79133ea4295fbe2a21105cd2d65375f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

79133ea4295fbe2a21105cd2d65375f7_JaffaCakes118
Size

66KB
MD5

79133ea4295fbe2a21105cd2d65375f7
SHA1

9a70e28e606110ee55605ab7b9ebc4dd7f972eb0
SHA256

30e3354b4411155eb262dddfe69a02a35820d0e90bacb2e68905387e3c563a8e
SHA512

5392572c6dba3b679bedbf0af17363b0258b7a01cf7b87f406cf0683b4fa70ae4886135c1147eae22ae7aad96d6d6b8c0bbb03f16b0182628223ddcda2ed889e
SSDEEP

1536:MR/dXMcbAuBZVDp68wWe5FI44dUSiYUDdhDopcPwx:GMKvwFSv35UDdhYxx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
79133ea4295fbe2a21105cd2d65375f7_JaffaCakes118

Files

79133ea4295fbe2a21105cd2d65375f7_JaffaCakes118
.exe windows:5 windows x86 arch:x86

de339c83d75f2c490289600aaa40fd8a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\znirvmgasa\aywwtcFWk\ecgXwQukjlxsir\JnuqxqilFSJva\zvJuctbZNSkhm.pdb

Imports

comctl32

PropertySheetA
CreateToolbarEx
ImageList_GetImageCount
ImageList_Create
DestroyPropertySheetPage
CreatePropertySheetPageW

comdlg32

GetOpenFileNameA
ChooseColorW
GetSaveFileNameA
ChooseFontW
PageSetupDlgW
PrintDlgW

gdi32

TextOutW
RectVisible
RoundRect
ExtFloodFill
UnrealizeObject
CreateICW
StretchDIBits
GetSystemPaletteUse
GetROP2
SetBrushOrgEx
TranslateCharsetInfo
SelectClipRgn
SetWindowOrgEx
SetLayout
DeleteDC
CreateBitmap
PtVisible
GetDIBColorTable
EndDoc
CreatePalette
LineDDA
Rectangle
ExcludeClipRect
CreateDiscardableBitmap
Polygon
SaveDC
CreateCompatibleBitmap
GetClipBox
GetStockObject
CreateBrushIndirect
GetWindowOrgEx
StartPage
SetStretchBltMode
SetPaletteEntries
GetLayout
GetTextColor
GetTextExtentPointW
WidenPath
CombineRgn
Escape
GetTextMetricsA
TextOutA
CreateHalftonePalette
SetTextColor
ScaleViewportExtEx
CreateDIBSection
ResizePalette
DeleteObject

user32

GetClipCursor
WindowFromPoint
SystemParametersInfoW
WaitMessage
DialogBoxIndirectParamA
DefWindowProcW
MoveWindow
CallWindowProcW
DrawTextExW
UnloadKeyboardLayout
ChangeMenuW
GetDlgItemTextW
wvsprintfA
IsChild
AdjustWindowRect
GetDlgItemInt
DrawIconEx
SystemParametersInfoA
LoadCursorA
TabbedTextOutW
CopyAcceleratorTableW
MapVirtualKeyExW
DrawIcon
DispatchMessageA
LoadIconA
MessageBoxW
DefDlgProcA
SetScrollPos
ReleaseDC
SetWindowTextA
GetUserObjectInformationW
CallWindowProcA
FindWindowExW
GetDlgCtrlID
GetClassInfoExA
GetForegroundWindow
InsertMenuA
IsWindowVisible
IsWindowEnabled
DragObject
SwitchToThisWindow
IsWindowUnicode
OpenDesktopW
SetSysColors
CreateWindowExA
AllowSetForegroundWindow
WaitForInputIdle
GetKeyboardLayoutNameW
GetWindowTextA
SetRectEmpty
SetWindowLongA
SetDlgItemTextA
CharUpperBuffA
GetClassInfoA
GetIconInfo
RegisterClassA
IsCharAlphaW
SetRect
EndDialog
OemToCharA
SendMessageW
LoadImageW
ScreenToClient
GetMenuItemInfoW
GetDCEx
GetScrollRange
GetWindowTextLengthW
SetPropW
HiliteMenuItem
PostThreadMessageA
CreateDialogParamW
SetLastErrorEx
IsWindow
MessageBoxExA
DefDlgProcW
LoadStringA
DeferWindowPos
GetScrollPos
EnumThreadWindows
CreateAcceleratorTableW
DispatchMessageW
CharUpperA
RegisterClassExW
CharLowerA
CreateCursor
IsMenu
LoadStringW
GetFocus
ArrangeIconicWindows
CheckRadioButton
DefWindowProcA
AppendMenuW
LoadBitmapA
GetPropW
CharToOemA
SetWindowPos
wvsprintfW
DestroyCaret
MessageBoxExW
CharUpperBuffW
MapWindowPoints
InflateRect
SetScrollInfo
DrawFrameControl
ValidateRect
GetMonitorInfoW
DestroyWindow
SetDlgItemInt
IsDialogMessageW
FrameRect
CreateCaret
SendMessageTimeoutA
VkKeyScanW
GetMessageW
BeginDeferWindowPos
DrawTextA
GetLastActivePopup
CreatePopupMenu

msvcrt

getc
_controlfp
wcschr
fread
system
wcsrchr
__set_app_type
__p__fmode
realloc
__p__commode
fseek
mktime
fclose
_amsg_exit
vswprintf
_initterm
strcspn
puts
swprintf
isxdigit
_acmdln
vsprintf
isdigit
wcscspn
towlower
strcoll
fgets
fwrite
strchr
strncmp
wcstok
exit
_ismbblead
isalnum
wcsncmp
_XcptFilter
_exit
floor
wcstombs
_cexit
__setusermatherr
islower
swscanf
strspn
strcpy
atoi
localtime
__getmainargs

kernel32

SleepEx
SetCommTimeouts
EscapeCommFunction
IsBadWritePtr
GetModuleFileNameA
GetFileInformationByHandle
GetModuleHandleA
MoveFileExW
GetComputerNameExA
LoadLibraryA
GlobalGetAtomNameW
GetShortPathNameA
GetTempFileNameA
GetStdHandle
SetErrorMode
FindResourceExA
ResetEvent
lstrcmpiW
FoldStringW
GetSystemTimeAsFileTime
IsBadCodePtr
QueryDosDeviceW
SetLocalTime
TlsFree
CreateNamedPipeW
GetCommandLineA
SetFilePointer
lstrcpyA
CompareStringW
CreateEventW
DeleteCriticalSection
GetCommState
HeapFree
CreateFileMappingA
GetLastError
LoadLibraryExW
lstrcpyW
LeaveCriticalSection
IsBadReadPtr
VerifyVersionInfoW
ClearCommBreak
SetThreadContext
EnumResourceTypesA
GetFileAttributesA
FreeLibrary
SetupComm
IsValidLocale
GlobalAddAtomA
FindClose
ReleaseSemaphore
GetComputerNameA
MapViewOfFile
VirtualQuery

Exports

Exports

?InstallVersionOriginal@@YGPAXPAMGH]A
?EnumSystemEx@@YGGG]A
?GlobalValueExA@@YGXPAI]A
?GlobalListExW@@YGDHIIM]A
?RtlAppNameNew@@YGFPAEE]A
?DecrementStateW@@YGE_N]A
?CopyOptionEx@@YGFHMNM]A
?CrtModuleEx@@YGXPAG]A
?FormatFunctionW@@YGDMM]A
?CopyCharExA@@YGEKPAEE]A
?GenerateClassNew@@YGPAHPAMPAFGN]A
?GlobalEventExW@@YGPAEPAII]A
?AddComponentEx@@YGMPAMEPAH]A
?CancelNameOriginal@@YGEIMPAFPAF]A
?CallFileNew@@YGFEFJPAJ]A
?HideDeviceNew@@YGXHJ]A
?IsPointExA@@YGPA_NJ]A
?OnProviderA@@YGXPAFF]A
?InsertFilePathEx@@YGDNK]A
?CrtKeyNameNew@@YGDPADIH]A
?IsValidFullNameNew@@YGDIG]A
?CallSectionA@@YGPAHNPAF]A
?IncrementDialogExA@@YGPAXHDI]A
?SetThreadW@@YGXJMH_N]A
?EnumDateOld@@YGEPAHFI]A
?PutPathEx@@YGPAJPAEPAMIE]A
?FormatFunction@@YGMPAE]A
?GlobalWindowInfoNew@@YGPAENPAD]A
?IsConfigExA@@YGXPAIDPAIE]A
?IncrementDateTime@@YGGPADMPAKE]A
?GenerateFunctionExW@@YGEPAG]A
?CloseMonitorExA@@YGGPAF]A
?CallSectionExW@@YGPADE]A
?DecrementExpressionExW@@YGIK]A
?ModifyFullNameNew@@YGPADEPAMFPAD]A
?CrtThreadOld@@YGKPAHD]A
?CrtSectionW@@YGPAJFPADPAJPAN]A
?LoadHeightExA@@YGJPAKDGF]A
?DeleteHeight@@YGPAIPAMPAGJ]A
?KillTextOriginal@@YGPAI_NH]A
?DestinationSysCounterDnDHuuey@@YGKGHE@Z
?CallDateNew@@YGPAFPAE]A
?CloseKeyNameOld@@YGFPAFKE]A
?IsNotKeyboardW@@YGGPAMDJ]A
?ValidateWidthExW@@YGD_N_N]A
?CrtWindowInfoExW@@YGXK]A
?TimeOld@@YGNHF]A
?GlobalCommandLineA@@YGMPA_N]A
?HideObjectOld@@YGXMMFF]A
?IncrementNameOriginal@@YGFE]A
?InvalidateHeightOld@@YGMME_N]A
?GenerateWidth@@YGMMDPAMPAH]A
?FindProjectExW@@YGKFNED]A
?KillDateNew@@YGIJEH]A
?GetDateOriginal@@YGGFJ]A
?GenerateDeviceA@@YGJE_N]A
?InstallMutantExW@@YGHPAMG]A
?DecrementFilePathOld@@YGGM]A
?ValidateVersionW@@YG_NKG]A
?InsertKeyboardNew@@YGJPAKFKK]A
?LoadPointW@@YGJPAMEPADPAJ]A
?RemoveWidthOriginal@@YGPADH]A
?FormatDeviceExA@@YGMFMJG]A
?GetClassNew@@YGDPAIG]A
?PutStringExA@@YGDE]A
?HideDeviceA@@YGPA_NMH]A
?KillSectionA@@YGXPA_NPAD]A
?EnumClassEx@@YGFPAGMJG]A
?ModifyDialogA@@YGHDPANFD]A
?EnumAppNameA@@YGKPAGPAFIF]A
?FormatFunctionOriginal@@YGPAG_NPAH]A
?CancelCommandLineNew@@YGIDPAI_N]A
?CopyFullNameW@@YGEIE]A
?SendScreenExW@@YGPADJ]A
?SetFileOld@@YGGPAIM]A
?EnumAnchorNew@@YGPAFD]A
?InvalidateSize@@YGJPAFPAD_N]A
?InsertEventOriginal@@YGPANPAKPAMPADI]A
?FreeProviderOld@@YGXIM]A
?CancelRectNew@@YGPAIMPAK]A
?PenExA@@YGPAXIPAGF]A
?DecrementDataOld@@YGPAEG]A
?ModifyModuleOriginal@@YGKD]A
?InstallPointNew@@YGXHJ]A
?CopyKeyNameA@@YGND]A
?InstallTimeOld@@YGXHNII]A
?CloseConfigOriginal@@YGFEK]A
?CloseProfileNew@@YGPADJMM]A
?AddConfigNew@@YGPAHIPA_N]A
?DecrementCommandLineOriginal@@YGFJPAFPAK]A
?LoadPen@@YGPAEG]A
?IncrementObjectA@@YGPAJHPAI]A
?GenerateDateTimeOriginal@@YGDPA_NHF]A
?RemoveAnchorW@@YGJJD]A
?SetSizeOld@@YGHD]A
?PutComponentOriginal@@YGPAEIM]A
?RemoveValueEx@@YGXPAN]A
?LoadAppNameW@@YGGPADNFE]A
?ModifyDateTime@@YGXHK]A
?RtlCharNew@@YGNM]A
?CloseFilePath@@YGXN]A
?GetPenOld@@YGXPAKF]A
?PutScreen@@YGPAXDPAD]A
?RtlNameOriginal@@YGPAJGH]A
?ModifyMessageNew@@YGPAIEPAHPAJ]A
?PutObjectExW@@YGEPAKPADPAE]A
?CallAppNameExW@@YGXPA_N]A
?AddKeyNameOriginal@@YGJFPAHE]A
?SendHeightOriginal@@YGMJMFE]A
?OnComponentExW@@YGPAKPAEM]A
?SendCommandLine@@YGDJ]A
?ValidateValue@@YGKPAIJD]A
?AddListItemNew@@YGHH_N_N]A
?CallThreadExW@@YGPADPAH]A
?ShowValueW@@YGFPAFFI_N]A
?CloseAnchorEx@@YGIPAH]A
?DecrementProviderOld@@YGGMMD]A
?EnumFilePathOriginal@@YGMPAGPAI]A
?CrtPointerOriginal@@YGPAXDH]A
?RtlDirectoryW@@YGMGPAGPAJF]A
?HideMutexExW@@YGII]A
?ModifyProcessNew@@YGKEPADEE]A
?GenerateDeviceEx@@YGEJIPAEPA_N]A
?CloseNameNew@@YGGPA_NPA_N]A
?IncrementCommandLineW@@YGPAXPAH]A
?ShowWindowInfoA@@YG_NJE]A
?ShowTimeExW@@YGEHD]A
?IsCharW@@YGPAXJPAHPAE]A
?HideExpressionOld@@YGEPAN]A
?IncrementOptionExW@@YG_NHJDD]A
?IsNotHeaderW@@YGPAXEPAKFPAI]A
?IsDataOld@@YGNG]A
?OnDialogW@@YGPAHMKEE]A
?KillSystemOriginal@@YGXD]A
?CrtStateExA@@YGHPADEEI]A
?GenerateProcessExA@@YGKEPADDJ]A
?CallStateNew@@YGKPANHD]A
?InvalidateKeyNameExA@@YGHPAJPANPAM]A
?GlobalScreenNew@@YGHPAMFDK]A
?IsNotNameExA@@YGF_NHGF]A
?ModifyString@@YGPAMPANI]A
?DeleteMutexOld@@YGJF]A
?AddListOriginal@@YGPAFEPAKF]A
?AddMutantNew@@YGIPAEPAM]A
?PutObjectEx@@YGJPAJM]A
?ShowSection@@YG_NPAEDPA_NN]A
?PutFunctionOriginal@@YGEKIM]A
?IsWidthNew@@YGXEEM]A
?RemovePenA@@YGPAJPA_NFKH]A
?GeneratePathExA@@YGXPADKIF]A
?ShowVersionOld@@YGGJ]A
?IsNotFunctionOld@@YGPAHKF]A
?GetHeightNew@@YGPAJPAN]A
?CallStringA@@YGJEPAHH]A
?ValidateOptionW@@YGPAMK]A
?FreeFolderOld@@YGFPAFMPAI]A
?PutDirectoryNew@@YGIE]A
?PutStateExW@@YGPAXEPAGPAD]A
?EnumKeyboardOld@@YGFHPAJ]A
?InvalidateStringW@@YGXPAFE]A
?GenerateDeviceNew@@YGPAXJ]A
?IsNotSemaphoreA@@YGFPAE]A
?KillSystemW@@YGFPAN]A
?FreeMemory@@YGFJJNJ]A
?WindowInfo@@YGPAF_ND]A
?LoadFunctionExA@@YGXMPADPAM]A
?RtlThreadExA@@YGPAMPAHPAH]A
?FreeDeviceOriginal@@YGPAHPAIIKPAK]A
?GenerateWidthNew@@YGXNEK]A
?FindKeyboardNew@@YGJMKNPAN]A
?ValidateFileExW@@YGXM]A
?OnClassExW@@YGPAGJ]A
?SendSystemExW@@YG_NPAHE]A
?GlobalSystemOriginal@@YGGIPANFE]A
?PutOption@@YGHFHGPAE]A
?Argument@@YGGPAFH]A
?IsValidCommandLineA@@YGPAGNHPAH]A
?GetProject@@YGGJ]A
?IncrementFileNew@@YGPAKHHPANPAN]A
?ModifyNameOriginal@@YGDHPAH]A
?IncrementProviderNew@@YGXPAEHNPAH]A
?CrtTextExA@@YGPAJJEEG]A
?ValidatePathExA@@YGDPAKG]A
?ValidateKeyboardA@@YGFE]A
?IsNotFilePathA@@YGPAGGEPAK]A
?ModifyCommandLine@@YGMKFPAD]A
?DecrementAppNameA@@YGJPAMGIPAI]A
?CallListItemA@@YGPAKI]A
?EnumExpressionNew@@YGPAXGH]A
?GenerateText@@YGPAXPAFIH]A
?SendFolderPathExW@@YGPAXPAIH]A
?ValidateComponentExW@@YGKPADKK]A
?FreeDataW@@YGXD]A
?ValidateFileExA@@YGEKPAJDH]A
?InvalidateExpressionNew@@YGFG]A
?FormatThreadNew@@YGPAIPA_NPADPAF]A
?IsValidAnchorOld@@YGXN]A
?GlobalTaskA@@YGKPAE]A
?DeletePointerEx@@YGMFEH]A
?ValidateProviderOld@@YGEJPAIG]A
?SetSystemExA@@YGGPAMPAM]A
?IsValidOptionW@@YGDD]A
?CallClassExW@@YGPAIIN]A
?AnchorEx@@YGKDPAE]A
?PathOriginal@@YGKPAE]A
?SendComponentNew@@YGPAEPAMIMD]A

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de339c83d75f2c490289600aaa40fd8a

Headers

File Characteristics

PDB Paths

Imports

comctl32

comdlg32

gdi32

user32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.idata Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 10KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 29KB

.idata
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 10KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 1KB - Virtual size: 1KB