45c149a626b6611dc3ae24097a25167c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

45c149a626b6611dc3ae24097a25167c_JaffaCakes118
Size

396KB
MD5

45c149a626b6611dc3ae24097a25167c
SHA1

f2d7563333cac28c23a34eda0eea9b95d04261fb
SHA256

431f6691b8b73ba55c1a3d8f665c2cca64a9a8dda6ec571e273fb2aed7ba462b
SHA512

f8cf42b2e2a0bcf34c689dac9e2de76a08cf1b47e34609b9d8fd612a452bf28b7eebec16be443726a7076db5934312ca2601ed42de7067080cb6c242cf9f71db
SSDEEP

6144:DIU5iLb7tmIBi+NC6xNn9QvSEyCX8N4s+n8Cef5GxMeHSAJ9ZiP:DIUwrCCN9G8itCcxMeHF9c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
45c149a626b6611dc3ae24097a25167c_JaffaCakes118

Files

45c149a626b6611dc3ae24097a25167c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fe8ac659ee771cbc142cf683841f2cfe

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrcmpA
GetVersionExW
DeleteCriticalSection
lstrcmpiW
CreateEventW
SetEvent
GetDriveTypeW
GetLastError
lstrcpyA
GetModuleHandleW
CopyFileW
lstrcatW
lstrcmpiA
DebugBreak
OutputDebugStringW
LocalFree
InitializeCriticalSection
lstrcatA
WriteFile
UnmapViewOfFile
GetFileSize
lstrcpynA
CreateFileMappingW
RemoveDirectoryW
FindClose
DeleteFileW
FindNextFileW
SetLastError
GetFullPathNameW
FindFirstFileW
MoveFileW
GetPrivateProfileStringW
HeapDestroy
FreeLibrary
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleHandleA
LoadLibraryA
RaiseException
InterlockedExchange
LocalAlloc
GetStartupInfoW
GetProcAddress
GetModuleFileNameA
GetUserDefaultLCID
lstrcpynW
GetLocaleInfoW
lstrcpyW
LoadLibraryExW
CreateFileW
GetFileTime
FindResourceW
LoadResource
LockResource
FormatMessageW
GetCurrentProcess
FlushInstructionCache
GetSystemTime
GetCurrentThreadId
EnterCriticalSection
MultiByteToWideChar
LeaveCriticalSection
GetDateFormatW
GetTimeFormatW
GetTimeZoneInformation
GetLocalTime
CompareFileTime
SystemTimeToFileTime
FileTimeToSystemTime
WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
CreateThread
lstrcmpW
CloseHandle
MulDiv
GetModuleFileNameW
lstrlenW
WideCharToMultiByte
lstrlenA
MapViewOfFile

user32

UpdateLayeredWindow
IsWindow
GetDesktopWindow
AttachThreadInput
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
SetCapture
ReleaseCapture
CreateAcceleratorTableW
ShowWindow
GetSysColor
MoveWindow
DrawAnimatedRects
FindWindowExW
wvsprintfA
MonitorFromWindow
CopyRect
GetWindowTextLengthW
SendMessageTimeoutW
RemoveMenu
PtInRect
MonitorFromPoint
TrackPopupMenuEx
CreatePopupMenu
MessageBeep
LoadAcceleratorsW
LoadMenuW
CharNextW
UpdateWindow
SetTimer
CharLowerW
MonitorFromRect
GetMonitorInfoW
GetMenuItemInfoW
wvsprintfW
SetMenuItemInfoW
GetSubMenu
GetMenuItemCount
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos
RegisterWindowMessageW
GetMenuState
DeleteMenu
GetActiveWindow
SetActiveWindow
FillRect
MessageBoxW
IsWindowEnabled
DestroyWindow
KillTimer
EndPaint
BeginPaint
DefWindowProcW
RegisterClassExW
LoadCursorW
GetClassInfoExW
CallWindowProcW
CreateWindowExW
AppendMenuW
PostQuitMessage
SetFocus
IsChild
CreateDialogParamW
RedrawWindow
EnableWindow
SetForegroundWindow
GetCursorPos
DestroyMenu
LockWindowUpdate
GetFocus
GetNextDlgTabItem
GetKeyState
TranslateAcceleratorW
LoadStringA
SetMenuDefaultItem
IsDialogMessageW
SendNotifyMessageW
PostMessageW
SendMessageCallbackW
DestroyIcon
InvalidateRgn
SetWindowLongW
DialogBoxParamW
GetWindowTextW
LoadStringW
GetDC
ReleaseDC
LoadImageW
EndDialog
GetDlgItem
SendMessageW
SetWindowTextW
wsprintfW
SetDlgItemTextW
GetParent
GetWindowLongW
GetWindow
GetWindowPlacement
EnumChildWindows
GetClassNameW
EnableMenuItem
CheckMenuItem
IsIconic
FindWindowW
GetMenuStringW
ModifyMenuW
IsWindowVisible
SetCursor
WaitForInputIdle
wsprintfA
InvalidateRect

gdi32

BitBlt
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DPtoLP
GetDeviceCaps
GetObjectW
DeleteDC
CreateFontIndirectW
GetStockObject
DeleteObject

advapi32

RegCreateKeyExW
RegQueryValueExA
RegDeleteValueW
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExA

shell32

FindExecutableW
ShellExecuteExW
Shell_NotifyIconW
SHAppBarMessage

ole32

OleLockRunning
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoTaskMemAlloc

oleaut32

VariantChangeType
SafeArrayGetLBound
SafeArrayGetUBound
DispCallFunc
DispInvoke
DispGetIDsOfNames
CreateDispTypeInfo
OleCreateFontIndirect
SysStringByteLen
LoadRegTypeLi
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
SysStringLen
VariantInit
VariantClear
SysAllocString
SysFreeString

newui

?nuiShutdown@@YGXXZ
?nuiStartup@@YGHK@Z
?GlobalSubclassDialog@@YGXXZ
?LoadPNG@@YGPAUHBITMAP__@@PBG@Z
?LoadColorScheme@@YG_NPBGK@Z
?ApplyColorScheme@@YGHPAUHWND__@@HK@Z
?SetWindowSkin@@YGHPAUHWND__@@PBG@Z
?AddSkinSbPart@@YGHPAUHWND__@@IHPBGPBD2@Z
?AddSkinSbPart@@YGHPAUHWND__@@IHPBD11@Z
?AddSkinChild@@YGHPAUHWND__@@PBDIPBG@Z
?GetSkinChildBitmap@@YGPAUHBITMAP__@@PAUHWND__@@IK@Z
?GetSkinSbPartIndex@@YGHPAUHWND__@@I@Z
?SetSkinSbPartImage@@YGHPAUHWND__@@IPBD@Z
?SetSkinSbPartToolTip@@YGHPAUHWND__@@IPBG@Z
?nuiDrawBackground@@YGHPAUHWND__@@PAUHDC__@@PBUtagRECT@@PBG@Z
?SkinShadowSettingsDlg@@YGPAUHWND__@@PAU1@@Z
?LoadPNGFromResource@@YGPAUHBITMAP__@@PAUHINSTANCE__@@PBGK@Z
?CreateExplorerBarWindow@@YGPAUHWND__@@PAU1@IHHHH@Z
?LoadIconFromPNGResource@@YGPAUHICON__@@PAUHINSTANCE__@@PBG@Z
?g_Colors@@3UCOLORS@@A
?nuiCreateInstance@@YGPAXABU_GUID@@@Z
?LoadPNGFromResource@@YGPAUHBITMAP__@@PAUHINSTANCE__@@PBG@Z

bvrpctln

?GetZipItemW@@YGKPAUHZIP__@@_KPAUZIPENTRYW@@@Z
?UnzipItemW@@YGKPAUHZIP__@@_KPBG@Z
?ZipAddW@@YGKPAUHZIP__@@PBG1@Z
?FormatZipMessageW@@YGIPAUHZIP__@@KPAGI@Z
_Profile_SetBinaryW@20
_MakeFullPathNameW@12
_IsInternetConnected@4
?Infobox_CreateW@@YGPAUHWND__@@PAU1@PAUINFOBOXW@@@Z
_Profile_GetBinaryW@20
?CreateZipW@@YGPAUHZIP__@@PBGPBD@Z
_InitSplitterWnd@0
?MessageBoxPlus@@YAHPAUMSGBOXPLUSW@@ZZ
?GetInt@CProfile@@QBEHPBD0H@Z
?GetString@CProfile@@QBEHPBD00PADI@Z
_Profile_GetIntExW@20
?FindKey@CProfile@@ABEPAUKey@1@PBD@Z
?SetUnzipBaseDirW@@YGKPAUHZIP__@@PBG@Z
_Profile_GetCompanyW@0
_Profile_GetStringW@24
_Profile_SetStringW@16
_Profile_GetIntW@16
_Profile_SetIntW@16
_Profile_SetBooleanW@16
_Profile_GetBooleanW@16
?PocketHTML@@YGXPAUHWND__@@@Z
ord2
??0CProfile@@QAE@PBD_N@Z
?FindSection@CProfile@@ABEPAUSection@1@PBD@Z
?GetString@CProfile@@QBEHPBD0PADI@Z
??1CProfile@@UAE@XZ
?OpenZipW@@YGPAUHZIP__@@PBGPBD@Z
_Profile_SetCompanyW@4
_Profile_GetRootW@0
?CloseZip@@YGKPAUHZIP__@@@Z
?GetInt@CProfile@@QBEHPBDH@Z
_Profile_SetRootW@4

modemwiz

?mwCreateInstance@@YGPAXABU_GUID@@@Z

modexch

ord4
ord6
ord5

wfp1n

ord39
ord213
ord174
ord38
ord54
ord214
ord196
ord175

rascnxmngr

_RasCM_EnumConnectionsEx@16

bvrpnac

CloseNAC
nac_recus
InitNAC
SetCallBackEvent

comctl32

CreateStatusWindowW
ImageList_GetIcon
CreatePropertySheetPageW
DestroyPropertySheetPage
ImageList_Create
PropertySheetW
ImageList_Destroy
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Add

msvcrt

_stricmp
_wcsicmp
_controlfp
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
_CxxThrowException
wcsrchr
wcscmp
iswxdigit
wcschr
_wcsnicmp
_wtoi
iswdigit
wcslen
strtok
_purecall
wcsstr
_strdup
strchr
_except_handler3
realloc
??2@YAPAXI@Z
memmove
??3@YAXPAX@Z
__CxxFrameHandler
malloc
free

shlwapi

StrCpyW
PathRemoveFileSpecW
PathRenameExtensionW
PathFindFileNameW
StrStrW
PathAppendA
PathRemoveFileSpecA
PathIsURLW
PathFileExistsW
SHGetValueW
StrCmpNIW
UrlIsW
PathCreateFromUrlW
StrTrimW
StrRChrW
StrToIntW
StrChrW
SHDeleteEmptyKeyW
SHDeleteKeyW
PathRelativePathToW
PathAddBackslashW
StrStrIW
PathStripPathA
PathAppendW

winmm

PlaySoundW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 168KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fe8ac659ee771cbc142cf683841f2cfe

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

newui

bvrpctln

modemwiz

modexch

wfp1n

rascnxmngr

bvrpnac

comctl32

msvcrt

shlwapi

winmm

version

Sections

.text Size: 168KB - Virtual size: 167KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 12KB - Virtual size: 12KB

Shared Size: 4KB - Virtual size: 8B

.rsrc Size: 184KB - Virtual size: 204KB

.text
Size: 168KB - Virtual size: 167KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 12KB - Virtual size: 12KB

Shared
Size: 4KB - Virtual size: 8B

.rsrc
Size: 184KB - Virtual size: 204KB