8a849d434cd2da92e82e8c4e7807d3f5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

8a849d434cd2da92e82e8c4e7807d3f5_JaffaCakes118
Size

604KB
MD5

8a849d434cd2da92e82e8c4e7807d3f5
SHA1

e4492387f5b8c6f3ab5ea15e1004e735d7b3e06d
SHA256

fcb58d783d3a4f38a6eb61a9d0ebea1746b9910ce1010f5d53a9bcfe79268343
SHA512

4f20b11a2cf569593cd4dcf37572c7ea7cb9f240603436adccb6ee698d363a69d995660d0b6188cab057c8d78507a581a0e6853d65c4c5f9815646bf0015a6b5
SSDEEP

12288:jjWUE50AdkFJMTSVIDGruqu8hE8VHdiMXSfBtvHHSF6A5yTvdLh0f+49Wg+gra:XWUE50AdSGTcIDG56A5yLgf++J+gra

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8a849d434cd2da92e82e8c4e7807d3f5_JaffaCakes118

Files

8a849d434cd2da92e82e8c4e7807d3f5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f81c90e073142b60e328327a24162503

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

pafcv2

ord7
ord2
ord1
ord5
ord6
ord3
ord4

paftopdf

ord1

libtiff

ord2
ord9
ord35
ord42
ord32
ord10
ord5

imm32

ImmReleaseContext
ImmSetConversionStatus
ImmGetOpenStatus
ImmGetConversionStatus
ImmAssociateContext
ImmGetContext
ImmSetOpenStatus

gdi32

GetTextExtentPoint32A
MaskBlt
GetObjectA
StartPage
SetICMMode
SelectPalette
GetDIBits
SetBkMode
SetTextColor
CreatePolygonRgn
PtInRegion
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SelectObject
GetStockObject
FillRgn
CreateFontIndirectA
CreatePalette
StretchDIBits
RealizePalette
GetDeviceCaps
CreateBitmap
EndDoc
EndPage
AbortDoc
SetPixel
StartDocA
RestoreDC
SaveDC
CreateSolidBrush
GetTextMetricsA
CreatePen
Polygon
SetViewportOrgEx
GetViewportOrgEx
Rectangle
CreateRoundRectRgn
DeleteDC
CreateRectRgn
CreateDCA
CombineRgn

mfc42

ord540
ord350
ord353
ord3742
ord818
ord5572
ord860
ord2915
ord6242
ord2575
ord3402
ord3574
ord640
ord809
ord323
ord556
ord5785
ord6241
ord1146
ord4160
ord2450
ord2452
ord2122
ord613
ord1640
ord6880
ord289
ord2864
ord2614
ord3874
ord4133
ord4297
ord5788
ord472
ord2567
ord283
ord5875
ord2859
ord6358
ord1088
ord2405
ord5053
ord3619
ord2860
ord4299
ord2078
ord2243
ord4287
ord1871
ord6571
ord2801
ord958
ord665
ord1979
ord5186
ord1264
ord3692
ord6157
ord5791
ord535
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord6741
ord3610
ord801
ord610
ord656
ord6508
ord616
ord6143
ord541
ord287
ord2817
ord3317
ord6199
ord6920
ord858
ord6662
ord4278
ord6663
ord6139
ord3092
ord819
ord6883
ord5863
ord568
ord2302
ord5981
ord3873
ord6154
ord2530
ord4364
ord4056
ord5471
ord4121
ord2389
ord5082
ord1709
ord1712
ord6053
ord5234
ord6369
ord5248
ord2444
ord3598
ord642
ord327
ord2408
ord1175
ord654
ord5858
ord6140
ord341
ord4235
ord4454
ord4759
ord3089
ord4475
ord2096
ord384
ord5279
ord755
ord1168
ord470
ord812
ord559
ord6144
ord6145
ord5951
ord6402
ord1200
ord1199
ord2818
ord2431
ord3812
ord2301
ord3095
ord4694
ord5802
ord2370
ord1158
ord6197
ord6379
ord2645
ord5953
ord2825
ord3098
ord6876
ord3097
ord6334
ord2358
ord795
ord6215
ord2379
ord4275
ord3711
ord783
ord2652
ord5681
ord1669
ord940
ord941
ord2784
ord4284
ord6128
ord713
ord5859
ord6141
ord414
ord924
ord922
ord3752
ord537
ord2516
ord939
ord4129
ord4277
ord5683
ord2763
ord3803
ord3499
ord5608
ord2362
ord2089
ord3573
ord2764
ord3797
ord3693
ord4394
ord4124
ord1834
ord5067
ord1660
ord4607
ord4716
ord354
ord268
ord4375
ord4852
ord4834
ord355
ord4229
ord2515
ord4608
ord1265
ord6648
ord859
ord1188
ord5789
ord2065
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord6086
ord5787
ord2754
ord6170
ord1870
ord5821
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord5651
ord692
ord2582
ord4402
ord3640
ord693
ord6907
ord4243
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord1567
ord1665
ord4436
ord4427
ord674
ord366
ord2455
ord2087
ord4457
ord5252
ord5871
ord6378
ord6380
ord4413
ord4793
ord5282
ord5054
ord4499
ord6828
ord4724
ord3744
ord6385
ord5442
ord3318
ord5604
ord1233
ord3921
ord5781
ord6377
ord6194
ord3754
ord4480
ord6672
ord3810
ord2554
ord4476
ord6282
ord3093
ord4274
ord4486
ord2512
ord5731
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord3922
ord1153
ord617
ord5301
ord5214
ord296
ord986
ord520
ord2621
ord1134
ord1205
ord2725
ord1601
ord861
ord1839
ord361
ord5678
ord3138
ord5736
ord4224
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord1945
ord4273
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord3748
ord1726
ord4432
ord560
ord813
ord5260
ord4723
ord5861
ord3521
ord6605
ord5873
ord800
ord3616
ord3127
ord5016
ord4750
ord3639
ord1641
ord3706
ord2414
ord609
ord3663
ord3626
ord567
ord3572
ord4424
ord5290
ord4396
ord1776
ord6055
ord2574
ord3571
ord823
ord4376
ord4853
ord6453
ord4710
ord4234
ord825
ord324
ord4123
ord2642
ord2086
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord5265
ord4635
ord2299
ord3721
ord2649
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
atol
strtok
strncat
rewind
fwrite
realloc
_snprintf
_access
_mbsrchr
strstr
_mbsstr
fseek
ftell
strtol
fprintf
_mbschr
ceil
wcscmp
_CIpow
_controlfp
tolower
_ismbcspace
_mbsinc
memmove
_ismbslead
calloc
div
_mbsicmp
_unlink
atof
sprintf
_mbscmp
_mbstok
fopen
fread
fclose
_open
_fstat
_close
_except_handler3
printf
strncpy
_iob
fflush
malloc
free
strchr
__CxxFrameHandler
atoi
_CxxThrowException
_ftol
_mbscat
_mbscpy
toupper
_stricmp
_setmbcp

kernel32

GlobalUnlock
ResumeThread
ExpandEnvironmentStringsA
GlobalFree
GlobalLock
GlobalAlloc
FindClose
GetDriveTypeA
FindFirstFileA
GlobalSize
GlobalFlags
GetLastError
GetProcAddress
LoadLibraryA
FreeLibrary
DeleteFileA
SetLastError
WideCharToMultiByte
MultiByteToWideChar
GetProfileStringA
GetSystemTime
LocalFree
FormatMessageA
GetVersionExA
GetLocaleInfoA
GetModuleHandleA
CloseHandle
CreateFileA
CreateDirectoryA
lstrcmpA
MulDiv
ReadFile
CreateThread
SetEvent
ResetEvent
CreateEventA
TerminateThread
GetExitCodeThread
GetStartupInfoA
WaitForSingleObject
SetCurrentDirectoryA
GetCurrentDirectoryA
GetFileAttributesA
lstrlenA
OutputDebugStringW
lstrcpyA
lstrcatA
GetFileSize
GlobalHandle
CreateProcessA
LocalUnlock
LocalLock
GetTempFileNameA
CreateMutexA
FindResourceA
LoadResource
LockResource
lstrcpynA
GetPrivateProfileIntA
GetPrivateProfileStringA
ReleaseMutex
GetModuleFileNameA
FindNextFileA
GetTempPathA
GetTickCount
lstrcmpiA
Sleep
GlobalReAlloc
GetLocalTime
IsDBCSLeadByte
LCMapStringA
GetSystemDefaultLCID

user32

OpenClipboard
ReleaseCapture
DrawFocusRect
FillRect
InflateRect
FrameRect
GetWindowLongA
SetCursor
SetRectEmpty
ReleaseDC
GetDC
UpdateWindow
GetDesktopWindow
ClientToScreen
GetCursorPos
SetCapture
LoadBitmapA
IsIconic
SetTimer
OffsetRect
SystemParametersInfoA
PtInRect
SetRect
SetActiveWindow
LoadStringA
EqualRect
DrawTextA
GetSystemMetrics
DispatchMessageA
TranslateMessage
PeekMessageA
IntersectRect
IsRectEmpty
IsWindowVisible
SetFocus
RegisterWindowMessageA
CopyRect
GetSysColor
GetParent
IsClipboardFormatAvailable
GetClientRect
AppendMenuA
DeleteMenu
GetSubMenu
LoadMenuA
wsprintfA
KillTimer
GetSystemMenu
DrawMenuBar
SetMenu
DestroyMenu
SetWindowRgn
IsZoomed
SetForegroundWindow
PostThreadMessageA
SetMenuDefaultItem
EnableMenuItem
CharPrevA
wsprintfW
InvalidateRgn
WaitForInputIdle
IsWindow
RegisterClassA
RegisterClassExA
LoadCursorA
ShowWindow
GetLastActivePopup
FindWindowA
MessageBoxA
GetFocus
DrawStateA
InvalidateRect
GetIconInfo
RedrawWindow
LoadImageA
CloseClipboard
GetClipboardData
ScreenToClient
DestroyIcon
DestroyCursor
GetDlgItem
SendMessageA
EnableWindow
PostMessageA
GetWindowRect
LoadIconA

winspool.drv

GetPrinterA
DocumentPropertiesA
ClosePrinter
DeviceCapabilitiesA
OpenPrinterA
GetPrinterDriverA
EnumPrintersA

advapi32

RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegEnumValueA
RegCreateKeyExA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHGetFileInfoA
SHBrowseForFolderA

comctl32

ImageList_Add
ImageList_DragLeave
ImageList_EndDrag
ImageList_DragMove
ImageList_DragEnter
ImageList_BeginDrag

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemFree
CLSIDFromString

oleaut32

SysFreeString

gdiplus

GdipCloneImage
GdipFree
GdipLoadImageFromFile
GdipGetImageThumbnail
GdipSaveImageToFile
GdipDisposeImage
GdipAlloc
GdipGetImageEncoders
GdiplusShutdown
GdiplusStartup
GdipGetImageEncodersSize

Sections

.text
Size: 436KB - Virtual size: 435KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 28KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xrdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f81c90e073142b60e328327a24162503

Headers

File Characteristics

Imports

pafcv2

paftopdf

libtiff

imm32

gdi32

mfc42

msvcrt

kernel32

user32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

gdiplus

Sections

.text Size: 436KB - Virtual size: 435KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 28KB - Virtual size: 63KB

.rsrc Size: 12KB - Virtual size: 12KB

.xrdata Size: 68KB - Virtual size: 68KB

.text
Size: 436KB - Virtual size: 435KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 28KB - Virtual size: 63KB

.rsrc
Size: 12KB - Virtual size: 12KB

.xrdata
Size: 68KB - Virtual size: 68KB