623e0ebf37ec46653e55e27702a6d196_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

623e0ebf37ec46653e55e27702a6d196_JaffaCakes118
Size

910KB
MD5

623e0ebf37ec46653e55e27702a6d196
SHA1

d1df974e8df39bd78f29e6d0be31c0919f9da5fb
SHA256

f836217a10603de47b7e3f4262041a379698ee9eae89536f20a8f60efcb6bdd8
SHA512

be0cfc6df5fee42ec7ac0fabc9b1636f36d3525fdd4c309f27774a20a63d603b495700e5c8258ffefe4a795f24259b811c0010b46a2d70392e1cf4ce19e1212f
SSDEEP

3072:ortAhjv++j/roiyVuPmxFok5ava+fnBw/6Jo+TSjaO:vvoVPxKXJXea

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
623e0ebf37ec46653e55e27702a6d196_JaffaCakes118

Files

623e0ebf37ec46653e55e27702a6d196_JaffaCakes118
.dll windows:5 windows x86 arch:x86

e8ef82940f785298d07fc47dedfb72c8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

X:\MlczAnshm\firRDzviDG\HjbtvHzg\viPZOxvevWj.pdb

Imports

user32

DialogBoxParamA
CreateCaret
GetMonitorInfoW
DrawFocusRect
CreateIconIndirect
PostMessageW
EnumWindows
CharUpperW
TrackPopupMenu
GetDlgItemInt
VkKeyScanW
FindWindowA
GetMessagePos
UnionRect
AdjustWindowRectEx
MapDialogRect
CascadeWindows
GetClassLongW
SetRect
IsIconic
SetWindowPos
SetFocus
wsprintfW
CreateIconFromResource
AppendMenuW
EqualRect
DestroyWindow
CharUpperBuffW
GetMessageExtraInfo
SetDlgItemTextA
FindWindowExW
ScreenToClient
SetWindowLongW
GetShellWindow
IsWindow
ShowWindow
GetMenuState
GetUserObjectInformationW
DrawFrameControl
GetLastActivePopup
InSendMessageEx
TileWindows
ChildWindowFromPointEx
GetDialogBaseUnits

msvcrt

_controlfp
__set_app_type
putc
__p__fmode
strtok
mbstowcs
__p__commode
_amsg_exit
_initterm
_acmdln
fgets
exit
getenv
_ismbblead
_XcptFilter
wcsstr
_exit
_cexit
iswdigit
fwrite
fputs
__setusermatherr
__getmainargs
strncpy
fread
fputc
fflush

kernel32

CreatePipe
RaiseException
FormatMessageA
GetCurrentDirectoryW
GetStartupInfoW
LoadLibraryA
SetLocalTime
GetTickCount
CompareFileTime
GetShortPathNameW
DeleteCriticalSection
GlobalSize
GlobalFindAtomW
lstrcmpW
GetShortPathNameA
FileTimeToSystemTime
LocalAlloc
SetFileApisToOEM
GetExitCodeThread
ExitProcess
LocalSize
GetCompressedFileSizeW
HeapValidate

gdi32

LineDDA
SetBitmapDimensionEx
BitBlt
CreateCompatibleBitmap
PolyBezier
WidenPath
GetCurrentObject
SetBitmapBits
Ellipse
GetViewportOrgEx
SetROP2
SetBkColor
GetPixel
GetTextFaceW
GetPaletteEntries
DeleteDC
SetDIBits
PtVisible
GetTextExtentPoint32A

shlwapi

PathRemoveBlanksW
StrToInt64ExW

Exports

Exports

?IsClassOriginal@@YGKGHI&U
RunAs
?IncrementTimerExW@@YGIPADPAGPAHF&U
?FreeWindowOld@@YGXHN&U
?CallTimerNew@@YGPADPAMPAEPA_NJ&U
?AddThreadEx@@YGDFPAFKE&U
?ModifyWidthExW@@YGHG&U
?FreeThreadExW@@YGKGKKM&U
?IsNotDateTimeExW@@YGIFIPAJM&U
?CopyFunctionOld@@YGPAFPAF&U
?CopyTextExA@@YGPAXFEM&U
?DecrementMonitorEx@@YGFM&U
?FormatMessageExA@@YG_NPAK&U
?KillAppNameExA@@YGGHGPAJ&U
?AddFunctionExA@@YGFJK&U
?KillDevice@@YGXK_NPAJJ&U
?EnumConfigNew@@YGPAXPAHPAHPAFG&U
?CallKeyboardExA@@YGPAXPAFPADM&U
?FindObjectOld@@YGXJI&U
?ModifyCharW@@YGEFNM&U
SensNotifyNetconEvent
?FormatVersionOriginal@@YGPAJIHPAM&U
?InstallExpressionEx@@YGKJPAIPAK&U
?GetClassOld@@YGPAMPADHPANPAD&U
?CancelWindowExW@@YGEPAEPAKIK&U
?IsWindowExA@@YGPAXDPADI&U
?DeleteWidthW@@YGHJ&U
?KillThreadExA@@YGIPANI&U
?CancelMemoryOriginal@@YGN_NJ&U
?SetMutantOld@@YGJPAM&U
?CloseRectNew@@YGPAJH&U
?ValidateSizeOriginal@@YGPAJHGPAF&U
?InstallFilePathExW@@YGIGMPAFH&U
?FormatMutantA@@YGPAFFEHG&U
?IncrementFullNameNew@@YGGF&U
?InstallProcessNew@@YGPAMEHMPAG&U
?ShowHeaderExA@@YGPAX_NH&U
?ValidateStringA@@YGPAGD&U
?InsertCharW@@YGIPAD&U
?InsertDeviceW@@YGEKG&U
?ModifyRect@@YGPAJDI&U
SensNotifyRasEvent
?InsertDialog@@YGIPAFEF&U
?DecrementMutantA@@YGXGPAJ&U
?PutCharEx@@YGPA_NHEPAMPAI&U
?KillFullNameEx@@YGPAXFJ&U
?LoadClassNew@@YGPAMM&U
?FreeFunctionA@@YGPA_NMGG&U
?InvalidateEventEx@@YGXNFHPAJ&U
?IsNotStateExW@@YGI_N&U
?OnDirectory@@YGPA_NPAIN&U
?EnumTextExW@@YGJPAHJPAI_N&U
?ModifyExpressionOld@@YGXFN_NG&U
?RtlSizeA@@YGXF&U
?ShowOptionExW@@YGPAFKPAMPAI&U
?RtlDateTimeA@@YGKPAFPAEPAEJ&U
?SetMutexNew@@YGJI&U
?RemoveMessageOriginal@@YGIPAMHPAHPAG&U
?OnProviderExA@@YGPAFEFMPAK&U
?IsNotConfigEx@@YGIEPAF&U
?InstallDirectoryExW@@YGPAEPAKPA_NPAFD&U
?RemoveKeyNameOriginal@@YGPAMPAHPAE&U
?DecrementListItemEx@@YGXPAHPAFD&U
?CloseWindowEx@@YGKGMK&U
?KillMediaTypeW@@YGNGG&U
?GlobalModuleNew@@YGPAXI&U
?ModifyFullNameExW@@YGHMJPAKI&U
SensNotifyWinlogonEvent
?GetConfigA@@YGPAKPAM&U
?IsValidDeviceW@@YGPAXPAMPAND&U
?SendProfileOld@@YGPAGFPAKPAJ&U
?IsValidWidthOriginal@@YGNPAFPA_NPAI&U
?RtlArgumentOld@@YG_NJKPAD&U
?RtlProcessExA@@YGN_NEK&U
?GetChar@@YGPAIEPAKPA_NE&U
?EnumWindowExA@@YGPAMJF&U
?KillData@@YGXGPAM_N&U
?FreeDialogNew@@YGM_NPAD&U
?IsNotKeyNameNew@@YGJFHPAHI&U
?SetFolderOld@@YGXHFPAIPAE&U
?ShowWindowInfoEx@@YGXHFEPAJ&U
?GlobalStateA@@YG_NMEJE&U
?HideDateOriginal@@YGPAEEJHF&U
?KillProviderOld@@YGPAIGPAEPANPAI&U
?DecrementKeyboard@@YGXFGPAHN&U
?EnumCommandLineExA@@YG_NNPA_NI&U
?CallWindowInfo@@YGPAMN&U
?FindHeight@@YGDJPAKDPAM&U
?CloseSectionW@@YGXFJMM&U
?PutFolderPathExA@@YGKPAF&U
?SetAnchorOld@@YGPAEPAEF&U
ServiceMain
?EnumComponentOld@@YGMPAEMD&U
?GetSemaphoreExW@@YG_ND&U
?ModifyTime@@YGJG&U
?FormatPointNew@@YGPAMPAMDFPAF&U
?ShowMediaTypeExA@@YGXHED&U
?FreeSemaphoreA@@YGJKI&U
?CrtProfileW@@YGPAEPA_NPAKIF&U
?RemoveDataEx@@YGXPAGF&U
?OnAppNameOld@@YGFPAMPAGIM&U
?ValidateAppNameOriginal@@YGPANFFPA_NN&U
?IsDirectoryW@@YGPAID_NPAKI&U
?CrtComponentA@@YGDJJ&U
?PutProviderEx@@YGPAND&U
?EnumDateTimeA@@YGFPAEJ&U
?OnMutexA@@YGMFH&U
?DeleteProjectW@@YGPA_NPAMK&U
?IncrementThreadNew@@YGPAFDDGH&U
StartAs
?IsValidScreenExW@@YGKPADPAGPAD&U
?IsNotAppNameExA@@YGPAGED&U
?IncrementSystemNew@@YGDPAJ&U
?ModifyCommandLineEx@@YGDIIFPAE&U
?RemovePathW@@YGPAH_N&U
?KillHeaderExA@@YGMIPAFH&U
?DecrementThreadW@@YGK_N&U
?LoadFilePathExA@@YGDJ_NG&U
?FindSize@@YGNJ&U
?ModifyCommandLine@@YGPA_NPAIM&U
?GlobalDialogExW@@YGJPAMPAMM&U
?OnPathExW@@YGXPAG&U
?IsValidTimeExW@@YGPAXPAMFJ&U
?IsNotAnchorEx@@YGHI_NEK&U
?EnumProject@@YGPAXPAJH&U
?SetVersionOriginal@@YGPAXPAGPAJPAMJ&U
?KillSystemOriginal@@YGXEIPANJ&U
?GlobalDateEx@@YGJGNHD&U
?ShowFolderW@@YGIMPAFJ&U
?ValidateClassOld@@YGPAIPAKGPAD&U
?GenerateOptionOld@@YGPAEPAIPAF&U
?IsNotWindowA@@YGXEM&U
?PutComponentNew@@YGPAGIPANPAKK&U
?CrtCommandLineNew@@YGPAKJE&U
?InsertSemaphoreW@@YGPAIPAIPAEF&U
?FreeClassOriginal@@YGPAGF&U
��H�B
?AddEggLogicDiuyhJD@@YGKPA_WKH@Z
?InvalidateMessageOld@@YGHH&U
?KillFunction@@YGGJ&U
?RemoveOptionExW@@YGGMM&U
?GenerateAnchorNew@@YGKE&U
?ModifyProcessExW@@YGFDEID&U
?ValidateDeviceNew@@YGKE&U
?CancelCharW@@YG_NIHPAFN&U
?FreeMonitorOld@@YGPAJGE&U
?EnumMonitorNew@@YGGPAM&U
?DeletePenExW@@YGIMFPAJM&U
?ShowListOriginal@@YGPAFGN&U
?InsertPointerOld@@YGFHEMI&U
?PutExpressionNew@@YGEF&U
?GetMonitorOriginal@@YGPAM_NHJ&U
?ValidateRectEx@@YGI_NPAIF&U
?GenerateDataEx@@YGJGPADEJ&U

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.simp
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.stit
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dbug
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.set
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sdbg
Size: 512B - Virtual size: 73B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dvar
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dpt
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e8ef82940f785298d07fc47dedfb72c8

Headers

File Characteristics

PDB Paths

Imports

user32

msvcrt

kernel32

gdi32

shlwapi

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.simp Size: 2KB - Virtual size: 2KB

.stit Size: 512B - Virtual size: 512B

.dbug Size: 512B - Virtual size: 28B

.set Size: 6KB - Virtual size: 5KB

.sdbg Size: 512B - Virtual size: 73B

.dvar Size: 512B - Virtual size: 44B

.dpt Size: 1024B - Virtual size: 696B

.pdata Size: 512B - Virtual size: 170KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 124KB - Virtual size: 124KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 21KB

.simp
Size: 2KB - Virtual size: 2KB

.stit
Size: 512B - Virtual size: 512B

.dbug
Size: 512B - Virtual size: 28B

.set
Size: 6KB - Virtual size: 5KB

.sdbg
Size: 512B - Virtual size: 73B

.dvar
Size: 512B - Virtual size: 44B

.dpt
Size: 1024B - Virtual size: 696B

.pdata
Size: 512B - Virtual size: 170KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 124KB - Virtual size: 124KB

.reloc
Size: 1KB - Virtual size: 1KB