85ee8e7db811ad63be7c7fb90892c691_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

85ee8e7db811ad63be7c7fb90892c691_JaffaCakes118
Size

221KB
MD5

85ee8e7db811ad63be7c7fb90892c691
SHA1

97a660702b14404be92f348444e19f5138b76755
SHA256

bce9492f6fac8a7047a6dc090b11b6003a99f5a96bdfe8fcfe5b9c413cc71101
SHA512

e091f23466001b6cffd4f28af3eef0e1d722ec1098ee6c9fe7827cc4fe5f59adae2dd5dd5e716660e9258fff8a265f1bc97268c672317e69d49d5158b4e32e4f
SSDEEP

6144:Y9kDe5CCF/XxVCfL8EqQWhfyDuHZH+DwEkNt/M5J1:kkALhwfL8JDKaHl+DSTM5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
85ee8e7db811ad63be7c7fb90892c691_JaffaCakes118

Files

85ee8e7db811ad63be7c7fb90892c691_JaffaCakes118
.exe windows:5 windows x86 arch:x86

999068042a0e0089d1b93af964ddcc06

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\HKuJoEncifslx\wsNyrEdC\obodibxgNFX\juvQRwlwl.pdb

Imports

user32

IsIconic
MapWindowPoints
DrawStateA
EnumThreadWindows
CreatePopupMenu
DrawFocusRect
WindowFromPoint
ShowScrollBar
GetWindowTextA
InternalGetWindowText
MapVirtualKeyW
DrawTextExW
LookupIconIdFromDirectory
SystemParametersInfoA
DestroyCursor
SwapMouseButton
IsCharUpperA
SetCursor
SetMenu
CheckRadioButton
GetKeyState
ExitWindowsEx
GetScrollRange
GetCursorPos
ValidateRect
ReleaseDC
GetKeyNameTextW
BringWindowToTop
SetWindowPlacement
CharNextA
ReplyMessage
IsDialogMessageA
OpenIcon
IsWindowUnicode
IsCharAlphaW
SendInput
GetDCEx
CreateDialogParamA
DragObject
GetWindowPlacement
EndTask
SetLastErrorEx
SetScrollPos
wvsprintfW
ModifyMenuW
DrawIcon
CharPrevA
HideCaret
DefWindowProcA
InSendMessageEx
wsprintfW
DrawTextW
GrayStringW
VkKeyScanW
SendMessageTimeoutW
ChildWindowFromPointEx
RemovePropW
GetMenuCheckMarkDimensions
CreateIconIndirect
DrawStateW
InSendMessage
IntersectRect
IsDialogMessageW
GetShellWindow
RegisterClassExA
SendDlgItemMessageA
CharNextExA
CharNextW
GetSystemMetrics
DefDlgProcW
SetPropW
TranslateMessage
ScrollWindow
IsWindowVisible
SetActiveWindow
LoadCursorW
GetIconInfo
AppendMenuA
ShowCursor
GetUserObjectInformationW
GetSysColorBrush
CheckMenuItem
SetSysColors
GetNextDlgTabItem
MoveWindow
GetMessageA
GetClientRect
IsChild
TranslateAcceleratorA
ScreenToClient
OffsetRect
PostQuitMessage
CharPrevW
GetDlgItemTextW
GetMenuItemRect
ActivateKeyboardLayout
GetParent
CallWindowProcW
OpenInputDesktop
GetMenuStringA
EqualRect
SetDlgItemTextW
RegisterWindowMessageA
wsprintfA
wvsprintfA
GetScrollPos
CreateMenu
LoadAcceleratorsA
AllowSetForegroundWindow
TrackPopupMenuEx
LoadStringA

kernel32

SetNamedPipeHandleState
lstrcpynW
CreateNamedPipeA
VirtualFree
SetErrorMode
SetWaitableTimer
IsBadCodePtr
HeapValidate
GetThreadContext
RaiseException
CloseHandle
GetNumberFormatA
SuspendThread
lstrlenW
LoadLibraryW
LocalReAlloc
GetComputerNameExW
GetFileSize
GetVersionExA
AddAtomW
PulseEvent
UnmapViewOfFile
WaitForMultipleObjectsEx
GetCurrentProcess
GlobalGetAtomNameW
CreateFileW
HeapUnlock
GetCommTimeouts
EnumResourceNamesA
GetModuleFileNameA
GetWindowsDirectoryW
CreateRemoteThread
SetPriorityClass
IsDBCSLeadByteEx
SetUnhandledExceptionFilter
WaitForMultipleObjects
GetOverlappedResult
GetCurrentProcessId
GetCompressedFileSizeW
WinExec
VirtualAlloc
SetFilePointer
SetHandleInformation
LeaveCriticalSection
ClearCommBreak
SetCurrentDirectoryA
FileTimeToLocalFileTime
GetTimeZoneInformation
WriteConsoleInputA
lstrcmpiW
GetStringTypeExW
GlobalGetAtomNameA
GetTimeFormatW

gdi32

PatBlt
GetCurrentObject
SetTextColor
SetDIBits
CreateHalftonePalette
SetBkMode
SetViewportExtEx
SetBitmapBits
MoveToEx
GetTextCharsetInfo
CreatePenIndirect
ExtTextOutW
SelectObject
GetDIBits
DeleteDC
CreateDCW
EndPage
CreateHatchBrush
TextOutA
CreateFontW
LineTo
GetTextFaceW
StretchBlt
SetPaletteEntries
RestoreDC
GetDIBColorTable
GetObjectA
DeleteObject
DPtoLP
ScaleViewportExtEx
SetViewportOrgEx
GetTextMetricsA
GetBkMode
EndPath
CreateFontIndirectW
SaveDC
Ellipse
UnrealizeObject
ExcludeClipRect
StartPage
EndDoc
SetBitmapDimensionEx
GetROP2
PathToRegion
GetTextExtentExPointW
ExtTextOutA
GetTextExtentPointA

comdlg32

ReplaceTextW
GetOpenFileNameA
CommDlgExtendedError
ChooseFontW
GetSaveFileNameA

msvcrt

isspace
puts
setlocale
strtok
atol
strncmp
_controlfp
iswprint
__set_app_type
swprintf
iswxdigit
rand
strspn
isalpha
__p__fmode
strcspn
getc
__p__commode
_amsg_exit
sprintf
_initterm
isdigit
clock
isprint
_acmdln
exit
_ismbblead
wcscat
_XcptFilter
iswalpha
wcstoul
wcschr
wcslen
wcscpy
fread
_exit
wcsncpy
towlower
_cexit
time
__setusermatherr
__getmainargs
fputs
vsprintf
wcstombs
wcsrchr

Exports

Exports

?LoadName@@YGPAMHJPAED~U
?IsValidClassNew@@YGPAXPAHHH~U
?IncrementWindowA@@YG_NG~U
?GetHeaderNew@@YGPAFPAFGGH~U
?ModifyScreen@@YGPAKNI~U
?DeleteClassNew@@YGPAJPAGPADMPAG~U
?EnumPointerExA@@YGMJ~U
?IncrementMemory@@YGPAFE~U
?DecrementNameW@@YGFDD~U
?FormatDialogExA@@YGJGPAM~U
?InstallExpressionExA@@YGXPAGPAGPAK~U
?RemoveString@@YGPAJPAIDPAHK~U
?PutModule@@YGXDI~U
?CallFilePathW@@YGPAGN~U
?PutSystemW@@YGPAIPAIEGE~U
?CloseMutexW@@YGEE~U
?MessageOld@@YGPAXIF_N~U
?CloseFunction@@YGKPAD~U
?SetDialogExA@@YGPAGMIPA_NE~U
?LoadMutantNew@@YGPAJH~U
?IsNotDirectoryEx@@YGXPAJG~U
?RtlModule@@YGPAKPAJK~U
?CopyDialogOld@@YGIM~U
?KillExpressionW@@YGPAIPAII~U
?ModifyDialogExW@@YGPAMF~U
?CancelValueA@@YGXPAIFPAFE~U
?ValidateScreenExA@@YGJIPAGIPAK~U
?CopyProjectExA@@YGKKPAIPAFPAJ~U
?AddNameW@@YGPAMI~U
?KillCommandLineNew@@YGPAXFJ~U
?FindEventEx@@YGKMPAEG~U
?EnumFilePathEx@@YGPAFPAIE~U
?CancelSectionOriginal@@YGXJMJ~U
?EnumFolderNew@@YGXE~U

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tbl_i
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tbl_e
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bitdat2
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bitdat0
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bitdat1
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vptr4
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 633B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

999068042a0e0089d1b93af964ddcc06

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

gdi32

comdlg32

msvcrt

Exports

Exports

Sections

.text Size: 193KB - Virtual size: 192KB

.tbl_i Size: 1KB - Virtual size: 1KB

.tbl_e Size: 1KB - Virtual size: 1KB

.bitdat2 Size: 5KB - Virtual size: 5KB

.bitdat0 Size: 512B - Virtual size: 32B

.bitdat1 Size: 512B - Virtual size: 44B

.vptr4 Size: 512B - Virtual size: 32B

.data Size: 13KB - Virtual size: 13KB

.rdata Size: 1024B - Virtual size: 633B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 193KB - Virtual size: 192KB

.tbl_i
Size: 1KB - Virtual size: 1KB

.tbl_e
Size: 1KB - Virtual size: 1KB

.bitdat2
Size: 5KB - Virtual size: 5KB

.bitdat0
Size: 512B - Virtual size: 32B

.bitdat1
Size: 512B - Virtual size: 44B

.vptr4
Size: 512B - Virtual size: 32B

.data
Size: 13KB - Virtual size: 13KB

.rdata
Size: 1024B - Virtual size: 633B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 2KB