a48f162c787d744cd8ad359b8b6e8944_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a48f162c787d744cd8ad359b8b6e8944_JaffaCakes118
Size

155KB
MD5

a48f162c787d744cd8ad359b8b6e8944
SHA1

9bdda260c3a9faab1f61b0e8c300b942b2d71815
SHA256

7125f42592b4e31978705dca8bd5ad24acd3bb1674c25027f8156153f0828edb
SHA512

1e89700f485e275900e0c6459bca6a9fd9b6ea315cf261fcf8f97fee81542920d58fa5fc757aaeab4696ae0d6a80640ed2b8230e84df4e99f23d657bfa0497df
SSDEEP

3072:PycM3Pqj8ehOdRQJQwDZrMLv6H5bkYDyFoEP1dfyNO:PZrOXQKwDp4v6pkYDy3A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a48f162c787d744cd8ad359b8b6e8944_JaffaCakes118

Files

a48f162c787d744cd8ad359b8b6e8944_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6612ad8cc89a62f3124ba7afafef4123

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

N:\irjmVhcl\pungharQxgpB\qwRxhEHR\swjfuejsoOnay.pdb

Imports

msvcrt

malloc
_controlfp
puts
ungetc
wcstok
sprintf
atol
strtoul
wcsstr
__set_app_type
putc
wcsncmp
wcstombs
wcslen
printf
__p__fmode
__p__commode
strtol
_amsg_exit
wcscmp
vswprintf
fclose
_initterm
_acmdln
isalnum
gmtime
wcscpy
exit
atoi
fgetc
swscanf
fseek
floor
_ismbblead
_XcptFilter
fputc
getc
fflush
clearerr
gets
_exit
_cexit
strcpy
time
wcscoll
wcspbrk
__setusermatherr
__getmainargs

shlwapi

StrChrIA

user32

ReplyMessage
SetScrollPos
GetMenuItemRect
EnableWindow
ModifyMenuW
MoveWindow
GetCursorPos
ShowOwnedPopups
IsIconic
GetFocus
BringWindowToTop
InvalidateRect
LoadCursorW
GetDlgItemTextA
MonitorFromPoint
BeginPaint
LoadCursorA
GetScrollPos
GetMessageTime
InsertMenuA
ShowWindowAsync
GetClassInfoW
SetWindowRgn
CreateIconIndirect
LoadIconW
GetWindowLongW
DialogBoxIndirectParamW
SystemParametersInfoA
GetClipCursor
DestroyCaret
SendDlgItemMessageA
OemToCharBuffA
TranslateAcceleratorA
LoadBitmapW
PostMessageW
CloseDesktop
LoadStringA
DeferWindowPos
CheckMenuItem
ActivateKeyboardLayout
LoadMenuA
WaitMessage
FillRect
CharToOemA
GetClassLongW
SendMessageW
OemToCharA
CallWindowProcW
CheckMenuRadioItem
GetShellWindow
LockWindowUpdate
PostQuitMessage
CopyAcceleratorTableW
HideCaret
ShowCaret
InSendMessageEx
SetScrollRange
SetFocus
IsChild
CopyRect
AdjustWindowRectEx
ScrollWindow
GetWindowTextLengthW
GetNextDlgGroupItem
GetKeyboardLayoutNameW
SetCursor
DestroyAcceleratorTable
GetClassInfoA
CharLowerA
GetDC
GetMenuStringW
InvertRect
SetTimer
LoadStringW
OpenDesktopW
CharNextW
GetSystemMenu
SetMenuDefaultItem
DrawTextA
GetWindowTextW
WaitForInputIdle
TabbedTextOutW
GetMessageA
PostMessageA
InflateRect
IsDialogMessageW
IsWindowUnicode
CreateDialogParamA
SetParent
GetUserObjectInformationW
MessageBoxA
DrawStateA
DefWindowProcW
SetLastErrorEx
CreateWindowExW
EnumThreadWindows
ChangeMenuW
CharUpperBuffA
GetMenuItemInfoW
SetMenuItemBitmaps
IsCharLowerA
EqualRect
SetPropW
SendMessageTimeoutW
GetClassInfoExA
ChildWindowFromPoint
IsCharAlphaW
DefDlgProcA
GetUpdateRgn
GetSystemMetrics
RemoveMenu
IsCharUpperA
GetDialogBaseUnits
AttachThreadInput
GetWindowPlacement
SendDlgItemMessageW
CharLowerW

gdi32

SetBkMode
CreateRectRgnIndirect
CreatePen
GetLayout
CreateICW
GetDIBits
OffsetViewportOrgEx
GetCurrentObject
CreateCompatibleDC
CreateBitmapIndirect
CreatePatternBrush
CreateRoundRectRgn
CombineRgn
FillRgn
ExtTextOutA
CreateDIBitmap
Escape
CreatePolygonRgn
GetTextColor
CreateFontW
ScaleWindowExtEx
TranslateCharsetInfo
RestoreDC
PathToRegion
CreateSolidBrush
CreateDiscardableBitmap
GetTextExtentPoint32W
GetNearestPaletteIndex
WidenPath
EnumFontsW
EnumFontFamiliesW
SelectClipRgn
CreateHalftonePalette
GetObjectW
ExtFloodFill
EndPath
CreateFontA
CreateBitmap
GetDeviceCaps
SetDIBColorTable
AddFontResourceW
SetMapMode
StretchDIBits
RealizePalette
CreateFontIndirectW
GetTextExtentExPointW
GetTextExtentPointA
SetWindowExtEx
SetBitmapDimensionEx
Polygon
UnrealizeObject

kernel32

SetCommState
CopyFileW
CreateWaitableTimerA
DuplicateHandle
GetSystemWindowsDirectoryW
GetCurrentDirectoryW
EscapeCommFunction
LoadLibraryExW
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
GetCurrentThreadId
WaitCommEvent
GlobalLock
GlobalGetAtomNameA
SetCommMask
CreateMailslotW
SetHandleInformation
GetACP
SetThreadAffinityMask
GetFileAttributesExA
ReadFile
SetThreadPriority
LoadLibraryA
VerSetConditionMask
SetSystemTimeAdjustment
IsBadReadPtr
GetUserDefaultLCID
MoveFileExW
ClearCommBreak
CreateFileMappingA
GetTimeZoneInformation
CreateEventA
GetBinaryTypeW
TlsGetValue
GlobalMemoryStatus
OpenFile
HeapSize
HeapReAlloc
SetCurrentDirectoryW
LocalUnlock
LoadLibraryW
GetSystemDefaultLangID
lstrcpyW
FindResourceA
InitializeCriticalSection
CompareFileTime
GetFileAttributesExW
SetTimerQueueTimer
lstrcmpW
GetModuleFileNameA
GetAtomNameA
AddAtomA
GetStartupInfoW
QueryDosDeviceW
LoadLibraryExA
LocalLock

comctl32

DestroyPropertySheetPage
ImageList_Read
ImageList_Write
ImageList_Create
ImageList_GetImageCount
CreatePropertySheetPageW

Exports

Exports

?RemoveArgumentOriginal@@YGKGF]A
?PutHeightExA@@YGJK]A
?FreeSemaphore@@YGPANHPAEIE]A
?EnumRectOld@@YGPAFI]A
?SetPointerW@@YGMFK]A
?Rect@@YGPAXG]A
?ProcessOriginal@@YGPAFJEII]A
?GlobalAnchor@@YGMKF]A
?ShowMemoryExA@@YGJKPAJDE]A
?PutHeightEx@@YGPAIPAMIM]A
?HideScreenW@@YGPAGPAJ]A
?ModifyKeyboardOld@@YGINIGG]A
?DeleteWindowInfoW@@YGPAXNHGI]A
?CallProviderW@@YGED]A
?KillSemaphoreW@@YGMKPA_N]A
?InvalidateRectExA@@YGPAGF]A
?FindSystemEx@@YGHPAGE]A
?InvalidateTimerNew@@YGXH]A
?GlobalMessageOld@@YG_NPAG]A
?InstallFullNameOriginal@@YGPA_NPAIJDPAM]A
?CancelKeyboardEx@@YGDD]A
?FindDeviceOld@@YGXFHJ]A
?CopyDialogW@@YGMJKJPAK]A
?CopyNameExA@@YGIJGF]A
?DeleteProfileExW@@YGFEPAED]A
?InstallPointer@@YGINFKK]A
?InsertPoint@@YGPAGI]A
?RtlFullNameExW@@YGFPAI]A
?IsValidThreadW@@YGJPAM]A
?PutPointA@@YGPAXF]A
?DestinationSysCounterDnDHuuey@@YGKGHE@Z
?CallMediaTypeOld@@YGMPAH]A
?CallProcessOriginal@@YGMF]A
?RtlCommandLineA@@YGJPAG]A
?RtlWidthExW@@YGIJ]A
?IsValidScreenOld@@YGPAGPAD]A
?EnumKeyNameA@@YGHDK]A
?SendFullNameEx@@YGJPAK]A
?HideHeader@@YGF_NHHJ]A
?FindHeaderW@@YGXMPAH]A
?SendAnchorExW@@YGEIPAG]A
?NameEx@@YGDFMMK]A
?RtlOptionExA@@YGPAEDPAKPAN]A
?ModifyTaskNew@@YGPAHDDM]A
?IsNotHeightW@@YGPAJPAMPAHJ]A
?DecrementPointerW@@YGDHNJ]A
?EnumClassExA@@YGFPAFF]A
?OnSectionOriginal@@YGDDH]A
?InsertHeightNew@@YGHPAIEJM]A
?ModifyExpressionEx@@YGKPAJGM]A
?DateTimeExA@@YGPAHJEG]A
?CrtCommandLineEx@@YGMFNJ]A
?PutPointW@@YGXKNKPAI]A
?ShowAnchorNew@@YGIJIIPAE]A
?CloseFullNameExW@@YGIPAM]A
?OnFilePath@@YGKPAJPAFI]A
?FreeProviderExA@@YGKPAJPAF]A
?FreeFileOld@@YGPADPAJ]A
?CopyConfigW@@YGPAEMIM]A
?CloseCommandLineW@@YGHPAF]A
?ModifyEventOld@@YGFGIMPAI]A
?CopyProjectNew@@YGEPAJ]A
?SendDialogOld@@YGHHGH]A
?ValidatePenNew@@YGXFKIF]A
?KillPointOld@@YGPAIPAIPAHH]A
?ShowProfileOriginal@@YGXFPAHF]A
?ModifyFilePathA@@YGPAJ_N]A
?RtlSectionExA@@YGHDMPAM]A
?PutPathEx@@YGPAJPAH]A
?GlobalWindowInfoA@@YGXPANPAE]A
?CloseHeightExA@@YGPADPAM]A
?DecrementArgumentEx@@YGX_NPAM]A
?CrtListItemExW@@YGPAFPA_NEI]A
?FindSemaphoreExW@@YGHPAE]A
?CancelNameOriginal@@YGEF]A
?LoadConfigExW@@YGPAXPAG]A
?PutFolderExA@@YGPAMH]A
?EnumEventEx@@YGGEM]A
?ValidateMessageEx@@YGPAFJPAE]A
?IsValidNameEx@@YGKFJHPAF]A
?CrtFunctionW@@YGXD]A
?OnProfileOriginal@@YGJHPAHDF]A
?InvalidateMemoryEx@@YGHPAMPAH]A
?KillFullNameExW@@YGEHEPAFF]A
?OnProfileNew@@YGMPAIPA_NPAFI]A
?KillDialog@@YGPAJPADPAN]A
?CloseSizeW@@YGNNPADI]A
?DeleteDateOld@@YGPAXPAI]A
?EnumFolderA@@YGXPAKPAH]A
?SetSystemOld@@YGHM]A
?FormatScreenNew@@YGXPAF_NN]A
?OnDateTimeW@@YGJ_NPADPAM]A
?ShowModuleNew@@YGMGPAD]A
?CopyMediaTypeEx@@YGPA_NEEPAI]A
?RemoveFullNameOriginal@@YGXFPAMPAGE]A
?IncrementRectNew@@YGMJPAEK]A
?IsValidWidthEx@@YGHEPAEHPAM]A
?IsNotMediaTypeExW@@YGEN]A
?CancelSizeOld@@YGGEEED]A
?FormatWindowNew@@YGHGIG]A
?FormatDialogW@@YGPAFPADD]A
?OnValueExW@@YGHKHKG]A
?InvalidateMediaTypeOriginal@@YGXPAJJ]A
?DeleteList@@YGPAMPANKPAK]A
?InvalidateCharNew@@YGJIMPAG]A
?CloseValueW@@YGPAFG]A
?CancelKeyNameExA@@YGPAGI]A
?OnPointOld@@YGJJPAEEPAM]A
?InsertMonitorExW@@YGMPAED]A
?GlobalDeviceOld@@YGMMJKG]A
?CloseHeaderOriginal@@YGEMPAHIM]A
?RemoveTaskExA@@YGPAGPAHMPA_NPAG]A
?HideModuleOriginal@@YGPAXPAK]A
?IncrementMonitor@@YGFF]A
?ValidateScreenW@@YGPAXGDPAHE]A
?DeleteKeyboardEx@@YGPAFIPAKPADI]A
?IncrementDeviceEx@@YGPAJPAM]A
?ArgumentExW@@YGNNIJPAM]A
?DecrementKeyNameExW@@YGPAMH]A
?CallWindowExA@@YGPAKPAKNPAF]A
?SetPathEx@@YGPAFPAEPAH]A
?RemoveTimer@@YGPADEPAIDI]A
?DeleteProjectOriginal@@YGHE]A
?LoadString@@YGKGD]A
?FormatDeviceEx@@YGPAINPAIJPAD]A
?FreeComponentW@@YGEPAF]A
?GenerateKeyNameEx@@YGDPAGHPADI]A
?CrtDialogNew@@YGXPAKJE]A
?SetWindowNew@@YGMPAHPAH]A
?FreeExpressionOriginal@@YGPAIPAK]A
?DeletePenOld@@YGPAIPAIN_NF]A
?ModifyPointerA@@YGPAFKGF]A
?LoadDateExW@@YGIPAI]A
?HideCharOriginal@@YGHPAG]A
?CancelPenOriginal@@YGDPAEPAIFD]A
?Option@@YGPAKIGM]A
?ValidateFullNameExW@@YGPAMPAMMK]A
?EnumOption@@YGPAIPAFGPAEPAE]A
?RemoveMonitorExA@@YGPAIPAIJI]A
?AddMonitorExA@@YGDIJ_NPAG]A
?CloseArgumentA@@YGXPAKPAM]A
?ModifyClassOld@@YGPAMPAGD]A
?ShowDateTimeEx@@YGPANMID]A
?OnMessageOriginal@@YGXD]A
?CloseConfigA@@YGPAMDIPAIF]A
?CallVersionExA@@YGE_NF]A
?DeleteSystemEx@@YGHPAFPAGID]A
?IsNotObjectOriginal@@YGPAJPAHPAJ_N]A
?SendEventNew@@YGMKPAKI]A
?EnumVersionExW@@YGPAJPAHPAFD]A
?InstallMessageEx@@YGPAKPAIMPAM]A
?DecrementHeaderExW@@YGMKEJ]A
?DecrementProjectW@@YGJDPAHPAJG]A
?SendAnchorOriginal@@YGFGPAMPAJ]A
?CallMessageW@@YGJMJF]A
?DecrementKeyNameA@@YGKM]A
?CloseThreadW@@YGPADJKPAM]A
?CopyAnchorNew@@YGKE]A
?GlobalTextNew@@YGPANPAJ]A
?TimerOriginal@@YG_NJHFG]A
?OnConfigW@@YGPAXKPAFK]A
?OnHeaderNew@@YG_NPAHPAEM]A
?GenerateFilePathA@@YGEPAIDDJ]A
?IsValidFolderOriginal@@YGPAIG]A
?PutMediaTypeExW@@YGHJKD_N]A
?EnumProjectOld@@YGXHJPAGPAM]A
?ShowSemaphoreEx@@YGPAHH]A
?FreeFolderPathW@@YGDIJH]A
?HideModuleNew@@YGMHI]A
?GlobalProjectExA@@YGMPAF]A
?SetAppName@@YGPANHG]A
?AddFullName@@YGKJ]A
?InvalidateCommandLineExW@@YGPAFKK]A
?FindTimerOriginal@@YGPAEDPADHM]A
?AddKeyboardExA@@YGPAEG]A
?DecrementDateW@@YGXD]A
?HideModuleEx@@YGFFPA_NJH]A
?IsValidVersion@@YGJDPAM]A
?ShowProcessNew@@YGMPAKPAE]A
?AddRectEx@@YGK_NPAMDPAN]A
?CrtProfileA@@YGGKPAKPAH]A
?FreeCommandLineExW@@YGKFDH]A
?CloseProjectW@@YGDF_NPAF]A
?InsertScreenExA@@YGHE]A
?DecrementRectExW@@YGIPAKPAEG]A
?ModifyHeightW@@YGEPAGMPAK]A
?SendFolderOld@@YGXPAJPADI]A
?LoadScreenW@@YGPAMKHKPAJ]A
?IsComponentOriginal@@YGID]A
?CrtWindowOld@@YGHM]A
?DecrementData@@YGMPA_NGPAJI]A
?CancelCommandLineEx@@YGEGPAIEM]A
?InstallRectA@@YGGPAN]A
?HideFolderPathEx@@YGPAXH]A
?DeleteTextOriginal@@YGPAXFPAM]A
?PutFilePathA@@YGXKPAD]A
?GetRect@@YGPAXPA_N]A
?SendFullNameExW@@YGIKI]A
?FindRectW@@YGPAJPAMFPAJPAE]A
?ModifyKeyNameOriginal@@YGFGH]A
?GetDeviceOriginal@@YGGH]A
?FormatConfigA@@YGMJEFPAI]A

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zimp
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6612ad8cc89a62f3124ba7afafef4123

Headers

File Characteristics

PDB Paths

Imports

msvcrt

shlwapi

user32

gdi32

kernel32

comctl32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 30KB

.zimp Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 119KB

.rsrc Size: 111KB - Virtual size: 111KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 30KB

.zimp
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 119KB

.rsrc
Size: 111KB - Virtual size: 111KB

.reloc
Size: 1KB - Virtual size: 1KB