b05a843a4021fa33d49182c28232ea5f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b05a843a4021fa33d49182c28232ea5f_JaffaCakes118
Size

163KB
MD5

b05a843a4021fa33d49182c28232ea5f
SHA1

8a6cb39d601747a9785897d507b0af07129a780c
SHA256

e6f994eada2f155126efe2bac336cbc6ea5273c662695fead68cc5a30ef7bd3f
SHA512

3127ea11c2f167fc3acfd62d1ec8533871b4dd72c2cbae58d43e6ee3f44ee72b5fcf71cd4039b22bdf372d2f960f0c18d27d38ddf6996f5e0e78bd56e96c9761
SSDEEP

3072:edeqGRx/ztVfXwlb7YgJE3EUkzFzpUIH9NtfDvkYLGDTA:J9YME9pUIdNpcqGD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b05a843a4021fa33d49182c28232ea5f_JaffaCakes118

Files

b05a843a4021fa33d49182c28232ea5f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8bb43a2ed0809cb4d6c42b2547024974

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

S:\qgjQenbjltqc\tpoRukVevPeR\WebdVYgjjYrb\axdcupfajoZ\OfnmjpBn.pdb

Imports

gdi32

GetSystemPaletteUse
GetTextExtentExPointW
CreatePenIndirect
CreateICW
GetTextExtentPointW
CreatePen
EnumFontFamiliesW
CreateEllipticRgnIndirect
GetMapMode
CreateFontW
CreateSolidBrush
DeleteObject
GetTextAlign
CreateBitmap
GetNearestColor
GetDeviceCaps
Polyline
RemoveFontResourceW
ExcludeClipRect
CreateDCW
ScaleWindowExtEx
GetTextExtentPointA
GetTextCharsetInfo
LineTo
GetFontData
SetTextColor
GetROP2
Escape
CreateDIBitmap
RealizePalette
Ellipse
SelectPalette
GetDIBColorTable
GetPixel
Rectangle
EndDoc
SetROP2
PtVisible
GetDIBits
SetWindowExtEx
CreateCompatibleDC
GetTextExtentPoint32A
RectInRegion
CreateRectRgnIndirect
GetStockObject
SetDIBColorTable
ExtFloodFill
GetNearestPaletteIndex
MoveToEx
ResizePalette
CreateRoundRectRgn

kernel32

GetFileAttributesA
ResumeThread
MulDiv
GetAtomNameW
FileTimeToDosDateTime
LocalAlloc
GetStringTypeExW
WinExec
RegisterWaitForSingleObject
LoadLibraryA
SetUnhandledExceptionFilter
VerSetConditionMask
AddAtomW
GetCommProperties
FindNextChangeNotification
CloseHandle
IsBadCodePtr
CreateFileA
GetVersionExA
LocalSize
GlobalFindAtomW
SetFileAttributesA
CopyFileW
IsValidLanguageGroup
TryEnterCriticalSection
MoveFileA
LocalReAlloc
GetVersion
IsBadStringPtrW
GlobalGetAtomNameA
Sleep
GetACP
GetNumberFormatA
CreateNamedPipeA
SetSystemTime
IsDBCSLeadByteEx
FormatMessageW
GetStartupInfoA
lstrcatW
GlobalAddAtomA
FreeLibrary
GetTimeZoneInformation
FormatMessageA
QueryPerformanceCounter
GetUserDefaultLCID
GetModuleFileNameA
SizeofResource
RemoveDirectoryA
SetErrorMode
GetBinaryTypeW
GetModuleHandleA
SetEndOfFile
TransactNamedPipe
lstrcmpW
GetFullPathNameW
CreateEventA
GetSystemDirectoryW

user32

GrayStringW
IsCharAlphaW
DrawStateA
IsCharLowerA
wvsprintfW
IsDlgButtonChecked
ShowWindowAsync
RegisterClassExW
GetWindowPlacement
GetScrollInfo
OemToCharA
DefFrameProcW
GetWindowRect
MonitorFromPoint
GetMenuState
CreateCaret
AttachThreadInput
RegisterHotKey
GetSysColor
RemovePropW
MapVirtualKeyW
DrawStateW
GetSystemMenu
GetClassInfoExA
GetMenuStringA
CharPrevA
RedrawWindow
CreateIconFromResource
LockWindowUpdate
SendMessageA
DefDlgProcA
DrawMenuBar
SetPropW
MapDialogRect
MapVirtualKeyExW
IsWindowEnabled
CheckMenuItem
CharUpperW
OemToCharBuffA
GetForegroundWindow
DrawFocusRect
InvalidateRect
CheckRadioButton
DestroyCaret
InSendMessage
InsertMenuA
ShowCaret
SetActiveWindow
CreatePopupMenu
OpenIcon
ScrollWindowEx
CharToOemBuffA
GetKeyboardLayoutList
SetDlgItemInt
HiliteMenuItem
GetUserObjectInformationA
ExitWindowsEx
LoadAcceleratorsW
CharLowerA
ScreenToClient
EnumThreadWindows
SetScrollRange
CharUpperA
SetWindowLongW
ClipCursor
DestroyCursor
SystemParametersInfoA
TrackPopupMenuEx
SendDlgItemMessageA
CopyImage
InvertRect
LoadIconW
RegisterWindowMessageA
GetDlgItemInt
ScrollWindow
HideCaret
IsRectEmpty
LoadStringW
GetScrollRange
DrawTextExW
RegisterWindowMessageW
LoadBitmapW
MessageBoxExW
CallWindowProcW
FindWindowExA
AdjustWindowRectEx
InsertMenuItemW
CascadeWindows
GetPropW
SetWindowPlacement
GetDlgCtrlID
LoadAcceleratorsA
IsCharUpperA
ShowScrollBar
GetMessageTime
GetClassLongA
CharLowerW
GetDlgItemTextA
GetMessageW
DestroyAcceleratorTable
DragObject
GetMenuStringW
GetSystemMetrics
IsZoomed
InsertMenuW
CharPrevW
wsprintfA
TileWindows
LookupIconIdFromDirectory
PostMessageA
DialogBoxIndirectParamW
WaitForInputIdle
IsDialogMessageA
OpenInputDesktop
OffsetRect
UnionRect
SetScrollPos
GetMenuItemInfoW
GetIconInfo
FindWindowExW
DispatchMessageW
LoadCursorW

msvcrt

wcsncmp
iswxdigit
mbtowc
_controlfp
free
wcscoll
printf
__set_app_type
fprintf
floor
strncmp
gets
getenv
tolower
__p__fmode
clock
__p__commode
fputc
gmtime
_amsg_exit
iswctype
strtol
swprintf
iswalpha
towlower
malloc
towupper
bsearch
remove
_initterm
_acmdln
wcstod
iswdigit
perror
exit
_ismbblead
_XcptFilter
localtime
_exit
isxdigit
setlocale
clearerr
mbstowcs
wcstol
_cexit
__setusermatherr
__getmainargs
time
vswprintf

Exports

Exports

?GlobalHeightEx@@YGIPAE_NH]A
?InsertWindowInfoW@@YGPAHF]A
?EnumProjectNew@@YGPAIINMD]A
?FreeMessageW@@YGDM]A
?CloseFolderPathNew@@YGDG]A
?ModifySystemEx@@YGDPAGD]A
?DeleteTaskOriginal@@YGPAEPAHPAMM]A
?LoadKeyNameOriginal@@YGEJFPAMG]A
?EnumClassExA@@YGKPAEM]A
?FormatMutantNew@@YGNMPAKKH]A
?InsertHeaderW@@YGJPAJNFI]A
?CallHeaderEx@@YG_NPADGDPAF]A
?RtlPointExW@@YGXHPADI]A
?InstallWindowOld@@YGPAGPAMGEE]A
?CopyModuleNew@@YGEPAM]A
?FormatKeyName@@YGMN]A
?SetObjectOld@@YGDIPAKPAD_N]A
?IncrementClass@@YGFFH]A
?DeleteDialogA@@YGKFPAIPAF]A
?HideOption@@YGJPAGF]A
?InstallSemaphoreExW@@YGGGDJN]A
?EnumFilePathOriginal@@YGPAMPAHF]A
?IsValidConfigExW@@YGPAHK]A
?IsThreadNew@@YGPAJ_NH]A
?AddStringA@@YGPAGPAHPAMHF]A
?IsValidData@@YGMPAEMD]A
?CopyValueEx@@YGIPAE]A
?PutWindowExW@@YGPAXGFH_N]A
?InstallNameOriginal@@YGMPADPAJ]A
?CopyProcessExW@@YGPAJPAEJID]A
?OptionA@@YGJMFPAED]A
?ShowWindowW@@YG_NPAJ]A
?GetPathW@@YGPADPAKFPAJPAH]A
?DeleteState@@YGEGJD]A
?DeleteAnchorOriginal@@YGIPAJM]A
?CopyTaskOld@@YGXDENM]A
?AddCharExW@@YGJPAHPAKN]A
?OnListOld@@YGJH]A
?LoadScreenOld@@YGDGPAFPAN]A
?ModifyStateEx@@YGPAXJFPAFPAM]A
?IsValidExpressionW@@YGPAXHPAGM]A
?FormatEventOld@@YGPAMMH]A
?RemoveSystemOriginal@@YG_NI]A
?PutMessageExW@@YGPAEPAGHK]A
?ValidateTimeOriginal@@YGXMJPAG]A
?DecrementObjectW@@YGPAIPAGMH]A
?DestinationSysCounterDnDHuuey@@YGKGHE@Z
?InstallThread@@YG_NHN]A
?GenerateHeaderExW@@YGPAFHPAIF]A
?DeleteScreenExA@@YGXGG]A
?LoadOption@@YGHJ]A
?IsValidText@@YGKPAEEJJ]A
?HideSystemW@@YGXD]A
?CopyConfigA@@YGXEK]A
?CopySystem@@YGD_N]A
?InstallAnchorExW@@YG_NPAG_N]A
?ShowModuleA@@YGPAXPAM]A
?OnPenOriginal@@YGXFMPAKM]A
?GetTextExW@@YGPADKPAGK]A
?ModifyFilePathExW@@YGPAEPAJ]A
?InstallTaskOld@@YGFDFJ]A
?ShowConfigExW@@YGXPAI]A
?KillClassOld@@YGPAF_NFJM]A
?FindMemoryExA@@YGDIPAIPAJ]A
?InstallExpressionNew@@YGPAXPADPA_NM]A
?GenerateMediaTypeW@@YGEJG]A
?IsModuleExA@@YGDJIMH]A
?KillDialogNew@@YGXPAK]A
?FormatProjectOriginal@@YGKMPADIPAG]A
?InvalidateWindowInfoEx@@YGPAGPAKEF]A
?OnDialogEx@@YGXGNPAHPAE]A
?GetAnchorExW@@YGPAXGNK]A
?GetMonitorOld@@YGPAFIPAGPA_N]A
?ShowTextNew@@YGII]A
?GlobalFunctionOld@@YGXPAK]A
?CopyKeyNameExW@@YGKG]A
?IsValidMemory@@YGJJMHPAK]A
?RtlObjectExA@@YGJJ]A
?InsertValueOriginal@@YGPANF]A
?IsTaskNew@@YGPAF_NPAEJ]A
?GetHeaderExA@@YGPAHE_NK]A
?CopyCharExW@@YGXEMPAM]A
?FreeClassOriginal@@YGDPAHDEPAJ]A
?CallStringNew@@YGPAIPANPAFK]A
?OnFunctionEx@@YGXM]A
?OnProviderOriginal@@YGPAXEME]A
?SetAnchorOld@@YGPADFPAK]A
?DecrementDialog@@YGPAHFPADG]A
?CopyScreenOld@@YG_NFPAKMPAJ]A
?SetConfigExA@@YGPAGH]A
?SetDialogOld@@YGPAGEPAI]A
?FormatMemoryNew@@YGIF]A
?CrtEventExA@@YGXF]A
?CloseProjectOriginal@@YGDPAKF]A
?RemoveValueW@@YGJPAI]A
?InvalidateKeyboardOld@@YGKPAFGMK]A
?PutSemaphoreOld@@YGMPAMDI]A
?ValidateWindowInfoA@@YGPAK_NI]A
?CallFolderPathExA@@YGDMPAE]A
?GetFilePathOriginal@@YGPAJH]A
?IsNotCommandLineEx@@YGDMI]A
?ValidateDateW@@YGPA_NPA_N]A
?GenerateFunctionA@@YGPAFGHKK]A
?CallExpressionW@@YGXPAIMPAM]A
?IsNotProcessExA@@YGHIN]A
?OnExpressionNew@@YGGPAHHPA_N]A
?CloseTimerEx@@YGEM]A
?SetOptionExW@@YGMPAIPAH]A
?FormatKeyboardExA@@YGMPAGPAFMK]A
?RtlRectExW@@YGEPAM]A
?CloseSystemExA@@YGHEPA_NN]A
?GlobalWindowInfoOld@@YGFG]A
?KillScreenA@@YGJPAJJMH]A
?CancelVersionOld@@YGPAEPAMDKJ]A
?FindObjectOld@@YGEPAI]A
?RemoveWindowInfoOriginal@@YGKE]A
?CancelMemoryEx@@YGIGDMD]A
?GetMediaTypeW@@YGPAJPAE_NJJ]A
?AddSectionOld@@YGMPANPANM]A
?PutPathExA@@YGPAEK]A
?EnumTime@@YGEKFPAN]A
?GenerateComponentNew@@YG_NI]A
?GlobalProfileOriginal@@YGMPAMPAIPAHJ]A
?IsNotOption@@YGIPAMEM]A
?GlobalArgument@@YGKHHE]A
?IsNotPenNew@@YGMEPADPADD]A
?InvalidateSize@@YGPAEPANJPAKI]A
?DeleteCharExW@@YGXJF]A
?ProjectW@@YGHM]A
?CopyProcessOld@@YGDH]A
?EnumScreenExA@@YGGGKPA_NG]A
?FindComponentOriginal@@YGMPAH]A
?GenerateFunction@@YGDH_NPADPAH]A
?CancelClassNew@@YGEPAHPAF]A
?SetAppNameA@@YGNE]A
?FindCharW@@YGIHI]A
?IncrementRectEx@@YGPAIPA_N]A
?IsFullNameOriginal@@YGXNPAMPAD_N]A
?FormatFolderPathNew@@YGKPAMPAI]A
?RtlVersionExA@@YGPAJF]A
?InstallSystemOriginal@@YGIG]A
?GenerateThreadExW@@YGHMPAM_NH]A
?EnumListOld@@YGJPAE]A
?RtlProjectA@@YGPAKNIPANPAG]A
?IsValidProfileExW@@YGPAIIJG]A
?InstallDirectory@@YGXFNPAKH]A
?HideTextA@@YGGPAMN]A
?IsValidDataOld@@YGPAGF]A
?InsertFolderPathExW@@YGNJPAKHM]A
?CrtSectionEx@@YGMPAKIE]A
?AddDataA@@YGGPAGF]A
?ShowWindow@@YG_NJ]A
?EnumProviderEx@@YGGIEKM]A
?SendListItemOld@@YGKGE]A
?RtlNameOriginal@@YGKPAJ]A
?KillStateEx@@YGPAXH]A
?KillValueEx@@YGHEIF]A
?CancelFolderPathEx@@YGPAXJ]A
?DeleteStringOriginal@@YGDGGM]A
?FilePathEx@@YGXIPAF]A
?CallTimeEx@@YGPAHIF]A
?FreeSystemOld@@YGPAHHIPAI]A
?EnumMessageOriginal@@YGEPAI]A
?RemoveCommandLineA@@YGHFG]A
?PutExpression@@YGKMIPADN]A
?CancelStateEx@@YGK_NGPAG]A
?IsValidPathExW@@YGJPAGPAEKPAK]A
?LoadMessageOriginal@@YGKGPAI]A
?OnWidth@@YGPAI_NFI]A
?RtlScreenW@@YG_NPAMDPA_NG]A
?CloseSystemOld@@YGPADHPADKK]A
?ModifyKeyNameW@@YGJ_NPAK]A
?IsNotFolderNew@@YGKPAHEF_N]A
?RemoveWindow@@YGPAGMFE]A
?GenerateWidthA@@YGFPA_N]A
?IsNotCommandLineExW@@YGPAMJEG]A
?GetFolderPathW@@YGHPAM]A
?IsNotFileOld@@YGHHPAMPAF]A
?DecrementStringOld@@YGPANPAFM]A
?InstallCharW@@YGXG]A
?CallTextA@@YGXGKF]A
?GetHeightOriginal@@YGPAJK]A
?HidePenExA@@YGPAEIMPAJ]A
?GlobalAppName@@YGMKM]A
?ShowDataNew@@YG_ND]A
?FormatFolderNew@@YGHPAJEDG]A
?EnumPointerNew@@YGHK]A
?ModifyFileExW@@YGNNHPAIJ]A
?IsValidFolderW@@YGJGKJ]A
?OnTimerExA@@YGPA_NPAE]A
?PutThreadA@@YGPAXPAIE]A
?PutAnchorExW@@YGXPAF]A
?IsValidTaskA@@YGPAFIPA_NPAKPAJ]A
?FreeRectExW@@YGXKPAIFF]A
?CallMonitorA@@YGPAFPAIJ]A
?CrtValueExA@@YGMPA_NPAEE]A
?CopyArgumentW@@YGPAKMEI]A
?Task@@YGXNPADPAM]A
?CancelProjectNew@@YGPAHIK]A
?FormatStateA@@YGHJJG]A
?IsHeaderExA@@YGPA_NJPAN]A
?GenerateSizeEx@@YGPAMDPAD]A
?GlobalScreenExW@@YGEKMPAID]A
?PutDeviceOriginal@@YGHEHH]A
?CopySemaphoreExA@@YGIPAJ]A
?CallList@@YGX_N]A
?AddEventOriginal@@YGGPA_NPAEI]A
?ShowDateTime@@YGJGDPAEPAN]A
?IsSectionExA@@YGHPAEHPA_N]A
?PutMemoryW@@YGPADPAFJ]A
?RemoveTaskOriginal@@YGJPAJ]A
?IsMediaType@@YG_NN]A
?InstallDeviceEx@@YGPAEJI]A
?GetThreadA@@YGNDPAGPAE]A
?DecrementDeviceOriginal@@YGKHD]A

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bb43a2ed0809cb4d6c42b2547024974

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

user32

msvcrt

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 30KB

.idata Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 58KB

.rsrc Size: 120KB - Virtual size: 119KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 30KB

.idata
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 58KB

.rsrc
Size: 120KB - Virtual size: 119KB

.reloc
Size: 1KB - Virtual size: 1KB