b824f973c12d9528eccc2fc5650eb721_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b824f973c12d9528eccc2fc5650eb721_JaffaCakes118
Size

232KB
MD5

b824f973c12d9528eccc2fc5650eb721
SHA1

2672003d4edc9e7db8b103efec9c95b8303ebe4d
SHA256

1a7708ef7c094be1a310e6810bbded255214363775f4f7b040dd65e26440894e
SHA512

2d0869964c0a7d0a4c6f084770ddd53769685c8b90ddc918c3565f204873bb9fb1ca9d51b11b5a58508a58385dc38e8865f611ea08bee58a827d847fe38e11fa
SSDEEP

3072:fJ8WwhsAMPiLotgPu9bjzojqsO+obc5jFnN7V9b4Hhvv0gVwr73f2jxWBTtvfRn8:xsWIctgPuJjzojObujj7XKhH0gy28Rn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b824f973c12d9528eccc2fc5650eb721_JaffaCakes118

Files

b824f973c12d9528eccc2fc5650eb721_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b26fa37a73a8990fed7c3dd42c9c2493

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\checkpoints\TPDrv\Do_Not_Release_v11_1_1\Access\SynMood\Release\SynMood.pdb

Imports

kernel32

SetErrorMode
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
GlobalFlags
WritePrivateProfileStringW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalFindAtomW
CompareStringW
LoadLibraryA
GetVersionExA
GetModuleHandleA
FormatMessageW
MulDiv
FreeResource
GlobalAddAtomW
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
MultiByteToWideChar
InterlockedExchange
GlobalLock
lstrcmpW
GlobalAlloc
GlobalDeleteAtom
GetModuleHandleW
lstrlenW
WideCharToMultiByte
GetCurrentProcessId
GetModuleFileNameW
GetLastError
CreateThread
SetThreadPriority
WaitForSingleObjectEx
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
SetEvent
WaitForSingleObject
TerminateThread
CreateEventW
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
GetTickCount
LocalAlloc
LocalFree
SetLastError
DeviceIoControl
LeaveCriticalSection
EnterCriticalSection
GetVersionExW
InitializeCriticalSection
ExitProcess
FindResourceW
LoadResource
LockResource
SizeofResource
CreateFileW
GlobalUnlock
GlobalFree
UnmapViewOfFile
VirtualFree
CloseHandle

user32

LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowTextW
IsDialogMessageW
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextW
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
GetMenu
GetClassInfoExW
GetClassInfoW
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
CallWindowProcW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetSysColor
EndPaint
BeginPaint
ClientToScreen
GrayStringW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
UnregisterClassW
DestroyMenu
LoadBitmapW
GetFocus
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
MessageBoxW
RegisterClassW
CreateWindowExW
PeekMessageW
DestroyWindow
DefWindowProcW
PostMessageW
PostQuitMessage
GetSystemMetrics
EnableWindow
LoadIconW
SetTimer
InvalidateRect
ReleaseDC
GetDC
GetClientRect
IsIconic
SendMessageW
DrawIcon
DrawTextExW
UnregisterClassA

gdi32

SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetObjectW
RealizePalette
GetClipBox
SetMapMode
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
DeleteObject
CreatePalette
StretchDIBits
SelectPalette

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shlwapi

PathFindExtensionW
PathFindFileNameW

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b26fa37a73a8990fed7c3dd42c9c2493

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shlwapi

oleaut32

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 36KB - Virtual size: 34KB

.data Size: 12KB - Virtual size: 128KB

.rsrc Size: 32KB - Virtual size: 28KB

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 36KB - Virtual size: 34KB

.data
Size: 12KB - Virtual size: 128KB

.rsrc
Size: 32KB - Virtual size: 28KB