5e8e7cf0043271dab008a31724726fa4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5e8e7cf0043271dab008a31724726fa4_JaffaCakes118
Size

219KB
MD5

5e8e7cf0043271dab008a31724726fa4
SHA1

bb01b6f8d77cb1d64b4c0b6f6e69947e022c57b6
SHA256

556d0716efa7b5068a47f4fed82bc45a3ab9c2a5c4f23f50a8ed9e785f1a666b
SHA512

4ce013219b2ec1612991792d27209aa4d69c6907e9376a90ef58ab2ec3b39d9891eddf8b46c73f6f967ab3589630e6113574aaedc9f805f18d22bf2ac616fea5
SSDEEP

6144:EfV74eGJgBUCke2920PtLS+5erGDMeM/LbT:EN4eGuOe2920Qr3eMnT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5e8e7cf0043271dab008a31724726fa4_JaffaCakes118

Files

5e8e7cf0043271dab008a31724726fa4_JaffaCakes118
.exe windows:5 windows x86 arch:x86

df0596b0a27848ab8497adafdda3bb61

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

U:\ibcxfSfxlbp\rzlKovdgiukkzv\oInDOjb.pdb

Imports

msvcrt

_controlfp
__set_app_type
fprintf
malloc
ungetc
__p__fmode
__p__commode
_amsg_exit
_initterm
fgetc
isdigit
wcschr
wcscoll
localtime
mktime
gmtime
fgets
strchr
isxdigit
remove
srand
putc
fclose
system
iswprint
islower
mbstowcs
swscanf
bsearch
_ismbblead
_XcptFilter
wcstod
strncmp
getc
_exit
_cexit
strerror
__setusermatherr
wcscpy
fputc
isalnum
toupper
wcstombs
__getmainargs

comctl32

ImageList_Destroy
PropertySheetW
CreatePropertySheetPageA
ImageList_ReplaceIcon
ImageList_LoadImageW
CreateStatusWindowW

gdi32

RectVisible
SaveDC
SetPaletteEntries
ResizePalette
CreateDIBSection
RealizePalette
SetBitmapBits
AddFontResourceW
SetBitmapDimensionEx
CreateSolidBrush
StartDocW
PathToRegion
DeleteDC
GetTextAlign
StretchDIBits
GetDeviceCaps
GetObjectA
CreateCompatibleBitmap
TextOutA
GetTextFaceW
SetTextAlign
GetTextExtentPointA
SetPixel
EnumFontFamiliesExW
CreatePolygonRgn
CreateDIBitmap
SetAbortProc
GetTextExtentPoint32A
PolyBezier
CreateDiscardableBitmap
GetRgnBox
GetFontData
GetStockObject
EnumFontFamiliesW
GetTextExtentPointW
SetBrushOrgEx
CreateFontA
CreateFontIndirectW
Escape
GetROP2
SetStretchBltMode
StretchBlt
SelectObject
SetMapMode

psapi

GetProcessImageFileNameW

user32

CreateIconFromResource
GetSubMenu
GetMessagePos
SetLastErrorEx
GetWindowRect
ClipCursor
UnloadKeyboardLayout
DispatchMessageW
EnableMenuItem
GetDoubleClickTime
PeekMessageW
IsWindow
RegisterClassExW
DrawTextA
IsCharLowerA
GetDesktopWindow
CallWindowProcW
GetNextDlgTabItem
GetKeyboardLayout
DestroyCursor
MapWindowPoints
CreateDialogParamW
CharPrevA
ActivateKeyboardLayout
AdjustWindowRectEx
GetIconInfo
CharUpperA
GetDC
GetClassLongA
GetTopWindow
SetCursor
DialogBoxParamW
GetScrollInfo
DefFrameProcA
InvalidateRect
VkKeyScanW
CreateDialogIndirectParamW
CheckDlgButton
IsDialogMessageW
BeginPaint
ShowScrollBar
LockWindowUpdate
FindWindowA
SendInput
AttachThreadInput
SwitchToThisWindow
InsertMenuItemW
CharToOemBuffA
DrawTextExW
RegisterWindowMessageA
CharNextW
ChildWindowFromPoint
LookupIconIdFromDirectory
CreateWindowExW
IsCharUpperA
CascadeWindows
BringWindowToTop
PtInRect
CheckMenuItem
EqualRect
DrawEdge
DrawIcon
CreateIconIndirect
OemToCharA
GetSysColorBrush
GetParent
GetScrollPos
GetMenu
MessageBoxExW
GetWindowTextW
DialogBoxParamA
LoadImageW
InsertMenuW
GetMessageExtraInfo
MapVirtualKeyExW
SendMessageA
CreateDialogParamA
LoadAcceleratorsW
EndTask
DrawStateA
CharUpperBuffA
InSendMessageEx
keybd_event
CloseDesktop
SetMenuItemBitmaps
GetKeyState
GetMenuCheckMarkDimensions
GetClassInfoA
CharUpperW
PostMessageA
IsDialogMessageA
InternalGetWindowText
DestroyAcceleratorTable
EnumWindows
ScreenToClient
TrackPopupMenuEx
PostMessageW
SetMenuDefaultItem
GetMenuStringW
SetSysColors
GetMenuStringA
ShowOwnedPopups
GetCaretPos
GetWindowPlacement
GetMessageTime
GetNextDlgGroupItem
KillTimer
DrawAnimatedRects

kernel32

FindResourceExA
GetCommandLineW
LoadResource
FindResourceExW
GetVersionExW
SetSystemTime
AreFileApisANSI
GetStartupInfoA
FreeResource
IsBadCodePtr
FindResourceW
GetNumberFormatA
GetModuleHandleW
CopyFileA
SetCommBreak
GlobalHandle
GetThreadContext
CreateFileMappingA
LocalSize
WriteFile
LoadLibraryW
GetFileInformationByHandle
TerminateThread
GlobalFindAtomW
GlobalFree
SetFileAttributesW
GetStringTypeExW
MoveFileExW
FoldStringW
GetUserDefaultLangID
GetOverlappedResult
SetFilePointer
GetSystemTime
HeapAlloc
CompareStringA
HeapFree
GetFileAttributesExW
ResumeThread
MoveFileW
GetProcessHeap
TlsSetValue
GlobalCompact
CreateRemoteThread
FindFirstChangeNotificationW
CreateDirectoryW
GetFileTime
UnhandledExceptionFilter
GetShortPathNameA
RtlUnwind
RegisterWaitForSingleObject
CreateNamedPipeW
GlobalAddAtomA
PulseEvent
MoveFileA
ClearCommError

Exports

Exports

?IsStateW@@YGJKE]A
?InstallComponent@@YGPAM_NPAHG]A

Sections

.text
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.packed
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df0596b0a27848ab8497adafdda3bb61

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

gdi32

psapi

user32

kernel32

Exports

Exports

Sections

.text Size: 190KB - Virtual size: 189KB

.packed Size: 13KB - Virtual size: 13KB

.data Size: 9KB - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 190KB - Virtual size: 189KB

.packed
Size: 13KB - Virtual size: 13KB

.data
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 2KB