b2fb41596365db0aebfe4b2ab4687fa1_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2fb41596365db0aebfe4b2ab4687fa1_JaffaCakes118
Size

62KB
MD5

b2fb41596365db0aebfe4b2ab4687fa1
SHA1

fee323d3c1aac96157716a5c2941d7761ca93c4f
SHA256

af3a876005401f22555062fa0dcc04a96a4f8432c71289da41279960a2af082b
SHA512

6e898b7779d8d91e56ba97e16ad0acced5efa1cd745a77733baf1c8134c86d2108c48546fb77c71798c39c1115c09da09f8ba5c2e2a5bd5273e2cc8a96b65aca
SSDEEP

768:YHwwRn9Rye+zYfiVIAbs5AtHBcBOrsjnN7O2UgWuA1TtNfKxQkyJDrs:YHbjBkv/EvlDQXKxCDrs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2fb41596365db0aebfe4b2ab4687fa1_JaffaCakes118

Files

b2fb41596365db0aebfe4b2ab4687fa1_JaffaCakes118
.exe windows:5 windows x86 arch:x86

b4252475cbf7c0dfb9119fed185eff54

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\yxbtvwahPuvyDl\mRYTiWniBb\dQGmdHzksFbwaa\jhiTwvgjHvpdl\wahEunpqxvRwN.pdb

Imports

shlwapi

PathIsUNCA

msvcrt

_controlfp
iswspace
vsprintf
strcoll
__set_app_type
iswxdigit
bsearch
wcstombs
__p__fmode
strrchr
__p__commode
towlower
malloc
isdigit
wcsrchr
wcspbrk
wcsncpy
strstr
_amsg_exit
_initterm
clearerr
strerror
setlocale
getenv
system
tolower
fflush
strcspn
fgetc
sscanf
_ismbblead
remove
wcscpy
calloc
clock
_XcptFilter
iswalpha
memset
islower
strtoul
wcslen
swscanf
_exit
strspn
time
_cexit
__setusermatherr
free
__getmainargs
vswprintf

user32

WindowFromPoint
CharToOemA
GetCursorPos
SetWindowPos
CharNextExA
GetUserObjectInformationW
SetSysColors
IsWindowUnicode
InvalidateRect
GetSubMenu
IsWindowVisible
GetMenuStringA
PostThreadMessageW
DrawAnimatedRects
ReplyMessage
LookupIconIdFromDirectory
DestroyIcon
SendDlgItemMessageA
SetDlgItemInt
CallWindowProcA
GetClassInfoA
MapVirtualKeyW
BeginDeferWindowPos
SetWindowLongA
IsZoomed
InsertMenuA
FindWindowW
GetMenuItemInfoW
EndDialog
SetWindowTextA
SetScrollRange
DialogBoxParamW
LoadIconA
RemovePropW
wsprintfW
MonitorFromPoint
DefWindowProcA
LoadImageW
GrayStringW
DestroyAcceleratorTable
IsWindow
GetWindowTextA
DrawIcon
CheckRadioButton
ShowOwnedPopups
GetMenu
IsDialogMessageA
GetMessageA
mouse_event
GetParent
LockWindowUpdate
TabbedTextOutW
SendMessageTimeoutA
GetScrollRange
DrawEdge
HideCaret
GetClientRect
GetSysColor
MapWindowPoints
IsCharLowerA
GetSysColorBrush
ActivateKeyboardLayout
CharNextW
MessageBoxExW
OpenIcon
GetWindowDC
IsRectEmpty
GetFocus
CallWindowProcW
ChildWindowFromPointEx
LoadStringW
GetMenuState
GetClipCursor
CharUpperW
CheckMenuRadioItem
DrawStateW
SetScrollInfo
AdjustWindowRect
GetDlgItemTextA
GetWindowLongA
ScrollWindowEx
GetMenuCheckMarkDimensions
CheckMenuItem
CreateDialogIndirectParamW
SetRectEmpty
AttachThreadInput
wvsprintfW
CreateCursor
GetClassLongA
MapDialogRect
SetTimer
SetLastErrorEx
LoadAcceleratorsW
DestroyWindow
DrawTextA
GetUpdateRgn
FindWindowExW
CharToOemBuffA
EnumChildWindows
GetClassNameW
RegisterHotKey
CascadeWindows
ScreenToClient
SetWindowRgn
RegisterClassExA
CopyRect
LoadCursorA
ValidateRect
MapVirtualKeyExW
RegisterClassA
AppendMenuA
GetKeyboardLayoutNameW
AllowSetForegroundWindow
GetClassInfoExA
SystemParametersInfoW
MoveWindow
SendDlgItemMessageW
LoadMenuW
WaitMessage
GetTopWindow
SetWindowPlacement
PeekMessageA

kernel32

SetFileAttributesW
VirtualProtect
GetOEMCP
TransactNamedPipe
EnumResourceNamesW
LeaveCriticalSection
SetNamedPipeHandleState
DeviceIoControl
LoadResource
GetFileInformationByHandle
lstrcpynW
IsBadWritePtr
GetLastError
SetUnhandledExceptionFilter
GlobalReAlloc
CreateEventW
GetWindowsDirectoryW
WinExec
OpenEventW
FormatMessageA
lstrcmpA
WaitForSingleObjectEx
GetLongPathNameW
SetCommMask
SetThreadLocale
HeapAlloc
GlobalMemoryStatus
ClearCommBreak
DeleteFileW
LockFile
LocalLock
FindNextFileA
lstrcpyA
EnumResourceLanguagesA
CreateThread
OpenFile
GetThreadPriority
LCMapStringA
SetLocalTime
GetCommTimeouts
GetFileAttributesExA
DeleteCriticalSection
lstrcmpiW
GlobalAddAtomW
GlobalFindAtomW
GetShortPathNameW
LCMapStringW
lstrcmpiA
EscapeCommFunction
CancelIo
MoveFileExW
GetTempFileNameW
SetWaitableTimer
GetStartupInfoW

Exports

Exports

?ForwardControlItem@@YGK_KK:O

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.init
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.erts
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.wall
Size: 1024B - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.info
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.udata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4252475cbf7c0dfb9119fed185eff54

Headers

File Characteristics

PDB Paths

Imports

shlwapi

msvcrt

user32

kernel32

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 21KB

.init Size: 6KB - Virtual size: 5KB

.erts Size: 512B - Virtual size: 88B

.wall Size: 1024B - Virtual size: 24KB

.info Size: 512B - Virtual size: 192B

.data Size: 3KB - Virtual size: 2KB

.udata Size: 4KB - Virtual size: 4KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 22KB - Virtual size: 21KB

.init
Size: 6KB - Virtual size: 5KB

.erts
Size: 512B - Virtual size: 88B

.wall
Size: 1024B - Virtual size: 24KB

.info
Size: 512B - Virtual size: 192B

.data
Size: 3KB - Virtual size: 2KB

.udata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 2KB - Virtual size: 1KB