5e438f4a1bcef18cb1c0a7d6468c8990_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e438f4a1bcef18cb1c0a7d6468c8990_JaffaCakes118
Size

190KB
MD5

5e438f4a1bcef18cb1c0a7d6468c8990
SHA1

04951aab73ec061b6ac5223ea90efdaf8daa959f
SHA256

4f60f284fd21307aab01744e2f598e91cf0732551562cfd2847d141cc8611520
SHA512

369547e41b0f9197aba9f96eece1210e6adf189f9c22c3b20ccc7fc4c2223f7a1b5c78e44e044110ddac50bfb69afd726cc86c8333b37d4cd57d1ebec04e9ce3
SSDEEP

3072:YTMf0E9bJ0BzGq/nZlG3NdYtUwl5jATPLEHTaa/2i3jBdLtbmtG/Gx:YkhGzJ/nLu+58TO9/x3jBpstGe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e438f4a1bcef18cb1c0a7d6468c8990_JaffaCakes118

Files

5e438f4a1bcef18cb1c0a7d6468c8990_JaffaCakes118
.exe windows:5 windows x86 arch:x86

86db1bb86708f98e255599a729141da4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\lkutatsGjuunJ\xHihIFYdZa\wbTowpjissuO\clXNGtY.pdb

Imports

user32

DrawIcon
DestroyCaret
InflateRect
GrayStringW
GetWindowDC
CopyRect
LockWindowUpdate
ToUnicodeEx
CreateDialogIndirectParamW
CharPrevW
GetDlgItemTextW
SetMenuItemInfoW
RegisterClassExA
GetClientRect
DrawFrameControl
PeekMessageA
MapVirtualKeyW
GetCaretPos
MessageBoxW
GetFocus
DefFrameProcA
SendMessageTimeoutA
MessageBoxExA
SetUserObjectInformationW
CopyAcceleratorTableW
CreateCursor
RegisterClassW
IsWindowEnabled
CharUpperBuffA
CharUpperW
LoadMenuA
LoadMenuW
ClientToScreen
DispatchMessageA
ChangeMenuW
WaitForInputIdle
GetMessageW
AdjustWindowRectEx
ArrangeIconicWindows
DestroyWindow
TrackPopupMenu
IsCharAlphaW
IsCharUpperA
ShowScrollBar
RegisterClassExW
RegisterHotKey
SetWindowLongA
EnumWindows
MonitorFromPoint
RemovePropW
GetDialogBaseUnits
IsRectEmpty
CheckRadioButton
CreateDialogParamW
CallWindowProcA
FindWindowExA
CharToOemBuffA
GetSubMenu
FrameRect
GetMenuItemInfoW
SetSysColors
PostThreadMessageW
ShowWindow
DialogBoxIndirectParamA
IsDialogMessageW
IsWindow
SystemParametersInfoA
ExitWindowsEx
DialogBoxParamA
RegisterClassA
TranslateAcceleratorW
TabbedTextOutW
GetMenuItemID
EnableWindow
GetCursorPos
IsDlgButtonChecked
SetDlgItemTextW
InternalGetWindowText
DrawStateW
mouse_event
EnumChildWindows
EnableScrollBar
GetMenuStringW
GetMessageTime
EnumThreadWindows
CloseDesktop
MapVirtualKeyA
FindWindowA
CheckDlgButton
CheckMenuRadioItem
TranslateAcceleratorA
SendDlgItemMessageW
LoadIconA
InvalidateRect
GetIconInfo
CreateDialogParamA
GetMenuItemCount
GetMessagePos
LoadStringA
LoadAcceleratorsA
GetClassInfoW
SetWindowRgn
GetMenu
CharLowerW
GetWindow
SetWindowTextW
ShowCursor
SendMessageA
CreateIconIndirect
AppendMenuW
ClipCursor
GetForegroundWindow
ScrollWindowEx
IsIconic
DrawAnimatedRects
ReleaseDC
GetClassInfoA
LoadImageW
DrawTextW
CascadeWindows

kernel32

GetSystemWindowsDirectoryA
TryEnterCriticalSection
GetSystemWindowsDirectoryW
GetTimeZoneInformation
SleepEx
GetShortPathNameA
SetEndOfFile
lstrcpyW
lstrcmpW
SetEvent
SetFileApisToOEM
SetThreadAffinityMask
UnlockFile
FindResourceExA
SearchPathW
GetTempPathA
GetCurrentDirectoryW
EnumResourceLanguagesA
GetLongPathNameW
HeapWalk
GetSystemDirectoryA
GetTempFileNameA
GetUserDefaultLangID
AddAtomA
GetWindowsDirectoryW
GetModuleFileNameA
SetCommTimeouts
VirtualQuery
GetStartupInfoW
CompareStringA
GetCommandLineW
GlobalFindAtomW
lstrcpynW
CreateEventW
GetUserDefaultUILanguage
OpenEventW
SetFilePointer
GetFileAttributesW
FindNextChangeNotification
GlobalAddAtomA
MoveFileW
VerSetConditionMask
OpenEventA
SystemTimeToFileTime
LCMapStringW
Sleep
lstrlenA
HeapUnlock
GetLastError
TerminateThread
LocalUnlock
LoadLibraryA
GlobalLock
lstrcmpiA
GetModuleHandleA
CreateFileMappingA

shlwapi

StrChrIA

gdi32

GetSystemPaletteUse
MoveToEx
SetLayout
CreateHatchBrush
GetNearestColor
SetTextAlign
SetPixel
CreatePalette
GetTextExtentPoint32A
EnumFontsW
AddFontResourceW
GetRgnBox
DeleteDC
RemoveFontResourceW
SetBrushOrgEx
GetDeviceCaps
GetDIBColorTable
EndDoc
SetDIBColorTable
SetRectRgn
CreateBitmap
SetBitmapDimensionEx
CreateDIBSection
WidenPath
GetLayout
ResizePalette
Rectangle
GetTextFaceW
SelectPalette
GetTextCharsetInfo
SaveDC
SetMapMode
PolyBezier
GetROP2
ExcludeClipRect
CreateFontIndirectW
TranslateCharsetInfo
SetROP2
LineDDA
SelectClipRgn
StartPage
EnumFontFamiliesW
GetClipBox
CreateDiscardableBitmap
SetWindowExtEx
ExtFloodFill
UnrealizeObject
StretchDIBits
TextOutW
PatBlt

msvcrt

floor
wcsstr
strspn
putc
towlower
_controlfp
bsearch
__set_app_type
strtoul
__p__fmode
wcsncpy
iswdigit
wcslen
strtok
__p__commode
_amsg_exit
wcscoll
time
_initterm
_acmdln
exit
_ismbblead
getenv
swscanf
_XcptFilter
iswalpha
strtol
_exit
wcstombs
strpbrk
fclose
_cexit
getc
__setusermatherr
mbtowc
wcstol
vswprintf
atoi
wcscpy
fflush
wcsncmp
system
iswctype
__getmainargs
wcschr
setvbuf
tolower
isxdigit
wcscmp

Exports

Exports

?OnScreenEx@@YGHPAD]A
?TimeA@@YGMPAM]A
?IsStateW@@YGIJIHK]A
?DecrementDialogOld@@YGIE]A
?IsTask@@YGPAXPAEDPA_NF]A
?IsValidStringNew@@YGPAXDPADPAGJ]A
?ModifyProcessEx@@YGGPAN]A
?LoadPen@@YGDHM]A
?IncrementClassExA@@YGFK]A
?DeleteWidthOld@@YGMIJH]A
?ShowSemaphoreA@@YGPAEHKPAI]A
?AddConfigW@@YGFEFM_N]A
?IsValidCommandLineExW@@YGIPANE]A
?OnObjectEx@@YGPAXHH]A
?DeleteCommandLineNew@@YGKI]A
?DecrementStateExA@@YGPAEMPAJ]A
?CrtFunctionOriginal@@YGPA_NFK]A
?RemoveExpressionExW@@YGPAFPAMPAII]A
?SetNameW@@YGFEPA_NGG]A
?FormatMutexNew@@YGGPANPAFPAEM]A
?FreeValue@@YGPAMEI]A
?FormatMonitorNew@@YGDPAI]A
?EnumPathExA@@YGXI]A
?KillFolderExW@@YGGEPAF]A
?CopyTaskExA@@YGPAIKH]A
?LoadFolderPathEx@@YGNG]A
?GetCharEx@@YGMPAH]A
?HideTimerExW@@YGPAXJJ]A
?HideDialog@@YGJMKK]A
?ValidateArgumentW@@YGIPAFPAII]A
?GetFolderPathExW@@YGPAIPAFPAEMM]A
?InvalidateVersionA@@YGKNPAD]A
?IsNotPenNew@@YGJI]A
?CopyObjectNew@@YGEPAHI]A
?ShowFileNew@@YGPAGKPA_N]A
?InsertFullNameA@@YGXJM]A
?CallProfileEx@@YGNPAHKED]A
?FindKeyNameEx@@YGFPAN]A
?IsNotKeyboardOriginal@@YGHEK]A
?DecrementConfigExA@@YGMKNJ]A
?InstallValueNew@@YGPAH_NJ]A
?RemoveAnchorExA@@YGGPAINF]A
?RtlFunction@@YGKPAI]A
?DecrementObjectExW@@YGXKJPAG]A
?FreePointer@@YGKI]A
?IsObjectOld@@YGDEE]A
?SetMonitorExA@@YGPAMGFPAJ]A
?ValidateValueA@@YGXNJ]A
?FindCommandLineW@@YGPAKPAHM]A
?StringEx@@YGXGGPAK]A
?DecrementClassA@@YGXE]A
?DecrementPenOriginal@@YGMMI]A
?AddDateNew@@YGEPADPAFPAGK]A
?OnProfileA@@YGXF_NPAIM]A
?GenerateWidthOriginal@@YGPAIPAK]A
?CancelPointOld@@YGFJEI]A
?IsValidTimeNew@@YGEFPAHPAH]A
?AddListItemA@@YGNJMPAME]A
?InsertHeaderA@@YGPAKKDPAIJ]A
?InstallFullNameW@@YGPAFPAK]A
?SetFolderPathOriginal@@YGPAJPAGPADGJ]A
?ListItemW@@YGPAFPANE]A
?IncrementTextA@@YGPANKFN]A
?ModifyWindowInfo@@YGX_NPAG]A
?ValidateWidthNew@@YGMIJD]A
?CancelAnchorNew@@YGMGI]A
?Char@@YGKDNKD]A
?InsertRectOld@@YGPAGPAEGPAJ]A
?IsValidFunction@@YGNDPAE]A
?CloseFileExA@@YGHH_N]A
?InsertPointerA@@YGPADM]A
?CopyConfigW@@YGMPAIM]A
?ModifyMutexEx@@YGEPAF]A
?FreePathW@@YGPAJFJ]A
?HideProviderExA@@YGMPAH]A
?IsNotAnchorNew@@YGFMPAI]A
?SemaphoreExW@@YGNPAE]A
?CancelArgumentNew@@YGPAXK]A
?DeleteMutantA@@YGFGPAFPA_NJ]A
?EnumListItemNew@@YGFKIEK]A
?IncrementThreadNew@@YGXPAIK]A
?AddFilePathW@@YGGPAGE]A
?OnEventOld@@YGPAMMPAFH]A
?IncrementProcess@@YGXIEPAGK]A
?HeaderEx@@YGKHI]A
?ValidateKeyNameOriginal@@YGPAFDPAEE]A
?ModifyTextExA@@YGPAG_NPAIPA_NJ]A
?InvalidateProfileOld@@YGEPAEPAM]A
?DeleteFolder@@YGIEPAM]A
?HideComponentExW@@YGXPAHHPAM]A
?IsValidFileNew@@YGPAGPAIPAENE]A
?AddVersionNew@@YGHPAJPAE]A
?GlobalVersionExW@@YGIM]A
?ShowStateNew@@YGXPAGPAFK_N]A
?InstallClassOld@@YGXPAI]A
?OnWindowA@@YGPAEJN]A
?FindWidthExW@@YGDDD]A
?PutNameW@@YGJPAD]A
?HideProfileA@@YGPAKPAEE]A
?DeleteStringEx@@YGXEPAHIG]A
?CancelMutexW@@YGPAJGNNE]A
?ShowAnchorW@@YGGF]A
?DestinationSysCounterDnDHuuey@@YGKGHE@Z
?SetArgumentOriginal@@YGXKPA_NPAME]A
?KillString@@YGJKIEM]A
?CallFolderExA@@YGPAKDPAH]A
?SetDataW@@YGXPAM]A
?ShowStringOld@@YGPAGNPAMIF]A
?CopyPathOld@@YGXPAFDD]A
?CancelClassEx@@YGPAGIKGK]A
?CallFunctionNew@@YGPAHDK]A
?CloseMutexExA@@YGMPAF]A
?KillWindowInfo@@YG_NHED]A
?EnumOptionOld@@YGJN]A
?FreeProfileExW@@YGFHPAHIPAG]A
?DecrementValueEx@@YGXPAH_NME]A
?InstallKeyboardW@@YGHPAIPAJ]A
?RemoveFilePath@@YGFD]A
?ValidateProfile@@YGKEMM]A
?FindMutantOld@@YGPADFHPAI]A
?LoadKeyNameEx@@YGPAXKPADPAKH]A
?SetMutexOriginal@@YGPAXFNDN]A
?InvalidateTimeExA@@YGPAJPAEPAEJM]A
?SendVersion@@YGPANGF]A
?CallVersionExA@@YGIG]A
?ModifyTimeOld@@YGPAFMDPAGG]A
?OnThreadW@@YGDIEMPAE]A
?IsNotDirectoryOld@@YG_NFKM]A
?IncrementPenNew@@YGGHF_NPAF]A
?RtlPointerEx@@YGKJPAIJ]A
?KillWindow@@YGPANPAFKPAI]A
?CrtMutexExA@@YG_NGPA_N]A
?CallTextOld@@YGFGPAIPAJPAF]A
?CloseMutexOld@@YGPA_NIEK]A
?IsModuleExW@@YGJDGK]A
?PutProviderOriginal@@YGPAXPAEPA_NIK]A
?CancelProfileOld@@YGPAHPANK]A
?OnOptionA@@YGXKPAF]A
?CloseFile@@YGMHPANPAFK]A
?GlobalPointerExA@@YGGGM]A
?GlobalVersionExA@@YGPAMEGPAJ]A
?SendValueEx@@YGPAKF]A
?LoadSystemNew@@YGHPAH]A
?ShowMutexNew@@YGIFPAHPAEM]A
?IsFolderPathExA@@YGPAGJGPAG]A
?RtlState@@YGPAHG]A
?FreeScreen@@YGEHJPAEK]A
?SetHeaderEx@@YGXJ]A
?FreeComponent@@YGFPADKJG]A
?AddNameEx@@YGDFGKPAE]A
?DecrementModuleOriginal@@YGXMHPADD]A
?AddTimerExW@@YGXGI]A
?RemoveArgumentW@@YGFJEPADPAH]A
?ValidateArgumentOriginal@@YGNFM]A
?DecrementFolderNew@@YGPAXGJE]A
?ValidateFolderOld@@YGXJKI]A
?CancelPath@@YGPAKPAM]A
?CloseDirectoryExA@@YGPAIDI]A
?OnStringA@@YGMIEEJ]A
?InstallTimeOld@@YGPAKKFHPAK]A
?SetEventExA@@YGGPAH_N]A
?CancelString@@YGPADKMPAFH]A
?IsNotPathW@@YGGPAGPAH_NJ]A
?ShowProjectW@@YGGPAKE]A
?LoadProviderA@@YGJG]A
?EnumSizeOriginal@@YGEM]A
?RtlDateExW@@YGGPAEPA_NK]A
?IsValidMonitorA@@YGPAXNM]A
?CopyFileA@@YGMF]A
?PutMonitorOriginal@@YG_NG]A
?FormatDataExA@@YGDGDEF]A
?CallProviderW@@YGEI]A
?GlobalProfileExA@@YGHK]A
?WindowInfoOld@@YGXMG]A
?FindPointerOld@@YGNHPAH]A
?FolderPathOriginal@@YGXG]A
?IsNotProcess@@YGFPAMK_NN]A
?GetCommandLineW@@YGPA_NJ]A
?InvalidateExpressionOriginal@@YGMPAJPA_N]A
?PutAnchorEx@@YGMD]A
?GlobalSemaphoreEx@@YGPAEPAKEPANJ]A
?RtlPointerExW@@YGEPAGKJM]A
?FindDateNew@@YGPAXF]A
?HideDeviceOriginal@@YGXE]A
?DeleteMutantEx@@YGIFG]A
?DateTimeW@@YGIMKEE]A
?DecrementPointerEx@@YGJPAHD]A
?ShowTextNew@@YGGPAGDPAI]A
?InvalidateListNew@@YGIMKEPAN]A
?SetCommandLineNew@@YGFDPAJ]A
?CallDirectoryA@@YGPADEF]A
?FreeMediaTypeExA@@YGEF]A
?AddArgumentEx@@YGIJIK]A
?FindTimeW@@YGFPAJ]A
?CancelTextOld@@YGPAGGMK]A
?CrtDirectoryExA@@YGPAXPAKEPAN]A
?SendFolderEx@@YGPAXDIPAN]A
?InvalidateDirectoryW@@YGDI_NIH]A
?InvalidateAnchorEx@@YGXEKH]A
?MutexExW@@YGPADHK]A
?DeleteHeaderNew@@YGNGPAGF]A
?RemoveCommandLineExW@@YGPAMPAI]A
?InsertSizeEx@@YGPAHN]A
?FormatEventExA@@YGPAMJ]A
?GeneratePenNew@@YGPAFPAHPAE]A
?OnArgument@@YGXKH]A
?SetTaskOriginal@@YGPAKPAIHM]A
?DecrementStringOld@@YGMDPAHFM]A
?GlobalMutexOld@@YGPAEHHKK]A
?IsFullNameW@@YG_NPAHPAN]A
?InvalidateSystemEx@@YGPAIEPADPAEM]A
?EnumConfig@@YGKF]A
?GetEventExA@@YGPAMPAME_NPAH]A
?HideDataOriginal@@YGIFPAJ]A
?CrtProjectExW@@YGPAMPAD]A
?CancelTimeOld@@YGPAFHG]A

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 330KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

86db1bb86708f98e255599a729141da4

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

shlwapi

gdi32

msvcrt

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 30KB

.idata Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 330KB

.rsrc Size: 147KB - Virtual size: 146KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 30KB

.idata
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 330KB

.rsrc
Size: 147KB - Virtual size: 146KB

.reloc
Size: 1KB - Virtual size: 1KB