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingW
WriteFile
LocalFree
LocalUnlock
LocalLock
LocalAlloc
ReadFile
SetFilePointer
DeleteFileW
GetProcAddress
LoadLibraryW
lstrcpyA
MoveFileW
WritePrivateProfileStringW
ExpandEnvironmentStringsW
GetLastError
FormatMessageW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
lstrcatW

user32

SetDlgItemTextW
GetDlgItemTextW
IsWindow
IsWindowVisible
ClientToScreen
IsZoomed
IsIconic
DrawMenuBar
DeleteMenu
IntersectRect
SetRectEmpty
GetDesktopWindow
GetDialogBaseUnits
PeekMessageW
DispatchMessageW
GetSystemMetrics
GetCapture
SetActiveWindow
GetActiveWindow
FindWindowW
SetForegroundWindow
ShowScrollBar
GetClipboardData
GetCursorPos
SetCursor
EmptyClipboard
SetClipboardData
EnumClipboardFormats
TranslateMessage
DefWindowProcW
OpenClipboard
SetCapture
ScreenToClient
GetKeyboardLayoutList
SetWindowLongW
SetScrollInfo
CreateWindowExW
GetWindowRect
ReleaseDC
GetDC
MessageBoxW
LoadStringW
GetWindow
GetParent
SetFocus
InvalidateRect
ActivateKeyboardLayout
SendMessageW
MessageBeep
GetWindowLongW
EnableWindow
IsWindowEnabled
PtInRect
ShowCaret
SetCaretPos
CreateCaret
EndPaint
GetSysColor
DrawEdge
BeginPaint
HideCaret
LoadMenuW
PostMessageW
DestroyCaret
SetWindowTextW
wsprintfW
GetWindowTextW
GetDlgItem
EndDialog
DialogBoxParamW
GetKeyboardLayout
RegisterClassExW
LoadCursorW
GetClassInfoExW
WinHelpW
FillRect
DrawIcon
GetClientRect
UpdateWindow
EnableScrollBar
LoadIconW
RegisterClipboardFormatW
SetRect
CopyRect
EqualRect
OffsetRect
UnionRect
ReleaseCapture
InvertRect
CloseClipboard

Sections

.text
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2b878b326df77e318cd123a7cc5139e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comdlg32

shell32

gdi32

imm32

mfc42u

msvcrt

advapi32

kernel32

user32

Sections

.text Size: 157KB - Virtual size: 157KB

.data Size: 4KB - Virtual size: 16KB

.rsrc Size: 26KB - Virtual size: 25KB

.text
Size: 157KB - Virtual size: 157KB

.data
Size: 4KB - Virtual size: 16KB

.rsrc
Size: 26KB - Virtual size: 25KB