d6e7ef129a11d5472705bd646b13c5e8_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

d6e7ef129a11d5472705bd646b13c5e8_JaffaCakes118
Size

530KB
MD5

d6e7ef129a11d5472705bd646b13c5e8
SHA1

d54b8a7b9a28783e02c299c18b785134d8bed65b
SHA256

37525592d85ef910f8f1628f5ff9f6bc4e9af3ae93b32476985a3be3d17e6aaf
SHA512

440d3c375ed89a7f7af59ae648b9a6e6687586d061160a779bf05d0252127b94ab76d227c079183de8c682a3caa95a927c32039de7711781cfdd0e5787e65c71
SSDEEP

12288:LZOKlxcLUyg2LiLLHktxSsX2oPtBBBFcV72Ye6IIwBTQK6G:LiiLLHSxSPutBBjM72lIwZQKt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d6e7ef129a11d5472705bd646b13c5e8_JaffaCakes118

Files

d6e7ef129a11d5472705bd646b13c5e8_JaffaCakes118
.exe windows:5 windows x86 arch:x86

53dc847012887ed81a8fab94696ea5d1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

N:\pqubzOmVqNEQ\cPtdKdh\tteqOxDqz\jnHftEhmflme\vgpnqSSkHbZ.pdb

Imports

msvcrt

_controlfp
__set_app_type
strcspn
__p__fmode
strtol
__p__commode
_amsg_exit
wcspbrk
rand
_initterm
clock
wcscmp
_acmdln
exit
ungetc
iswdigit
_ismbblead
getenv
_XcptFilter
_exit
_cexit
system
strcpy
__setusermatherr
gmtime
__getmainargs

comdlg32

PrintDlgW
GetFileTitleW
GetOpenFileNameA

user32

DrawIcon
RegisterClassA
CharNextW
CharLowerW
LockWindowUpdate
DrawEdge
CopyImage
RedrawWindow
GetWindowRect
KillTimer
LoadCursorA
GetClassInfoExW
GetLastActivePopup
CreateAcceleratorTableW
AdjustWindowRectEx
GetMenuItemRect
GetMenuState
DialogBoxIndirectParamW
DestroyWindow
SetRect
LookupIconIdFromDirectory
EqualRect
GetScrollPos
SetMenuItemBitmaps
IsZoomed
IsMenu
GetClassNameW
GetDlgItemTextA
DefWindowProcA
GetUserObjectInformationW
SetCursorPos
InsertMenuA
GetDlgItemInt
GetKeyboardType
PostThreadMessageA
SetCaretPos
InvalidateRgn
DefFrameProcA
SetTimer
GetMessageTime
SetWindowRgn
FindWindowA
IsDialogMessageW
CharToOemBuffA

gdi32

CreateSolidBrush
ExtTextOutA
PatBlt
CreateHalftonePalette
CreatePalette
GetTextFaceW
GetBkMode
RestoreDC
GetTextExtentExPointW
TranslateCharsetInfo
RealizePalette
RectVisible
GetDIBits
ExtFloodFill
CreateBrushIndirect
StartDocW
GetTextMetricsA
Polyline

advapi32

IsValidSecurityDescriptor
OpenBackupEventLogW

kernel32

IsValidLanguageGroup
CreateNamedPipeA
AddAtomW
CreateFileMappingW
lstrcmpiA
GetVersion
RemoveDirectoryA
LockResource
GetTempPathA
HeapAlloc
LoadLibraryA
VirtualQuery
HeapFree
CopyFileA
GetCommandLineW
GetSystemDirectoryW
ExitProcess
GetCommState
GetProcessHeap
EnumResourceNamesA
AddAtomA
GetStartupInfoW
GetOverlappedResult
lstrcmpA

shlwapi

StrNCatW
PathRemoveBlanksW
StrCSpnIW

Exports

Exports

?FreeCharExW@@YGEPAMEKPAJ&U
?LoadFileEx@@YGJJPAMPADPAJ&U
?GlobalDateTimeA@@YGPAXGDE&U
?GetAnchorEx@@YGPAXDEFPAN&U
?ValidateMemoryExA@@YGPA_NPAII&U
?RemoveMutexNew@@YGPAFPAGPAFJD&U
?LoadEventA@@YGPAXPAF&U
?AddComponentOriginal@@YGGDMID&U
?LoadConfigExW@@YGKINIF&U
?ValidateProfileOriginal@@YGIH&U
?CallConfigW@@YGJIPAF&U
?CallComponentEx@@YGDPAKPAHFPAI&U
?LoadModuleOriginal@@YGD_NDM&U
?RtlAppNameA@@YGJPAEHPAJ&U
?CopyPoint@@YG_NGIMPAH&U
?IncrementListItem@@YGEJ_NH&U
?FindTimer@@YGPAMPAMGD&U
?FormatDateW@@YGPAXK&U
?OnAppNameNew@@YGXPADG&U
?InsertCommandLineOriginal@@YGPAKEI_NK&U
?DecrementDateTimeNew@@YGJPA_NK&U
?GlobalFileExA@@YGKPAKPAFFG&U
?KillDateW@@YGJJPAFPAE&U
?DeleteFilePathOriginal@@YGDH&U
?AddScreenA@@YGDFME&U
?RtlWindowInfoOriginal@@YGEMK&U
?FormatEventEx@@YGPAFPAFPAH&U
?ModifyProcessEx@@YGPAHPAKKPAI&U
?AddTimerNew@@YGPAIPAKMK&U
?CancelHeightExW@@YGXJNH&U
?ProfileNew@@YGFPAEFEF&U
?FreeAnchorW@@YGPAGEJ&U
?InvalidateEvent@@YGPAXPAF&U
?IsAnchor@@YGKMKPADPAJ&U
?FormatProcessOriginal@@YGGJIGPAF&U
?EnumConfigExW@@YGKPAH&U
?GetValue@@YGPAMJ&U
?FindDateOld@@YGXD&U
?AddStringEx@@YGPAIJF&U
?ValidateStringOriginal@@YGXPADGPAH&U
?CrtWindowExA@@YGPAXM&U
?DeleteDateTimeW@@YGPAKD&U
?DeleteThreadW@@YGXPAKPA_NK&U
?ShowScreenExA@@YGPAFGPAMPAGH&U
?EnumProcessExA@@YGHPAF&U
?FreeHeaderNew@@YGDEPAI&U
?ValidateHeaderNew@@YGFPA_N&U
?ThreadA@@YGPAXI&U
?ModifyTime@@YGPADF&U
?DeleteFullNameNew@@YGXNIPAD&U
?SetExpressionExW@@YGDIE&U
?InvalidateDirectoryOld@@YGXEPAGG&U
?GenerateVersionEx@@YGPAFDK&U
?CrtDate@@YGEEDPAFPAK&U
?SendMediaTypeExA@@YGHJHPAD&U
?FindMediaTypeExA@@YGFPA_N_N&U
?IsDirectoryA@@YGMHN&U
?IsNotHeaderEx@@YGEIFEF&U
?CancelWindowNew@@YG_NPA_N_NHI&U
?IsValidClass@@YGFPAMFJ&U
?CrtOptionOriginal@@YGGPAEM&U
?IsHeightExA@@YGPAMNPAFH&U
?IncrementRect@@YGJHI&U
?GlobalValueOld@@YGE_NPAFPAHPAG&U
?LoadObjectEx@@YGKIKKPAE&U
?IsExpressionOriginal@@YGJPAI&U
?DeleteCharNew@@YGGEG&U
?HideExpressionExA@@YGIPAM&U
?LoadConfigNew@@YGXGFD&U
?SendDateTimeOld@@YGMH&U
?FindProfileNew@@YGHGPAHIE&U
?AddObjectExW@@YGIMKHG&U
?InstallDeviceExW@@YGPADPAGMPAH&U
?GetTimerExA@@YGPAFNPAFPAK&U
?FormatWindowExA@@YGPAHPAHF&U
?RtlMediaType@@YGJJD&U
?IsNotCharOld@@YGIKPAFG&U
?RtlModuleOld@@YGHDGEJ&U
?IsValidPathA@@YGPAGM&U
?DecrementListA@@YGGMJIG&U
?LoadSizeEx@@YGXPADGMJ&U
?FindOptionOriginal@@YGGPAM&U
?ModifyProfileEx@@YGINM&U
?IsKeyName@@YGPA_NPAF_NPAM&U
?ClosePointerOld@@YGXEIPAM&U
?IncrementChar@@YGPAFPAF_NJPAF&U
?EnumOptionOriginal@@YGPAXJJKE&U
?CloseMessageExW@@YGFPAKIF&U
?InstallDateOriginal@@YGPAIF&U
?CancelPointerExW@@YGDFPA_N&U
?ShowComponentA@@YGPAMPAHPANKG&U
?CallFolder@@YGGPAEH&U
?InvalidateAnchorExA@@YGPAHPAMPAGPA_N&U
?GetHeight@@YGDMPAMJ&U
?CallConfigA@@YGPAXI&U
?ShowPathEx@@YG_NPANGK&U
?ValidateTimeW@@YGPAIE_NKPAG&U
?IsProcessExW@@YGXPAKMPAM&U
?IsPointer@@YGIEI&U
?DeleteSectionEx@@YGPAKFN&U
?CloseListItemW@@YGMKKJ&U
?SendHeightEx@@YGPAGHPADG&U
?InstallWidthW@@YGFPAFPAJPAGK&U
?GenerateWindowInfoEx@@YGPAEK_N_N&U
?CancelProfileExW@@YGGPAEFPAH&U
?IncrementFilePathExA@@YGXG&U
?ShowModuleExW@@YGEJJH&U
?ValueExW@@YGPAGHIPAGM&U
?CancelPointOriginal@@YGPAGN&U
?FreeVersionOld@@YGJPAN_N&U
?InvalidateTaskEx@@YGNPAKPAMPAH&U
?EnumProjectA@@YGPAXKI&U
?DecrementRectEx@@YGKEI&U
?FormatPointEx@@YGEPAEPAIJH&U
?DecrementArgumentEx@@YGFJK&U
?DecrementProfileW@@YGF_NPAF&U
?DeletePointEx@@YGJK&U
?IsWidthOld@@YGFMPAJ&U
?DecrementAnchor@@YGIHMPAHJ&U
?KillSystem@@YGPAKGI&U
?DeleteDataEx@@YGXGN_N&U
?IncrementFullNameExW@@YGPAGJPAGF&U
?IsValidEventExA@@YGPAXGD&U
?IncrementStringOld@@YGPAXHPAN&U
?CrtListItemOld@@YGG_NKGPAI&U
?ValidateCharW@@YGXPANJ&U
?AddConfigA@@YGGHM&U
?DeleteHeightExW@@YG_NPAK&U
?CancelAnchorA@@YGPAHPAJPAG&U
?CloseListItemEx@@YGPAHHE&U
?FindPointExW@@YGFE&U
?AddRectOriginal@@YGPAIGKJG&U
?IsMessageOriginal@@YGPAEKDHM&U
?RemoveComponentEx@@YGPAGDPAK&U
?GenerateSizeEx@@YGIKPAN&U
?CloseCharExA@@YGPAMHPAGFN&U
?IsNotMessageA@@YGMI&U
?HideTextW@@YGMPAHM&U
?RtlOptionOld@@YGMGPAGI&U
?CopyCharOld@@YGMD&U
?AddStringNew@@YG_NI_NPAI&U
?KillKeyNameOriginal@@YGFKDKH&U
?HideDialogW@@YGEPAFD&U
?ShowValueEx@@YGFPAMJ&U
?IncrementWidthA@@YGXPAF&U
?FormatChar@@YGPANK&U
?CallWindowInfoW@@YGPAXPAH&U
?IsNotAnchor@@YGHPAM_NPAE&U
?SendOptionExW@@YGXFPAK_NK&U
?AddEventEx@@YGGH&U
?InsertProcessEx@@YGPAXPA_NPAGD&U
?DeleteTimerW@@YGPAFHKPAEPAH&U
?ShowRectNew@@YGGPAI&U
?GetProjectNew@@YGNG&U

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stit
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.simp
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbug
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dbg
Size: 512B - Virtual size: 87B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.dvar
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dpt
Size: 512B - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 834KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53dc847012887ed81a8fab94696ea5d1

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comdlg32

user32

gdi32

advapi32

kernel32

shlwapi

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.stit Size: 1024B - Virtual size: 540B

.simp Size: 3KB - Virtual size: 2KB

.edata Size: 6KB - Virtual size: 5KB

.dbug Size: 512B - Virtual size: 28B

.dbg Size: 512B - Virtual size: 87B

.dvar Size: 512B - Virtual size: 44B

.dpt Size: 512B - Virtual size: 496B

.pdata Size: 3KB - Virtual size: 834KB

.data Size: 2KB - Virtual size: 2KB

.tls Size: 512B - Virtual size: 512B

.rsrc Size: 484KB - Virtual size: 484KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 24KB - Virtual size: 23KB

.stit
Size: 1024B - Virtual size: 540B

.simp
Size: 3KB - Virtual size: 2KB

.edata
Size: 6KB - Virtual size: 5KB

.dbug
Size: 512B - Virtual size: 28B

.dbg
Size: 512B - Virtual size: 87B

.dvar
Size: 512B - Virtual size: 44B

.dpt
Size: 512B - Virtual size: 496B

.pdata
Size: 3KB - Virtual size: 834KB

.data
Size: 2KB - Virtual size: 2KB

.tls
Size: 512B - Virtual size: 512B

.rsrc
Size: 484KB - Virtual size: 484KB

.reloc
Size: 2KB - Virtual size: 1KB