873275296eba1eaad946c3566119a385_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

873275296eba1eaad946c3566119a385_JaffaCakes118
Size

167KB
MD5

873275296eba1eaad946c3566119a385
SHA1

afea31b0d038e01d2409962113612d6f53f652e6
SHA256

31601ef8e410faff269af5861709d4cac7ac68c50c003086bd2519ac56e1898b
SHA512

2829843a765f37c3e21cd515ca4351bf978313d8be80f0293375600c61c2f74a165d56072d1b073a4ae37770e9a1deca8c5fbe7cb95506435c8655ed3902c581
SSDEEP

3072:AapO5tyJn/1u4nRJ68qlwrawlaX384Mcse3mzbMCMkU/skqUB+C:Jo5I9JNqulcBCWmzIClUZB+C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
873275296eba1eaad946c3566119a385_JaffaCakes118

Files

873275296eba1eaad946c3566119a385_JaffaCakes118
.exe windows:5 windows x86 arch:x86

3d18629a19b961527d8010fdf1c00732

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\dpBHppNSawrjjf\kazXgac\TgyVzgFzIz\kwSTpTpm.pdb

Imports

shlwapi

PathRemoveBlanksW
StrToInt64ExA
StrToIntA
ChrCmpIA

user32

GetMenu
WaitForInputIdle
IsMenu
DialogBoxParamA
LoadStringW
FindWindowA
GetSubMenu
SetDlgItemTextA
SetCaretPos
TileWindows
SystemParametersInfoW
GetFocus
GetForegroundWindow
DrawIconEx
CharUpperBuffA
GetMenuStringA
GetDlgCtrlID
CreateCaret
DialogBoxIndirectParamW
ExitWindowsEx
GetClassInfoExA
ChildWindowFromPoint
SetWindowLongA
RegisterClassExW
GetMenuItemID
UnionRect
LoadCursorA
CopyImage
GetUserObjectInformationA
SendMessageA
GetSystemMetrics
VkKeyScanW
GetMenuItemInfoW
TrackPopupMenuEx
LookupIconIdFromDirectory
GetCursorPos
IsCharAlphaNumericW
SetSysColors
IsWindowUnicode
GetDoubleClickTime
EnableWindow
ShowScrollBar
CharToOemBuffA
DrawFrameControl

kernel32

GetCurrentThreadId
GetCurrentThread
CreateNamedPipeA
GetModuleFileNameW
DisconnectNamedPipe
FindResourceExA
GetDateFormatA
HeapLock
ExitProcess
GetCommandLineA
SetFilePointer
LoadResource
SleepEx
GetAtomNameW
CopyFileW
CompareFileTime
FindFirstFileA
GetComputerNameExW
EnumSystemLocalesA
GetModuleHandleW
DuplicateHandle
UnlockFile

gdi32

RemoveFontResourceW
CreateBitmapIndirect
OffsetViewportOrgEx
CreateDCW
GetTextFaceW
GetROP2
EndPath
BitBlt
CreateHatchBrush
GetStockObject
SetROP2
CreateEllipticRgnIndirect
CreatePalette
GetBkMode
SetWindowOrgEx
PatBlt
LPtoDP
RealizePalette
GetViewportOrgEx

msvcrt

swscanf
wcstombs
islower
putc
_controlfp
isprint
__set_app_type
__p__fmode
wcslen
__p__commode
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
iswalpha
qsort
tolower
_XcptFilter
iswdigit
isalnum
_exit
_cexit
strcoll
__setusermatherr
__getmainargs
strtok

Exports

Exports

?SendCommandLineA@@YGJPAD&U
?InstallFilePathNew@@YGPADEKFPAF&U
?SetCharEx@@YG_NPAGFM&U
?RemoveWidthW@@YGPAN_NG&U
?CallDeviceEx@@YGXPAKNFI&U
?IncrementArgument@@YGPAHPAFE&U
?SendTimerW@@YGIII&U
?InsertSectionA@@YGHMPAJG&U
?FindConfigOriginal@@YGMJE&U
?ValidateProvider@@YGXJ&U
?GenerateFunctionOriginal@@YGPAKPAMIPAGPAE&U
?HideFolderPath@@YGPAXJPAIPAG&U
?GetCommandLineW@@YGPAFHPAH_NPAJ&U
?HidePathA@@YGXJNJM&U
?DeleteWidthEx@@YGPAXPAEIJPAM&U
?FullNameExA@@YGKPAFEPAG&U
?InvalidateWindowInfoOld@@YGGGJDPAG&U
?EnumCommandLineNew@@YGPAXPAM&U
?Profile@@YGIPAHPAK&U
?AddComponent@@YGGFFM&U
?ShowProcessA@@YGPAFGPAG&U
?CrtTimerNew@@YGPAXPAJ&U
?GlobalAnchorEx@@YGMKGJ&U
?CrtModuleExW@@YGEPAEPAI&U
?GenerateProcessExA@@YGPADPAMJJ&U
?InvalidateTimerOld@@YGPAMPAN&U
?HideProjectOriginal@@YGPAMHFH&U
?CancelThreadEx@@YGXHG&U
?ValidateWidth@@YGHPAMKPAK&U
?KillMonitor@@YGPAEDPAKMJ&U
?ModifyHeaderEx@@YGJEGH&U
?ModifyExpressionA@@YGPAEPAD&U
?ValidateScreenA@@YGGDG&U
?IsWindowInfo@@YGMNNKN&U
?DeleteOptionEx@@YGJFPA_NPAD&U
?SendListItemNew@@YGMHJJJ&U
?HideAppNameOld@@YGJMHG&U
?CrtExpressionExW@@YGPAKD&U
?CancelDialogExA@@YGFKF&U
?SetSystemOriginal@@YGPAKPAFN&U
?HideKeyNameOriginal@@YGPAHG&U
?CancelProcessEx@@YGXDF&U
?PutHeightNew@@YG_NNJ&U
?DeleteHeightOriginal@@YGJM_NFPAG&U
?ValidateRectOriginal@@YGHKDHPA_N&U
?InvalidateSystemExW@@YGJF&U
?IsNotHeightOld@@YGJMPADPAM&U
?CrtTaskExW@@YGG_NPAJNN&U
?SetClassOld@@YGNGFPAKE&U
?LoadFileNew@@YGPAMJ&U
?FormatStringOriginal@@YGHNEHPAF&U
?ShowMutantEx@@YGPAGMPAJME&U
?InvalidatePointA@@YGDFDI&U
?DecrementAppName@@YGPAMPAENKI&U
?ModifySectionExA@@YGXHPAKPANPAF&U
?SendThread@@YGPAHGPAD&U
?CallProjectExW@@YGHPANMPADN&U
?ShowNameOriginal@@YGPAKNPAJ&U
?OnSemaphoreNew@@YGPAXH&U
?PutFileOld@@YGJPAIPAK&U
?OnText@@YGGKK&U
?EnumFullNameA@@YGNPAIJ_NH&U
?FunctionNew@@YGPAIJGG&U
?RtlMessageOriginal@@YGPAXPAM_NFI&U
?SetFolderExA@@YGHFEF&U
?HideConfigExA@@YGDJG&U
?FreeKeyNameExA@@YGIPAJF&U
?CloseExpressionOriginal@@YGPAXPAIPAFJ&U
?SetWindowW@@YGPAHKD&U
?OnHeightExA@@YGPAIPAENPAF&U
?CopyThreadA@@YG_NPAG_NPAD&U
?RemoveScreenExA@@YGPAX_N&U
?DeleteKeyNameOriginal@@YGXDNHJ&U
?LoadListItemOld@@YGIPAJMPAHE&U
?ModifyWindowOld@@YGNPAMEGG&U
?GlobalArgumentEx@@YGHPAE_NG&U
?PutMutantExW@@YGXJDED&U
?GetFullNameExA@@YGPAKDFIG&U
?GenerateStringExA@@YGXMEPAEH&U
?GenerateListNew@@YGPAKPAF&U
?CrtProviderW@@YGPA_N_N&U
?ShowDirectoryExA@@YGKDPAJEK&U
?GlobalCharA@@YGEDGKG&U
?DecrementWidthOriginal@@YGPAE_NPAFH&U
?RtlProcessOriginal@@YGJMJ&U
?SendHeader@@YGPAMPAHGHD&U
?GetMutantNew@@YGPAIKFPAM&U
?SetKeyNameOriginal@@YGPAGI&U
?OnFolderPathW@@YGPAXPANKPAHJ&U
?RtlRectA@@YGHHGIPAI&U
?RemoveFolderOld@@YGHD&U
?IsNotArgument@@YGDPAKE&U
?GenerateTimeW@@YGPAEKPADK_N&U
?InsertKeyNameExA@@YGGDFKD&U
?InvalidateArgument@@YGKE_NMJ&U
?InstallExpressionOld@@YGGDNGM&U
?CallSize@@YGMD&U
?RtlMonitorExW@@YGGPAH&U
?CallTaskA@@YGPANIPAEGD&U
?ArgumentNew@@YGXDGJ&U
?PutSizeNew@@YGDPAHD&U
?ShowProcessW@@YGXJPAN&U
?IsValidOption@@YGMPAGPAJF&U
?IsNotWindowInfo@@YGPAJPAJ&U
?PutHeader@@YGIPADIHK&U
?ShowExpressionOld@@YGPAGJDJ&U
?ConfigNew@@YGPAGJPAM&U
?CrtMonitorExW@@YGPAFD&U
?InstallMediaTypeOld@@YGEGPAFE&U
?InsertMainStructDlhSi@@YGKGH@Z
?LoadMemoryNew@@YGGPAEFFG&U
?DecrementAppNameExA@@YGFKF&U
?GlobalProfileW@@YGKHIPADF&U
?FreeObjectW@@YGGPAMPAMPAK&U
?RemoveWindowInfoExA@@YGGD&U
?SendListOriginal@@YGPAEJ&U
?FreeKeyboardEx@@YGMMGDPAD&U
?DecrementCharNew@@YGXF&U
?LoadFunctionExW@@YGJDKPAF&U
?ShowEventA@@YGIE_N_N&U
?DeleteTimeExW@@YGKKPAH&U
?FreePathExA@@YGPAIPAHPAJPAI&U
?SetModuleOld@@YGHGFKG&U
?IncrementSectionEx@@YGPAGK&U
?AddModuleOld@@YGKPA_NMH&U
?CallProfile@@YGXJ&U
?CopyKeyNameA@@YGPAII&U
?PutDirectoryExW@@YGMEJH&U
?CancelTimeExW@@YGPAHHMPAKD&U
?ValidateFunctionEx@@YGPAXMPAEI&U
?EnumDateTimeExA@@YGDPADFFPA_N&U
?OnDateA@@YG_NPAKE&U
?DeleteCommandLineA@@YGPANEGPADM&U
?IsValidPathOld@@YGPAXFPADPAIH&U
?GlobalAnchorOriginal@@YGPANGEDM&U
?AddMutantOriginal@@YGME&U
?CloseProjectW@@YGFFFHI&U
?CopyTaskW@@YG_NK&U
?AddAppNameW@@YG_NPANIPAFJ&U
?SetHeaderExW@@YGMGDHD&U
?IsEventExA@@YGXJ&U
?SetArgumentOriginal@@YG_NGIED&U
?IsValidFolder@@YGPAMEPAE&U
?CopyPointerNew@@YGMPAMFG&U
?RtlDialogOriginal@@YGJJPAEFI&U
?AddCommandLine@@YGKPAIPA_NMPAD&U
?DeleteDialog@@YGXIHDPAG&U
?GetHeightEx@@YGMMDPA_N&U
?ModifyArgumentOld@@YGPAMPAMPAHN&U
?ProcessExA@@YGD_NG&U
?IsValidArgument@@YGXPAHPAEPADPAF&U
?FindFile@@YGDNFFPAK&U
?DeleteClassNew@@YGEDDD&U

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rimp
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdbg1
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.redt
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rit
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdbg2
Size: 512B - Virtual size: 74B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rvar
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rpt
Size: 512B - Virtual size: 315B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hdata
Size: 1024B - Virtual size: 752B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ping
Size: - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d18629a19b961527d8010fdf1c00732

Headers

File Characteristics

PDB Paths

Imports

shlwapi

user32

kernel32

gdi32

msvcrt

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rimp Size: 2KB - Virtual size: 2KB

.rdbg1 Size: 512B - Virtual size: 28B

.redt Size: 6KB - Virtual size: 5KB

.rit Size: 1024B - Virtual size: 516B

.rdbg2 Size: 512B - Virtual size: 74B

.rvar Size: 512B - Virtual size: 44B

.rpt Size: 512B - Virtual size: 315B

.hdata Size: 1024B - Virtual size: 752B

.data Size: 2KB - Virtual size: 1KB

.ping Size: - Virtual size: 126KB

.rsrc Size: 129KB - Virtual size: 128KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 21KB

.rimp
Size: 2KB - Virtual size: 2KB

.rdbg1
Size: 512B - Virtual size: 28B

.redt
Size: 6KB - Virtual size: 5KB

.rit
Size: 1024B - Virtual size: 516B

.rdbg2
Size: 512B - Virtual size: 74B

.rvar
Size: 512B - Virtual size: 44B

.rpt
Size: 512B - Virtual size: 315B

.hdata
Size: 1024B - Virtual size: 752B

.data
Size: 2KB - Virtual size: 1KB

.ping
Size: - Virtual size: 126KB

.rsrc
Size: 129KB - Virtual size: 128KB

.reloc
Size: 1KB - Virtual size: 1KB