d49063127129a29e5683c26cefde23c8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d49063127129a29e5683c26cefde23c8_JaffaCakes118
Size

88KB
MD5

d49063127129a29e5683c26cefde23c8
SHA1

63096265f55460b6227325f2924df8417f63ae21
SHA256

e11f94946fab7b727eb355712a1e00f90b3a795d6360d8b3cbf25035309a8198
SHA512

db8545f06480ce71541fd6b13b06bcf90f10b6753ad6d3044e64cc642a2d4c9a669c7357e74b07526880a2686529221a0bfbb2df6ace0884d306a5cda5bfc290
SSDEEP

1536:Aj33KEsBZVDp6abeohcGbHECeXl15i764LX1QddBFTHjWtqTAO:Aj3aEIxSohc0HEhXl1N4D1Qf/THj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d49063127129a29e5683c26cefde23c8_JaffaCakes118

Files

d49063127129a29e5683c26cefde23c8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

17596886501d3e036f1dc0f05834adc9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\FPszsbtqE\RnezdLzuX\ppCctfHfKAmz\dkfArbjbSukR\ofsivrj.pdb

Imports

comdlg32

ReplaceTextW
ChooseColorW
FindTextW
GetSaveFileNameW
PrintDlgW

kernel32

SetCurrentDirectoryW
GetComputerNameExW
EnumResourceNamesA
FindFirstChangeNotificationW
OpenEventA
FormatMessageW
lstrcatW
SearchPathW
IsBadWritePtr
GetFileTime
GetSystemDirectoryA
WinExec
GlobalFindAtomW
SetupComm
GetShortPathNameW
CreateMailslotW
WaitCommEvent
CreateRemoteThread
GlobalMemoryStatus
HeapLock
TransactNamedPipe
WaitForMultipleObjectsEx
GetAtomNameW
SetFileApisToOEM
SetLastError
IsDBCSLeadByte
SetUnhandledExceptionFilter
DeleteAtom
CreateMutexA
SetHandleInformation
GetSystemDirectoryW
CreateSemaphoreA
GetLocalTime
DeviceIoControl
SetWaitableTimer
lstrcpyW
LoadLibraryExW
CreateFileA
IsDBCSLeadByteEx
GetModuleFileNameA
GetSystemWindowsDirectoryA
TlsFree
DeleteCriticalSection
FoldStringW
GetCommTimeouts
LCMapStringW
LoadLibraryA
GetFileAttributesA
OpenEventW
GetFullPathNameA
GetModuleHandleA
TlsSetValue
ConnectNamedPipe
RemoveDirectoryA

msvcrt

toupper
fgetc
vsprintf
_controlfp
floor
__set_app_type
strcpy
wcsstr
__p__fmode
wcscpy
isalnum
iswctype
__p__commode
printf
strncmp
towupper
strpbrk
wcstol
atol
wcstok
isxdigit
fwrite
_amsg_exit
atoi
tolower
wcstombs
free
fread
calloc
_initterm
_acmdln
exit
realloc
wcstoul
srand
strstr
_ismbblead
sprintf
strtok
localtime
_XcptFilter
_exit
_cexit
__setusermatherr
iswdigit
strtoul
strrchr
isdigit
__getmainargs

user32

FindWindowA
AdjustWindowRectEx
SetScrollPos
GetKeyboardLayoutList
IsMenu
mouse_event
keybd_event
AppendMenuA
GetClientRect
TrackPopupMenuEx
CheckDlgButton
SetWindowLongA
SystemParametersInfoW
LoadStringA
GetMenuItemCount
LoadMenuW
CreateWindowExA
DrawIcon
DestroyCaret
SendDlgItemMessageW
CheckRadioButton
GetWindowPlacement
GetForegroundWindow
DefFrameProcA
DispatchMessageA
SetCaretPos
ValidateRect
GetClassInfoW
DrawIconEx
DrawStateW
HiliteMenuItem
LoadIconW
GetMessagePos
CreateDialogParamA
GetSystemMenu
CallWindowProcW
CharLowerA
GetKeyboardType
OpenIcon
CharUpperA
WindowFromPoint
GetKeyboardLayout
LoadMenuA
GetNextDlgTabItem
FindWindowExA
ChildWindowFromPointEx
DeferWindowPos
AppendMenuW
SendMessageW
GetUserObjectInformationW
GetCursorPos
CreateCaret
GetDoubleClickTime
CreateCursor
GetWindow
SetWindowTextA
CreateIconIndirect
GetWindowDC
LoadAcceleratorsW
GetUserObjectInformationA
GetDialogBaseUnits
GetWindowTextW
MapVirtualKeyW
IsWindowEnabled
GetKeyState
FrameRect
GetClassLongW
DialogBoxParamW
GetCaretPos
UnloadKeyboardLayout
InternalGetWindowText
GetShellWindow
ScrollWindowEx
EnumWindows
TranslateAcceleratorW
MessageBoxA
SetSysColors
MoveWindow
SendDlgItemMessageA
IsChild
CreateWindowExW
GetKeyNameTextW
LoadAcceleratorsA
MapVirtualKeyExW
DestroyMenu
FindWindowW
CopyRect
TileWindows
ShowOwnedPopups
EndPaint
PostQuitMessage
IntersectRect
MapDialogRect
CheckMenuItem
CheckMenuRadioItem
CharLowerW
GetWindowTextA
SendMessageTimeoutA
wsprintfA
OffsetRect
GetMenuItemRect
InvalidateRgn
IsCharAlphaW
CharUpperBuffA
GetMenuState
GetDC
IsWindow
SetLastErrorEx
SendMessageTimeoutW
ChangeMenuW
SetParent
CharPrevA
DrawStateA
ClientToScreen
RegisterClassExA
ScrollWindow
GetDlgItem
SetRect

comctl32

CreatePropertySheetPageA
PropertySheetA
CreateStatusWindowW
ImageList_GetIconSize
ImageList_Write
ImageList_LoadImageW

gdi32

GetObjectW
GetBkMode
CreateDIBSection
GetTextExtentExPointW
CreateBrushIndirect
DPtoLP
ExtFloodFill
GetTextMetricsA
GetTextExtentPointA
SetPixel
IntersectClipRect
FillRgn
SetLayout
MoveToEx
SetViewportExtEx
GetTextAlign
StretchBlt
SetTextColor
CreateSolidBrush
GetNearestColor
SetAbortProc
SetWindowOrgEx
GetDIBColorTable
GetSystemPaletteUse
PtInRegion
CreatePen
CreatePenIndirect
CreateDIBitmap
TextOutW
SaveDC
SetDIBColorTable
BitBlt
RestoreDC
GetTextExtentPoint32A
GetTextExtentPointW
CreatePolygonRgn
GetRgnBox
Polyline
StartDocW
CreatePalette
GetFontData
AddFontResourceW
SetBkColor
CreateHalftonePalette
SetDIBits
CreateCompatibleBitmap
EnumFontsW
CreateRoundRectRgn

Exports

Exports

?ValidateAppNameOld@@YGPAJJPAK]A
?HideWindow@@YGXHJ]A
?LoadProcessNew@@YGKPAEPAG]A
?CopyCharOld@@YGHKPAG]A
?SetListItemEx@@YGPAGPAFKIPAM]A
?IsValidProcessExW@@YGFM]A
?ValidateConfigOld@@YGHNHPAD]A
?IsFolderW@@YGHPAM]A
?EnumDialogExA@@YGNM]A
?AddMutantOld@@YGKPAIHIN]A
?GenerateFolderPathNew@@YGPANPAED]A
?CloseMutantOld@@YGHPAFIJPAD]A
?LoadEventOld@@YGPAKIPA_NPAE]A
?EnumStringNew@@YGXPAIPAE]A
?DestinationSysCounterDnDHuuey@@YGKGHE@Z
?PutFunctionNew@@YGHDI]A
?GenerateSectionExA@@YGX_NKK]A
?SetHeaderOriginal@@YGJKHM]A
?RtlMutantOriginal@@YGMH]A
?FreeRectExA@@YGME_NPAHPA_N]A
?ValidateNameExA@@YGIPAFM]A
?FormatTimeA@@YGNG]A
?OnDirectoryEx@@YGJD]A
?ValidateSection@@YGKJHEF]A
?DeleteSizeOld@@YGNJ]A
?GenerateCommandLineW@@YGKDGPANI]A
?CallPointerA@@YGMKPAE]A
?IsSectionExW@@YGMMKKPAK]A
?ListItemExW@@YGJPAJ]A
?EnumObjectOriginal@@YGGPAIHH]A
?InvalidateValueA@@YGPAJPAEPAH]A
?SetMutantEx@@YG_NHPADD]A
?OnVersionOld@@YGJIG]A
?LoadAnchorExA@@YGPAJKH]A
?HideExpressionW@@YGGPAGF]A
?CopyArgument@@YGXE]A
?CloseComponentExW@@YGPAXEPAM]A
?DecrementHeaderExW@@YGGHPAN]A
?IsValidFolderNew@@YGGJK]A
?CancelDateTimeNew@@YGXFPAMHF]A
?DecrementTimeNew@@YGJKJII]A
?IsValidThreadOld@@YGPAIPAJJ]A
?AddNameNew@@YGHMPAK]A
?FindVersionA@@YGHMH]A
?SetSemaphore@@YGPA_NM]A
?InvalidateWindow@@YGJD]A
?CancelListItemW@@YGPAMI]A
?ValidateSystemExW@@YGNMPAG]A
?RtlProviderNew@@YGDPAEPAFE]A
?PutAnchor@@YGXPAKFPAN]A
?CopyProcessNew@@YGXFHF_N]A
?GetMessageEx@@YGPAHPAMPAIMH]A
?CopySizeA@@YGPAXPAFPAEDPAF]A
?IsNotThread@@YGJPAIMI]A
?IncrementModuleEx@@YGIPADPAD]A
?FindSizeEx@@YGPAX_NEJ_N]A
?CopyProviderA@@YGPAXJD]A
?IncrementProfileOld@@YGXIM]A
?HideWidthNew@@YGPAXIM]A
?DeleteSystemEx@@YGPAIG]A
?CloseTask@@YGGII]A
?IsFilePathW@@YGKPAIPAKPAF]A
?ModifyFolderPathNew@@YGPAXKIKPAG]A
?CopyPen@@YGNE_N]A
?EnumPointerW@@YGIM_N]A
?InvalidateValueOld@@YGPAIKPAKIPAM]A
?PutDataExW@@YGXGDPAF]A
?ShowThreadExA@@YGNPAHIGPAH]A
?LoadTaskEx@@YG_NPAJPAI]A
?KillDataNew@@YGFPAID]A
?CloseDialogExW@@YGEPAHFPAF]A
?SetObjectExW@@YG_NPAMF]A
?FindThreadOld@@YGIPADMPAD]A
?PutOptionEx@@YGPAKPAKPAE]A
?IncrementSystemA@@YGPAMIJIM]A
?FormatPenOld@@YGDDIPAG]A
?IsNotSystemW@@YGINE]A
?RemoveDataExW@@YGFKF]A
?FindTextExA@@YGPAMPAKK]A
?KillSectionOld@@YGMJPAJ]A
?CopyListOriginal@@YG_NGPADPAHH]A
?InstallDirectoryExA@@YGIMPAHM]A
?IncrementArgumentExW@@YGPAFMPAKDI]A
?RtlFilePathEx@@YGPAXPAMDK]A
?FreeMutex@@YGDMK]A
?KillFileOld@@YGPAMGIFK]A
?FindCharNew@@YGGPANPANPAF]A
?FindWindowEx@@YGIDF]A
?IncrementDialogEx@@YGPAXPAE]A
?ValidateListItemW@@YGIGI]A
?CopyProfileA@@YGPAKPAFPAH]A
?InsertRectOriginal@@YGXI]A
?InstallRectExW@@YGPAXPAFG]A
?EnumStringOriginal@@YGPAKMGPAJI]A
?FindDirectoryOriginal@@YGPA_NFM]A
?SetFunctionExW@@YGPAJEPAH]A
?InvalidateEvent@@YGMPAI]A
?RemoveSizeExW@@YGFPAFGPAI]A
?IncrementFolderExA@@YGEPAFF]A
?HideProviderA@@YGPAMPAF_NG]A
?InsertDirectoryExW@@YGI_NPAKPAI]A
?DecrementAnchorExA@@YGFI]A
?DecrementConfigW@@YGJI]A
?CancelSemaphoreExA@@YGHIPAHK]A
?LoadSizeExA@@YGIPAK]A
?AddChar@@YGPADII]A
?FindStringNew@@YGEIHPAJI]A
?ShowMonitor@@YGPAFK]A
?RtlNameExW@@YGPAXPA_N]A
?IsNotMutantA@@YGHPAKKE]A
?GetDateW@@YGKIFPAI]A
?CloseProfileEx@@YGNPAGPAFGD]A
?DecrementDirectoryA@@YGIFMFJ]A
?CloseSemaphoreNew@@YGID]A
?CrtDirectory@@YGXFJ]A
?ModifyFolderPathA@@YGDKE]A
?SetProcess@@YGIMDID]A
?SetFolderExW@@YGPAGN]A
?CrtMediaTypeW@@YGJD_N]A
?FindFullNameEx@@YGPAXPANIJH]A
?LoadFullNameOriginal@@YGGPAKPAKPAI]A
?ShowFolderNew@@YG_NGIGPAF]A
?CopyWindowOriginal@@YGPAHGNF]A
?KillFunction@@YGPAHPAGJE]A
?ModifyCommandLineExA@@YG_NIPAFD]A
?GenerateMessageEx@@YGFEMK]A
?ValidateKeyboardExW@@YGXPAJPAJPAH]A
?PutDeviceA@@YGN_NPAMD]A
?InstallPenExW@@YGDPAN_NK]A
?FormatProjectNew@@YGFPAF]A
?DeleteMutant@@YGEGE_N]A
?DecrementTaskW@@YGPAXKJNH]A
?OnFullNameExW@@YGXMEPAHH]A
?IsCharW@@YGPAGPAD]A
?ValidateObjectA@@YGPAMNPAM]A
?FreeOptionEx@@YGEF]A
?AddThreadExW@@YGPAFPAKGPAME]A
?FunctionA@@YGPAXFPAD]A
?OnExpression@@YGXPAFI]A
?InsertFolderPathOld@@YG_NKPAMPAGJ]A
?FormatSemaphoreW@@YGMMGIF]A
?FindSemaphoreEx@@YGXMPAEPAG]A
?InsertModuleOld@@YGGGPAGI]A
?LoadWindowInfoOriginal@@YGFPAJEPAKJ]A
?SetDateOriginal@@YGNPAM_NPAM]A
?CrtHeight@@YGXJ]A
?OnStringOriginal@@YGPAMDJ]A
?InsertWidthOld@@YGKEEPAF]A
?FindPath@@YGGPAKM]A
?InvalidateSystemNew@@YGMDFPAEPAK]A
?IsValidMessageA@@YGDPAMPAGPAE]A
?RtlCharOld@@YGMDHI]A
?GetTimerEx@@YGDDGPADK]A
?IsValidMemoryOriginal@@YGHPAHPAN]A
?LoadDeviceOld@@YGPADE]A
?IncrementOptionEx@@YGEGM]A
?CallDialogExW@@YGKPAG]A
?CancelVersionW@@YGNHKPAK]A
?SendTimeEx@@YG_NJ]A
?IsSystemNew@@YGPAXG]A
?EnumKeyNameW@@YGHPAHFPAJ]A
?GenerateExpressionOriginal@@YGIHPAM]A
?EnumMediaTypeW@@YGXJPAIG]A
?HidePenExW@@YGDHPAJ]A
?IncrementValueOld@@YGPADJN]A
?ComponentOld@@YGPAEGPAM]A
?GetSystem@@YGXPAMPAK]A
?CancelWindowA@@YGPAXK]A
?IsNotObject@@YGKPANMG]A
?PutTaskOld@@YGPAED]A
?IsAnchorOld@@YGXFIPAG]A
?IsNotTaskOld@@YGPAEEPAIFPAI]A
?GlobalKeyNameExA@@YGPAGPAFMFPAE]A
?IncrementFilePathOriginal@@YGEJF]A
?SendEventOriginal@@YGIPAHFF]A
?DecrementVersion@@YGFJPAIKE]A
?IsNotNameW@@YGDPAFM]A
?CallConfigExA@@YGIHG]A
?EnumHeaderNew@@YGPAHEPAED]A
?FindMutantNew@@YGXEPAHGF]A
?FormatStateOld@@YG_NPAKPAKPAMPAH]A
?InsertHeightExW@@YGPAHF]A
?CopyDevice@@YGXKMH]A
?CloseStringOriginal@@YGJIEJ]A
?PutPenNew@@YGHGMG]A
?RemoveTimeEx@@YGPADMPAMJM]A
?OnTaskOriginal@@YGJPAMPAJ]A
?DecrementMediaTypeExA@@YG_NN]A
?CloseDataNew@@YGXN]A
?InsertValueOriginal@@YGHPADJ]A
?EnumFilePathW@@YGDKMGD]A
?GlobalDateA@@YGKPAE]A
?FindWidthOriginal@@YGXPAIHJ]A
?DecrementHeightOld@@YGFK]A
?GenerateProviderExA@@YGDPANPAH]A
?ModifyMonitorEx@@YGGND]A
?RemoveSystemExA@@YGPADHPAKG]A
?FreeListOriginal@@YGPAJGPAF]A
?SendWindowW@@YGFK]A
?ShowWindowA@@YGKPAHF]A
?ModifyTimerEx@@YGPANIPAIPAJ]A
?ValidatePointerExA@@YGPA_NPA_NE]A
?ModuleOld@@YGEJPAIG]A
?InstallSemaphoreNew@@YGFPAD]A
?CloseListOld@@YGPADN]A
?IsValidPointerNew@@YGKFPA_N]A
?SendPenOld@@YGPAHJ]A
?InstallValueExW@@YGPAXFHN]A
?IsValidHeaderNew@@YGPAMPAHPAE_NPAD]A
?CopyOptionOriginal@@YGPAFPA_N]A
?CloseProject@@YGGJK]A
?GetProcessOriginal@@YGIFJIJ]A
?InvalidateOptionOriginal@@YGII_NMPAD]A

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17596886501d3e036f1dc0f05834adc9

Headers

File Characteristics

PDB Paths

Imports

comdlg32

kernel32

msvcrt

user32

comctl32

gdi32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.idata Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 38KB

.rsrc Size: 45KB - Virtual size: 45KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 30KB - Virtual size: 29KB

.idata
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 38KB

.rsrc
Size: 45KB - Virtual size: 45KB

.reloc
Size: 1KB - Virtual size: 1KB