be4a5d9bee653e2e6d4c22a13f553d22_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

be4a5d9bee653e2e6d4c22a13f553d22_JaffaCakes118
Size

57KB
MD5

be4a5d9bee653e2e6d4c22a13f553d22
SHA1

b86c0dab3c68bad74f051a1d024cd5b882db41ad
SHA256

1346ef0459efb5654c60473948da12c691860e28ab09f88452d4a34b450e6e8b
SHA512

c96fde6f88f938a8af2842462252000c69385c51353ebbd2ca38eba43e7430816152d49fa5edbb6d9fe511ab68b4ce03e96a06bc0411287da86652026d346952
SSDEEP

768:d34+o/3ksm+y+1i4fsaiK/0DHuDXckPcMxvCc6xHnJm+3j+xEdYRK4nVe+wjfHja:d3y/dy+Yv7ODsonWo+owiS839MT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
be4a5d9bee653e2e6d4c22a13f553d22_JaffaCakes118

Files

be4a5d9bee653e2e6d4c22a13f553d22_JaffaCakes118
.exe windows:5 windows x86 arch:x86

f6bc625a396d80a0c7d5fbc4a5fb056c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\owbRKXhnnoreSv\EVXumzrqvedpr\zdcclbceFnv\gkiDtwploelWLz\CfYjrqqiGksHS.pdb

Imports

msvcrt

localtime
swprintf
_controlfp
remove
calloc
wcscat
wcstoul
wcspbrk
strrchr
strchr
mktime
strcspn
getc
__set_app_type
wcstombs
__p__fmode
free
gets
__p__commode
setvbuf
clearerr
mbstowcs
strtoul
_amsg_exit
_initterm
wcscspn
_acmdln
exit
islower
_ismbblead
_XcptFilter
tolower
fgets
towupper
_exit
atoi
putc
iswdigit
setlocale
_cexit
wcslen
__setusermatherr
__getmainargs
wcsstr
vswprintf
malloc
wcsrchr
fwrite
isprint

user32

GetUpdateRect
RegisterWindowMessageW
DrawFrameControl
CopyAcceleratorTableW
RemovePropW
GetDlgCtrlID
DestroyAcceleratorTable
ChildWindowFromPointEx
CallWindowProcA
CreateAcceleratorTableW
GetDoubleClickTime
CharUpperBuffW
OemToCharBuffA
GetSystemMenu
UpdateWindow
DeferWindowPos
RegisterHotKey
PostMessageA
RegisterClassExA
wvsprintfA
CreateDialogParamW
AppendMenuW
UnloadKeyboardLayout
CharToOemBuffA
CheckRadioButton
GetDlgItemTextW
SetParent
mouse_event
DrawIconEx
CreateMenu
InvertRect
BringWindowToTop
PostMessageW
CreateWindowExW
SetDlgItemInt
AppendMenuA
SetWindowPos
EndDialog
RegisterClassA
WaitForInputIdle
DialogBoxIndirectParamA
FindWindowW
GetAsyncKeyState
GetKeyboardLayoutNameW
GetScrollPos
GetClassInfoA
SetWindowTextA
SetMenuDefaultItem
CascadeWindows
SendDlgItemMessageW
SetMenu
CopyImage
DispatchMessageW
InSendMessage
DestroyIcon
GetUserObjectInformationA
TileWindows
CreateIconIndirect
GetKeyboardLayout
GetMessagePos
OpenIcon
AttachThreadInput
GetMenuItemID
CharUpperBuffA
DestroyCaret
SendInput
GetActiveWindow
DispatchMessageA
CharPrevA
DrawStateW
CharNextW
GetWindowTextW
GetClassNameW
SendMessageTimeoutA
CreateDialogParamA
CharPrevW
SetWindowTextW
GetDlgItemTextA
SetScrollRange
SwitchToThisWindow
IsCharAlphaW
OpenInputDesktop
IsDialogMessageW
DestroyWindow
DrawStateA
DestroyMenu
HiliteMenuItem
InternalGetWindowText
IsChild
GetWindowRect
ChangeMenuW
CharNextA
PostThreadMessageA
ArrangeIconicWindows
DrawAnimatedRects
SetWindowLongA
GetClassInfoExW
GetWindowLongW
IsDialogMessageA
EndPaint
CloseDesktop
SetSysColors
DefDlgProcW
LoadCursorA
ClipCursor
GetSystemMetrics
GetMenuStringA
LoadImageA
LoadMenuW
GetDlgItemInt
ModifyMenuW
GetShellWindow
LoadMenuA
SetScrollInfo
IsWindowVisible
ScreenToClient
GetAltTabInfoW
DefDlgProcA
GetScrollInfo

kernel32

OpenSemaphoreW
GlobalMemoryStatusEx
GetShortPathNameA
TlsFree
ReleaseMutex
IsDBCSLeadByte
lstrcatW
FlushFileBuffers
TryEnterCriticalSection
IsValidLanguageGroup
GetFileInformationByHandle
lstrcpyA
GetCommandLineW
SetFilePointer
DuplicateHandle
GetShortPathNameW
EnterCriticalSection
GetUserDefaultLCID
SetWaitableTimer
CreateNamedPipeA
ResetEvent
SetFileTime
GlobalHandle
GetSystemTimeAdjustment
GetCurrentThreadId
GetSystemDefaultUILanguage
VirtualFree
GlobalAlloc
GetSystemDirectoryW
DeleteFileW
GetBinaryTypeA
GetACP
TransactNamedPipe
WaitForMultipleObjects
HeapWalk
VerSetConditionMask
GlobalReAlloc
GetFullPathNameA
MoveFileW
EscapeCommFunction
LoadLibraryW
FindNextFileW
SetErrorMode
GetExitCodeThread
GetCommModemStatus
IsBadReadPtr
GetTempPathA
LocalLock
ReadFile
GetModuleHandleA
FindFirstChangeNotificationW
GetModuleFileNameW
EnumResourceNamesW
DisconnectNamedPipe
OpenEventA
GlobalGetAtomNameW

comctl32

CreatePropertySheetPageW
ImageList_GetImageCount
ImageList_Read
CreateToolbarEx
InitCommonControlsEx
ImageList_GetIcon

gdi32

TranslateCharsetInfo
PathToRegion
GetSystemPaletteEntries
GetTextMetricsW
ScaleViewportExtEx
GetTextColor
EnumFontFamiliesExW
EndDoc
SetTextColor
OffsetViewportOrgEx
GetTextCharsetInfo
SetROP2
PtVisible
GetDIBColorTable
GetSystemPaletteUse
EndPage
TextOutW
GetStockObject
CreatePalette
GetROP2
CreateRectRgn
ResizePalette
FillRgn
ExtFloodFill
SaveDC
SelectPalette
SetBitmapDimensionEx
CreateCompatibleDC
LineDDA
GetBitmapBits
SetViewportOrgEx
CreateICW
Ellipse
GetPixel
GetTextAlign
MoveToEx
Rectangle
ScaleWindowExtEx
GetDIBits
GetCharWidth32W
GetRgnBox
StretchDIBits
CreateDIBSection
GetWindowOrgEx
GetViewportOrgEx
EnumFontsW
SetWindowOrgEx
DPtoLP
StretchBlt
RectVisible
ExtTextOutA

Exports

Exports

?IncrementConfigEx@@YGPANPAJKPADJ]A
?DeleteProcessExW@@YGPAEEPAKFG]A
?BitCounterArrayIdeDunAs@@YGKGE@Z

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6bc625a396d80a0c7d5fbc4a5fb056c

Headers

File Characteristics

PDB Paths

Imports

msvcrt

user32

kernel32

comctl32

gdi32

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 20KB

.rsrc Size: 30KB - Virtual size: 30KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 20KB

.rsrc
Size: 30KB - Virtual size: 30KB

.reloc
Size: 1KB - Virtual size: 1KB