a2ddde57dd28b27ed9f2f4860d5fe95b_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a2ddde57dd28b27ed9f2f4860d5fe95b_JaffaCakes118
Size

277KB
MD5

a2ddde57dd28b27ed9f2f4860d5fe95b
SHA1

ac35bff9e9f0f3d32b0e614e4a4c96f82e03f041
SHA256

db311f7589a4b2ea54cf36d9e5beb3aa1f1e760b970255361760441226bb5e28
SHA512

2aee3ce45786d4ef979c2aa5918fc9a9409eba72491992f727c502d5be8462d974ddeef96903900c6282de643ad27ac9d776b6369892ba185477f76348d6af15
SSDEEP

6144:V2BRvEm8iIeqZUKRm1J0XhWqoDTUvaBMiB:uRvEm8iIeNWiJ0XhWl0vK1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2ddde57dd28b27ed9f2f4860d5fe95b_JaffaCakes118

Files

a2ddde57dd28b27ed9f2f4860d5fe95b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d039d3a8842974f62a90673d384e57a1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AgentSvr.pdb

Imports

msvcrt

??3@YAXPAX@Z
_purecall
??2@YAPAXI@Z
wcslen
wcsstr
_ftol
free
malloc
wcsncpy
wcschr
iswspace
_errno
wcstoul
_vsnwprintf
wcsncmp
_wcslwr
_ultow
wcsrchr
wcscmp
_wcsicmp
rand
srand
_endthreadex
_beginthreadex
realloc
wcscpy
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3

advapi32

RegOpenKeyExA
RegQueryInfoKeyA
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
RegCloseKey
GetUserNameW

kernel32

lstrlenA
SetLastError
RaiseException
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalSize
SetProcessWorkingSetSize
HeapCreate
HeapDestroy
GetCurrentProcess
FreeLibrary
GetProcAddress
LoadLibraryW
GetSystemDirectoryW
GetVersionExW
CloseHandle
CreateFileW
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
WaitForSingleObject
CreateMutexW
GetCurrentThreadId
GetCommandLineW
GetWindowsDirectoryW
ReadFile
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
GetLocaleInfoA
LockResource
LoadResource
FindResourceExW
FindClose
FindNextFileW
FindFirstFileW
lstrcpynW
lstrlenW
OutputDebugStringW
ResetEvent
WaitForMultipleObjects
SetEvent
CreateEventW
GetSystemDefaultLangID
TerminateThread
CreateThread
IsBadReadPtr
MulDiv
CreateFileA
LCMapStringW
GetModuleFileNameW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
SizeofResource
lstrcpyW
lstrcatW
FindResourceW
GetStringTypeExW
GetStringTypeExA
InterlockedCompareExchange
LoadLibraryA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoW
GetACP
Sleep
GetLastError
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsBadWritePtr
DelayLoadFailureHook
GetTickCount

gdi32

FillRgn
GetStockObject
CreateSolidBrush
DeleteObject
FillPath
EndPath
LineTo
MoveToEx
SetPolyFillMode
BeginPath
Ellipse
RoundRect
CreatePen
CreateCompatibleBitmap
SetTextColor
SetBkMode
TranslateCharsetInfo
DeleteDC
CreateCompatibleDC
GetRgnBox
CreateRectRgn
GdiFlush
StretchDIBits
SetStretchBltMode
ExtCreateRegion
GetRegionData
CreateFontW
GetDeviceCaps
CreateFontIndirectW
CombineRgn
SetRectRgn
GetSystemPaletteEntries
CreateDIBSection
CreatePalette
CreateHalftonePalette
SetBkColor
EnumFontFamiliesExW
GetTextAlign
ExtTextOutW
GetTextColor
GetTextExtentPointW
TextOutW
GetTextExtentPoint32W
GetNearestPaletteIndex
FrameRgn
GetPaletteEntries
GetObjectW
SelectPalette
RealizePalette
BitBlt
SetMapMode
SelectObject
SetTextAlign
GetTextMetricsW

user32

SetFocus
FindWindowW
FindWindowExW
GetUpdateRect
GetClientRect
GetSysColorBrush
FrameRect
DrawTextW
CharNextW
GetClassNameW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
DrawIconEx
MessageBeep
CallWindowProcW
IsDlgButtonChecked
SendDlgItemMessageW
CheckDlgButton
CheckRadioButton
GetDlgItem
SystemParametersInfoW
SetWindowTextW
MoveWindow
LoadIconW
CreatePopupMenu
PostMessageW
DestroyWindow
IsWindow
SetRectEmpty
GetSysColor
ReleaseDC
GetDC
IsWindowVisible
SetTimer
UpdateLayeredWindow
FillRect
ScrollDC
InflateRect
CopyRect
UpdateWindow
InvalidateRect
EndPaint
BeginPaint
SetWindowPos
SetRect
GetWindowRect
SetWindowRgn
IsWindowEnabled
ShowWindow
KillTimer
DefWindowProcW
SetWindowLongW
GetWindowLongW
CreateWindowExW
RegisterClassW
LoadCursorW
IsRectEmpty
GetWindowRgn
SetCapture
SendMessageW
AllowSetForegroundWindow
ClientToScreen
GetAsyncKeyState
ReleaseCapture
GetSystemMetrics
ScreenToClient
GetCursorPos
ValidateRect
GetCapture
PeekMessageW
EnableWindow
GetDoubleClickTime
SetCursor
RegisterClassExW
SendMessageTimeoutW
GetKeyboardState
RegisterHotKey
UnregisterHotKey
LoadImageW
GetForegroundWindow
PostQuitMessage
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
wsprintfW
GetKeyNameTextW
MapVirtualKeyW
IntersectRect
OffsetRect
PtInRect
WinHelpW
DestroyIcon
GetParent
RegisterWindowMessageW
SendNotifyMessageW
DrawEdge
DestroyMenu
keybd_event
GetKeyboardLayout
AppendMenuW
TrackPopupMenu
SetForegroundWindow
MessageBoxW

ole32

CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
OleInitialize
OleUninitialize
GetClassFile
CoUnmarshalInterface
CoInitialize
CoUninitialize
CoSuspendClassObjects
CoRegisterMessageFilter
CoMarshalInterface
CreateStreamOnHGlobal
CLSIDFromString
StringFromGUID2
CoFreeUnusedLibraries
CoCreateInstance
CoRevokeClassObject

oleaut32

SysAllocString
SysStringLen
VariantInit
SysFreeString
VariantClear
VariantCopy
VariantChangeType
LoadRegTypeLi
SetErrorInfo
RegisterTypeLi
LoadTypeLi
VarI4FromStr

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 61KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

kphqezx
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d039d3a8842974f62a90673d384e57a1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

gdi32

user32

ole32

oleaut32

Sections

.text Size: 214KB - Virtual size: 213KB

.data Size: 1024B - Virtual size: 3KB

.rsrc Size: 61KB - Virtual size: 62KB

kphqezx Size: - Virtual size: 4KB

.text
Size: 214KB - Virtual size: 213KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 61KB - Virtual size: 62KB

kphqezx
Size: - Virtual size: 4KB