5dd4a78cfd803ca069ed281f7c29ddf7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5dd4a78cfd803ca069ed281f7c29ddf7_JaffaCakes118
Size

492KB
MD5

5dd4a78cfd803ca069ed281f7c29ddf7
SHA1

c7a29f1d14a00dbf4f1e98d5d3e899e30c189479
SHA256

880b62df2b1199509175e52eeca52200c63642d4be3bc62122249c42bd19a2d9
SHA512

cf47ce54f2a35ad0644fa20c49205855877007f64872e62865138c6f1fa9b7650e32a497c39d0db0746a6b6214a62dfe2149cac93b0513eee7109bcc1a57955d
SSDEEP

3072:y3JgXmO6ycxJMqKs6OZ8JgLQ1gXkq9HHIkHlmwYbYrvGVkbfpjACRJsEeinxR2rd:6JgXhwPmUQWXkIcwOYbp1sEegir8I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dd4a78cfd803ca069ed281f7c29ddf7_JaffaCakes118

Files

5dd4a78cfd803ca069ed281f7c29ddf7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0dc1acf5daea7dc70eefcd740fa330d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\bld\nview\v42\nView\bin\URelease\nvAppBar.pdb

Imports

user32

GetDoubleClickTime
GetClassNameW
TrackPopupMenuEx
UnionRect
SetRect
GetDC
EqualRect
IsIconic
IsZoomed
InflateRect
IntersectRect
IsRectEmpty
OffsetRect
IsWindowVisible
FrameRect
DrawIconEx
GetSysColor
SetRectEmpty
BeginPaint
EndPaint
GetClientRect
InvalidateRgn
SetWindowTextW
EnableWindow
GetWindowTextW
GetSysColorBrush
RegisterClassExW
GetMessageW
DispatchMessageW
TranslateMessage
PostQuitMessage
wvsprintfW
ReleaseCapture
MonitorFromPoint
SetCapture
SetCursor
PtInRect
GetWindow
DefWindowProcW
KillTimer
LoadStringW
LoadCursorW
UnregisterClassW
RegisterClassW
CreateWindowExW
DestroyWindow
GetCursorPos
ScreenToClient
GetSubMenu
CreatePopupMenu
DestroyMenu
LoadMenuW
DeleteMenu
ClientToScreen
TrackPopupMenu
GetSystemMetrics
SystemParametersInfoW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
IsWindow
GetWindowDC
ReleaseDC
CopyRect
GetWindowPlacement
OpenIcon
ShowWindow
UpdateWindow
AllowSetForegroundWindow
LockSetForegroundWindow
GetForegroundWindow
GetTopWindow
GetWindowThreadProcessId
AttachThreadInput
SetActiveWindow
SetForegroundWindow
BringWindowToTop
SetFocus
InvalidateRect
wsprintfW
SendMessageW
CopyIcon
GetClassLongW
LoadIconW
LoadImageW
DestroyIcon
MapVirtualKeyW
GetKeyNameTextW
FindWindowW
PostMessageW
SetTimer
GetWindowRect
MoveWindow
GetMonitorInfoW
EnumDisplayDevicesW
EnumDisplaySettingsW
SetWindowPos
GetWindowLongW
SetWindowLongW

shell32

ExtractIconW
ExtractIconExW
SHAppBarMessage

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW

comctl32

InitCommonControlsEx
ImageList_SetOverlayImage
ImageList_Create
ImageList_SetImageCount
ImageList_Remove
ImageList_Destroy
ImageList_GetIcon
ImageList_ReplaceIcon

msimg32

GradientFill

kernel32

GetStringTypeA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
VirtualQuery
InterlockedExchange
InitializeCriticalSection
LoadLibraryA
RaiseException
GetCPInfo
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
EnterCriticalSection
FatalAppExitA
LeaveCriticalSection
VirtualFree
HeapCreate
HeapDestroy
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
GetCurrentProcess
TerminateProcess
ExitProcess
TlsGetValue
TlsSetValue
GetStringTypeW
GetCurrentThread
SetLastError
TlsAlloc
GetVersionExA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
RtlUnwind
ExitThread
Sleep
lstrcpynW
lstrcmpiW
CreateSemaphoreW
OutputDebugStringW
MultiByteToWideChar
GetLastError
CreateThread
SetThreadPriority
TerminateThread
GetTickCount
lstrlenW
GetUserDefaultLangID
GetCurrentProcessId
GetCurrentThreadId
GetFileSize
ReadFile
GlobalLock
GlobalUnlock
FreeResource
LocalAlloc
GlobalAlloc
CreateFileW
WriteFile
CloseHandle
GlobalFree
LocalFree
GetEnvironmentVariableW
lstrcatW
LoadLibraryW
GetProcAddress
FreeLibrary
lstrcpyW
GetVersionExW
HeapFree
LCMapStringA
LCMapStringW
SetConsoleCtrlHandler
QueryPerformanceCounter
GetSystemTimeAsFileTime
HeapSize
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
TlsFree
lstrcmpW
GetProcessHeap
GetModuleFileNameW
HeapAlloc

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

qodahvr
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mgudtsr
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0dc1acf5daea7dc70eefcd740fa330d0

Headers

File Characteristics

PDB Paths

Imports

user32

shell32

advapi32

comctl32

msimg32

kernel32

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 24KB - Virtual size: 21KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 308KB - Virtual size: 308KB

qodahvr Size: 32KB - Virtual size: 32KB

mgudtsr Size: - Virtual size: 4KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 24KB - Virtual size: 21KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 308KB - Virtual size: 308KB

qodahvr
Size: 32KB - Virtual size: 32KB

mgudtsr
Size: - Virtual size: 4KB