c822ca12d01669ff37c9565ce203e78c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

c822ca12d01669ff37c9565ce203e78c_JaffaCakes118
Size

115KB
MD5

c822ca12d01669ff37c9565ce203e78c
SHA1

023781f9a4ec8e490101efbbfd701df70452665d
SHA256

4a708cbc78ad78cd1eb1cdbd677ee8d546dcfd1fe0c89e33dace95c48f841bac
SHA512

878106050ee5387bc117fd1cfd9249297d41a9b9d8cd1d5bbb8331fff841696e712328d78ddfa71ffb7eeb5314098a85ae76542d145890be103ba2fc8f08160f
SSDEEP

1536:8a/vzHOzz0BZVDp6J1DHxB4BbqmohJeIJ45snVhMhMHhCozvvibANci/oz+d:8a/bHOIa1DHUBDCEsVhM4vvqAZF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c822ca12d01669ff37c9565ce203e78c_JaffaCakes118

Files

c822ca12d01669ff37c9565ce203e78c_JaffaCakes118
.dll windows:5 windows x86 arch:x86

fb36d8b152857c89641f84fdbb3d053b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

S:\cdluwtgbxzQy\XbMrCoptc\yCmNozrhpuSz\XkaTbozKjogtii.pdb

Imports

gdi32

CreateBrushIndirect
SetStretchBltMode
Polygon
Polyline
FillRgn
CreateICW
ScaleViewportExtEx
SetROP2
GetTextExtentPoint32W
CreateCompatibleDC
TranslateCharsetInfo
CreateEllipticRgnIndirect
LineTo
GetLayout
SetBkColor
StartDocW
Ellipse
StretchBlt
OffsetViewportOrgEx
PathToRegion
StretchDIBits
GetClipBox
ResizePalette
SetViewportOrgEx
GetROP2
CreateRectRgn
EndDoc
Rectangle
SetPaletteEntries
GetPaletteEntries
EndPage
RemoveFontResourceW
ScaleWindowExtEx
GetTextExtentPointA
BitBlt
SetRectRgn
CreateFontW
StartPage
SetPixel
CreateDIBSection
LPtoDP
SelectPalette
SetWindowExtEx
GetTextExtentExPointW
CombineRgn
IntersectClipRect
CreateDiscardableBitmap
ExcludeClipRect
PolyBezier
SelectObject
GetTextExtentPointW

kernel32

GetModuleFileNameA
lstrcatW
SetHandleInformation
WaitForSingleObjectEx
CompareStringA
GetTimeFormatA
GetVersionExW
GetLocalTime
SetEndOfFile
LocalLock
LocalFree
ClearCommBreak
SetMailslotInfo
GetSystemDirectoryW
LocalSize
CopyFileA
GetModuleHandleW
MoveFileA
HeapAlloc
GetShortPathNameW
SetFileAttributesA
WaitForMultipleObjectsEx
FindFirstFileA
DeviceIoControl
CreateSemaphoreW
GetOEMCP
LoadLibraryA
CreateSemaphoreA
TlsGetValue
SetPriorityClass
GetCommandLineA
ConvertDefaultLocale
EnumResourceLanguagesA
GetExitCodeThread
LoadLibraryW
GetCommTimeouts
EnumResourceNamesW
GetSystemDefaultUILanguage
lstrcmpiA
WaitForMultipleObjects
SetFilePointer
SetCommMask
VerSetConditionMask
GetCompressedFileSizeW
CreateNamedPipeA
GetFileAttributesExA
CreateMailslotW
GlobalReAlloc
SetThreadAffinityMask
FindResourceExW
IsDBCSLeadByte
FormatMessageA
GetModuleHandleA
EnumSystemLocalesA
EscapeCommFunction
lstrlenW

comdlg32

GetOpenFileNameA
ReplaceTextW
FindTextW
ChooseColorW
PrintDlgExW
GetSaveFileNameA

shlwapi

StrChrIA

user32

ScrollWindow
RegisterWindowMessageW
ShowOwnedPopups
GetCursorPos
CopyImage
CharToOemA
ShowScrollBar
CreateCaret
GetAsyncKeyState
ChildWindowFromPoint
GetMessageTime
DefWindowProcW
OemToCharBuffA
GetClassInfoA
CharLowerW
IsDialogMessageA
DrawIcon
CallWindowProcA
HiliteMenuItem
ChildWindowFromPointEx
IsDialogMessageW
AppendMenuW
SetScrollPos
GetUserObjectInformationA
ScrollWindowEx
GetClipCursor
GetClassNameW
SendMessageTimeoutW
DeleteMenu
GetDlgCtrlID
OpenDesktopW
DestroyCursor
RemovePropW
MessageBoxExA
GetActiveWindow
ChangeMenuW
SetActiveWindow
RegisterClassExA
FindWindowW
GetNextDlgGroupItem
AttachThreadInput
CreateDialogIndirectParamW
CharPrevA
GetClassInfoExA
HideCaret
GetScrollPos
LoadAcceleratorsA
TabbedTextOutW
GetMenuItemInfoW
TranslateMessage
GetWindowLongA
GetClassInfoW
WaitForInputIdle
LoadCursorA
GetDlgItemTextA
GetKeyboardLayoutList
MessageBoxExW
GetDCEx
CreateCursor
LoadIconW
EnumThreadWindows
CheckRadioButton
CreateWindowExW
DefDlgProcA
DrawTextW
SendInput
CharToOemBuffA
PostThreadMessageA
EnableMenuItem
IsIconic
wvsprintfW
CreateDialogParamW
LoadStringA
DrawTextA
GetPropW
ShowWindowAsync
IsZoomed
FrameRect
SetWindowTextA
GetWindowTextLengthW
PostThreadMessageW
DestroyCaret
InSendMessageEx
SetDlgItemInt
GetKeyboardLayoutNameW
AdjustWindowRectEx
DialogBoxParamA
CharLowerBuffW
GetDialogBaseUnits
EndDialog
SetDlgItemTextW
MapVirtualKeyA
DrawAnimatedRects
ReplyMessage
CreateIconIndirect
LoadMenuW
UnionRect
FindWindowA
MessageBoxA
DispatchMessageW
LockWindowUpdate
GetClientRect
CreateDialogParamA
GetWindowPlacement
ActivateKeyboardLayout
OffsetRect
ModifyMenuW
LoadBitmapW
GetSysColor
CreateAcceleratorTableW
EnumWindows
LoadImageA
RegisterClassA
SendDlgItemMessageW
InSendMessage
UpdateWindow
LoadCursorW
SwitchToThisWindow
mouse_event
IntersectRect
SetWindowPlacement

msvcrt

toupper
wcschr
fputc
towupper
iswspace
_controlfp
wcspbrk
__set_app_type
__p__fmode
__p__commode
_amsg_exit
mktime
putchar
isspace
vsprintf
isupper
strerror
iswalpha
_initterm
iswdigit
_acmdln
swscanf
isalnum
exit
clearerr
_ismbblead
strcoll
isdigit
floor
setlocale
_XcptFilter
iswctype
_exit
_cexit
fflush
putc
srand
getenv
printf
__setusermatherr
fputs
__getmainargs
fprintf
vswprintf
realloc
strspn
wcslen
malloc
free

Exports

Exports

?GetDeviceOriginal@@YGHPAEI_NPAE]A
?ValidateProcessOriginal@@YGPAJ_N]A
?CancelSize@@YGXJFPAE]A
?TextOld@@YGPAXMDFI]A
?CloseTextNew@@YGXKJ]A
?GlobalFolderNew@@YGPAMMPAK]A
?FreeHeightExA@@YGPA_NPAGJ]A
?DeletePointer@@YGKEIM]A
?InsertScreenA@@YGHPAGE_NG]A
?CallTime@@YGPAMPADPAEGF]A
?GenerateMediaTypeEx@@YGFJPAHFJ]A
?LoadKeyboardExW@@YGHNPADGG]A
?CallMessageOld@@YGPAKM]A
?SetDirectoryExW@@YGPAFPAJPAE]A
?InsertNameOriginal@@YGPAHNPAN]A
?ModifyComponentW@@YGXPAFN]A
InstallU
?EnumKeyboardExA@@YGPAIPAJ]A
?CrtFolderEx@@YGNPAM_NH]A
?SetWidthNew@@YGFDPAI]A
?SetRect@@YGPAHJEEPAI]A
?RtlTextW@@YGXIPAM]A
?CancelClassOriginal@@YGPAHH]A
?EnumArgumentNew@@YGEK]A
?CancelMutexA@@YGF_NK]A
?IsVersionExW@@YGHPAJPAI]A
?InstallVersionW@@YGXPAHPAGG]A
?InvalidateWindowInfoEx@@YGJPAG]A
?InsertPointerW@@YGPAINPAFJPAJ]A
?RtlDialogW@@YGKPAGGFPAD]A
?IsNotDeviceOriginal@@YGXPAMPAN]A
?CancelMemoryOriginal@@YGIPAFEM]A
?OnFilePath@@YGDHGG]A
?GenerateFilePath@@YGJDKHPAE]A
?KillProviderExA@@YGIPAK]A
?HideSize@@YGM_NIPAF_N]A
?InvalidateThread@@YGPAHPAK]A
?DeletePathW@@YGNPAFPAIEPA_N]A
?InstallTask@@YGPAMPAHEPAH]A
?CloseConfigExA@@YGXIPAEHI]A
?IsArgumentExA@@YGKKPAIDPAF]A
?EnumStateEx@@YGJIDPAKD]A
?ModifyMutantEx@@YG_NHIJPAF]A
?InvalidateNameOriginal@@YGJMFJE]A
?RemoveDirectoryExW@@YGXPAIPAEMPAD]A
PluginCommand
?IsValidWindowNew@@YGEPAIK]A
?EnumFolderPathExA@@YGPA_NPAJJD]A
?SendHeaderW@@YGKFPAGF]A
?SendKeyboardOld@@YGNM]A
?ValidateSizeEx@@YGPAMJPAEPAJ]A
PluginMain
?ValidateTimerOriginal@@YGPADEG]A
?SendWidthExA@@YGPAFPAMPA_NHE]A
?RtlCommandLineOriginal@@YGPAMNPAMFM]A
?CancelSemaphoreExW@@YGXMFFPAJ]A
?CancelListA@@YGXFE_N]A
?EnumDeviceExW@@YGHPAFPAHF]A
?ValidateTimeEx@@YGPAG_NE]A
?IsValidHeightExW@@YGPA_NDK_ND]A
?EnumPointNew@@YGPAFHJ]A
?ValidateMutantNew@@YGPAGFPAFJ]A
?AddPathA@@YGPAGPAEDNPAF]A
?FolderEx@@YGGDD]A
?IsNotClassExW@@YGDM]A
?HideFilePathOriginal@@YGEHGPAF]A
?EnumMessageA@@YGPAKE]A
?SendAppNameEx@@YGPADJ]A
?ShowDialog@@YGHF]A
?CloseFileExA@@YGHPA_NM]A
?FreeCharExA@@YGIPAJPAD]A
?InstallEventA@@YGGPAJ]A
?RemoveSectionW@@YGNPAG]A
?CloseCharOriginal@@YGPAXF]A
?CopyDateTimeOld@@YGEJI]A
?PutProviderW@@YGPAJHDJ]A
?CallMemoryOld@@YGMPAJPAIIE]A
?CallAppName@@YGPAXPAEPAM_N]A
?AddValue@@YGMPAG]A
PluginName
?AddDeviceW@@YGDFJDM]A
?FormatNameExW@@YGEM]A
?ValidateSystemExW@@YGEPAFME]A
?RemoveListItemExA@@YGJFPAJ]A
?InvalidateDeviceEx@@YGPANPAFK]A
?FindConfigNew@@YGJPAFIGE]A
?ShowFilePathEx@@YGPA_NPAGPAFPAK]A
?SetClassOld@@YGKHPAMH]A
?CancelFolderOriginal@@YGHFD]A
?IsAnchorOriginal@@YGXDJE]A
?GenerateExpressionW@@YGEPAEEPAE]A
?CrtMonitorOriginal@@YGIPAGGPAI]A
?IsPointerW@@YGKPAMPAHF]A
?CrtThreadA@@YGKPAGHG]A
?KillTimerNew@@YGEPAJEKJ]A
?SendMutex@@YGMFM]A
?EnumFolderPathNew@@YGPAIPAGN]A
?IsScreenOriginal@@YGMD]A
?DeletePointEx@@YGJPAEI]A
?InsertMonitorA@@YGPAG_NEJM]A
?GetCharNew@@YGXG]A
?IsValidProcessOld@@YGPAFI]A
?KillSectionExA@@YGEMI]A
?OnListNew@@YGPAHJPAFHD]A
PluginType
?CrtProjectOld@@YGPADPANMPAF]A
?RtlSystemA@@YGIPAJPADIH]A
?DeleteKeyboardOriginal@@YGKPAD]A
?SendMessageOriginal@@YGPAHF]A
?PutSemaphoreExA@@YGMEEPAKK]A
PluginVersion
?OnDeviceA@@YGJEFEH]A
?LoadNameOriginal@@YGFPAJIM]A
?HideDateEx@@YGPANEPAM]A
?InsertSemaphoreA@@YGPADI]A
?FreeFileNew@@YGDG]A
?FormatStringOriginal@@YGPAFDHE]A
?SendKeyboardOriginal@@YGIPAFJN]A
?CallSectionOld@@YGPAJPANJ]A
?RemoveKeyboardOriginal@@YG_NEDPAI]A
?CrtProfileA@@YGHPAHPAE_N]A
?SendPointOriginal@@YGXEPAI]A
?IncrementFolderPathA@@YGPAHMDPAN]A
?GlobalFolderExA@@YGKFNKJ]A
?FindValueEx@@YGHPANPAJ]A
?ValidatePointerNew@@YGMJH]A
?SendAnchorOriginal@@YGPAMPAGE]A
?ShowSemaphoreExA@@YGPADDM]A
?IsNotWindowInfoExW@@YGEPAN]A
?IsValidFileOld@@YGPAEPAFE]A
?SendMessageW@@YGXPAE]A
?HideStateNew@@YGJPAJGG]A
?ValidateSemaphore@@YGDEEFD]A
?InvalidateVersion@@YGEGK]A
?CancelNameW@@YGPANK]A
?EnumMutexOld@@YGPAXGM]A
WSPStartup
?ListEx@@YGKPAGE]A
?FreeThreadOld@@YGPADFNH]A
?CancelExpressionExW@@YGX_NPAH]A
?DeleteFilePath@@YGPAHKPAHFPAM]A
?InsertOptionOld@@YGPAEFPAHJPAM]A
?FindFunctionNew@@YGXDI]A
?IsNameExW@@YGPA_ND]A
?FindValueW@@YGXPAJG]A
?IncrementFileExW@@YGXH]A
?RemoveTaskA@@YGKFHHPAF]A
?LoadPathA@@YGGNGF]A
?IsValidObjectOld@@YGPAJPAED]A
?EnumConfigW@@YGENF]A
?IsMediaTypeExA@@YGPAHNFFM]A
?CallStateNew@@YGPAXMKPAH]A
?DeletePointerExW@@YGPAHJKGI]A
?DecrementValueW@@YGH_NPAFPAN]A
?SetAppNameExA@@YGPADJK]A
?GlobalMutexA@@YGPAJPAHPAEM]A
?CopyDirectoryEx@@YGDPAHPAMD]A
?KillDateOriginal@@YGMENPAN]A
?GetWindowOriginal@@YGDMPAJPAFPAJ]A
?PutConfigNew@@YGXF]A
?SetDateW@@YGJI]A
?CancelCharExW@@YGMFMPAGM]A
?PutStringOld@@YGIPADPAJF]A
?AddPointNew@@YGHFMPAGPAN]A
?LoadVersionEx@@YGDPAM]A
?CrtListItemExW@@YGPAKFGMK]A
?DecrementOptionOld@@YGIMPAKM]A
?CloseFilePathExW@@YGXPAFM]A
?InsertKeyName@@YGPAHPAHPAH]A
?CancelDateTime@@YGPAKJPAF]A
?IsNotStateOld@@YGPAJGE]A
?GenerateRectEx@@YGHPAH]A
?CrtDialogNew@@YGHPAG]A
?CallMonitor@@YGDDEI]A
?ModifyWindowA@@YGFDHHPAK]A
?DeleteNameW@@YGPA_NEFEF]A
?InsertListItem@@YGGM]A
?RemovePathOriginal@@YGPAKPA_N_NFPAJ]A
?CopySectionExA@@YGKGM]A
?CloseVersionA@@YGXMK_NJ]A
?OnMutantA@@YGPAFEPAGG]A
?CallProjectEx@@YGNDH]A
?DecrementMemoryOld@@YGDGPAI]A
?InsertStringOld@@YGGPAGGPAKPAM]A
?ModifySystem@@YGKPANJEM]A
?CopyMonitorW@@YGPADPAMDPAGPAK]A
?IsValidProvider@@YGEKGD_N]A
?GlobalMemoryEx@@YGMEI]A
?LoadPathOld@@YGXMJ]A
?FormatFullNameExW@@YGKKDGPAE]A
?GetFullNameExA@@YGPAEIPAK]A
?InvalidateWidthNew@@YGIJ]A
?FormatProjectOld@@YG_NHPAKKM]A
?PutProfileA@@YGPAKPAJ]A
?SendModuleExA@@YGDDDEPAE]A
?DecrementEventOriginal@@YGPAMH]A
?LoadHeaderOriginal@@YGPAH_NPAK]A
?CopyFolderPathOriginal@@YGPAHPAF]A
?InvalidateFolderA@@YGDFPAFG]A
?FreeWidth@@YGXPAENFG]A
?GetPointA@@YGXKPAKIF]A
?DeleteMediaType@@YGKPAJDD]A
?OnKeyNameEx@@YGFPAJMPADPA_N]A
?InstallTimeOld@@YGJPAM]A
?RtlEventA@@YG_NJJD]A
?GetThreadOriginal@@YGKGFJ]A
?CopyOptionExA@@YGPAHPAF]A
?GlobalDataEx@@YGPADKKFPA_N]A
?DestinationSysCounterDnDHuuey@@YGKGHE@Z
?GlobalDateOriginal@@YGXJPAMPAGPAE]A
?KillStateNew@@YGXM_N]A
?KillTaskExW@@YGPAEPAM]A
?RemoveString@@YGXPAH]A
?IncrementComponentOriginal@@YGPAFFKPAMH]A
?IncrementSize@@YGPAIHD]A
?EnumRectOld@@YGFKPAME]A

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zimp
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb36d8b152857c89641f84fdbb3d053b

Headers

File Characteristics

PDB Paths

Imports

gdi32

kernel32

comdlg32

shlwapi

user32

msvcrt

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 30KB

.zimp Size: 6KB - Virtual size: 5KB

.data Size: 3KB - Virtual size: 69KB

.rsrc Size: 71KB - Virtual size: 71KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 31KB - Virtual size: 30KB

.zimp
Size: 6KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 69KB

.rsrc
Size: 71KB - Virtual size: 71KB

.reloc
Size: 2KB - Virtual size: 1KB