dab3309d9a09212f04eb5a304cc286a4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

dab3309d9a09212f04eb5a304cc286a4_JaffaCakes118
Size

112KB
MD5

dab3309d9a09212f04eb5a304cc286a4
SHA1

ae204544403b24c142756fb040bf582c17e3cf32
SHA256

f536516b1a2de8b73229b8443d2ef2617da1e921bda3ad03c54122f08aa54104
SHA512

8fa6816fc9243a656fdefac274dc7208f9dba58613b2982b7472d5156c9e1eaefd14e460b4579a128e810618d6e079a7b288f8ebe114e2c056e534f4430fdec8
SSDEEP

1536:AzRDKhb6BZVDp6o5Xf1GyNmohJeIJ45snVhMhMHhCozvvibANci/ozl:GRDK9aL5XdGNCEsVhM4vvqAZk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dab3309d9a09212f04eb5a304cc286a4_JaffaCakes118

Files

dab3309d9a09212f04eb5a304cc286a4_JaffaCakes118
.dll windows:5 windows x86 arch:x86

12b7cddaca0ce37aca700d92f4cf0de0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

G:\RolcIfyg\ZhpboeNpVS\LvuuljNcVyphzl\mwXcYtuzq\wpCpkUh.pdb

Imports

gdi32

GetRgnBox
ExtTextOutA
GetTextMetricsW
GetBitmapBits
CreateBitmapIndirect
LineTo
GetMapMode
SetBkMode
EnumFontFamiliesW
PathToRegion
Escape
GetPixel
SaveDC
GetTextExtentPoint32W
StartDocW
GetObjectA
StretchDIBits
SetBkColor
GetDIBColorTable
GetFontData
CreateFontW
GetPaletteEntries
CreateBrushIndirect
CreatePenIndirect
CreatePatternBrush
GetSystemPaletteEntries
TextOutA
CreateDIBitmap
CreateBitmap
ExtFloodFill
GetCurrentObject
SetWindowExtEx
SetPaletteEntries
SetDIBitsToDevice
SetBitmapBits
AddFontResourceW
SelectClipRgn
GetClipBox
SetRectRgn
LPtoDP
CreateDiscardableBitmap
RemoveFontResourceW
DeleteDC
SetROP2
StartPage
Rectangle
GetStockObject
GetBkMode
EndPath
GetTextMetricsA

msvcrt

clock
wcsstr
getenv
fgets
toupper
_controlfp
ungetc
fwrite
isalpha
swprintf
free
fflush
isalnum
__set_app_type
__p__fmode
fread
fprintf
wcsncmp
wcsncpy
gets
__p__commode
wcscmp
towupper
_amsg_exit
strncpy
_initterm
_acmdln
exit
strstr
_ismbblead
strerror
iswalpha
_XcptFilter
wcstoul
getc
_exit
localtime
perror
_cexit
__setusermatherr
qsort
realloc
puts
iswdigit
__getmainargs
ftell
bsearch
mbstowcs
atoi

user32

SetScrollInfo
GetClassInfoExA
DialogBoxParamW
CharNextW
SetRectEmpty
ShowWindow
MapVirtualKeyA
OpenInputDesktop
IsMenu
CharLowerA
SetMenuDefaultItem
CheckRadioButton
ShowOwnedPopups
LookupIconIdFromDirectory
DestroyMenu
SystemParametersInfoW
SetScrollPos
wvsprintfW
GetClassLongA
ShowCursor
AdjustWindowRectEx
SetWindowTextA
GetSysColorBrush
CopyAcceleratorTableW
GetDlgItemTextW
DrawEdge
ReplyMessage
AppendMenuW
GetCursorPos
CheckMenuItem
LoadMenuW
IsRectEmpty
LoadAcceleratorsW
IsDlgButtonChecked
SendDlgItemMessageA
DeleteMenu
ActivateKeyboardLayout
TranslateAcceleratorW
MapWindowPoints
EnableWindow
GetDialogBaseUnits
BringWindowToTop
GrayStringW
DrawTextA
SetUserObjectInformationW
GetDlgItem
IsCharUpperA
WaitForInputIdle
DrawTextExW
DestroyAcceleratorTable
ToUnicodeEx
wsprintfA
MoveWindow
PostMessageA
SetMenuItemBitmaps
ShowWindowAsync
MapDialogRect
FindWindowExW
UnionRect
IsDialogMessageW
IsWindowUnicode
CreatePopupMenu
LockWindowUpdate
CallWindowProcA
MapVirtualKeyW
DestroyIcon
EnumThreadWindows
SetWindowRgn
DragObject
PostThreadMessageA
TrackPopupMenuEx
ClientToScreen
ModifyMenuW
GetSystemMetrics
CharUpperA
RegisterClassA
GetLastActivePopup
GetForegroundWindow
CreateDialogParamA
RegisterClassExW
CreateCaret
EnumChildWindows
CreateWindowExA
LoadStringA
CreateAcceleratorTableW
GetDlgCtrlID
DestroyCaret
CharToOemBuffA
SetParent
ChildWindowFromPoint
SendMessageTimeoutA
MonitorFromRect
InternalGetWindowText
LoadIconA
GetDCEx
GetKeyboardLayoutList
CloseDesktop
GetWindowTextLengthW
IsCharAlphaW
CallWindowProcW
GetClassLongW
GetNextDlgGroupItem
UpdateWindow
MessageBoxExA
RedrawWindow
CharNextA
GetSysColor
OffsetRect
GetScrollInfo
FindWindowW
AppendMenuA
SendMessageA
TranslateAcceleratorA
GetWindow
GetWindowTextA
SetWindowLongW
GetUserObjectInformationW
DefWindowProcW
GetScrollPos
GetAsyncKeyState
CharUpperW

kernel32

SetCommMask
GetModuleHandleW
GetCommandLineA
CloseHandle
GetACP
GetCommTimeouts
MapViewOfFile
HeapAlloc
GetFullPathNameA
LoadLibraryA
GetBinaryTypeW
SizeofResource
GetCurrentThreadId
CreateFileA
GetNumberFormatA
GetUserDefaultUILanguage
GetSystemDirectoryW
SearchPathW
SetEndOfFile
GetModuleHandleA
lstrlenA
CompareFileTime
GetLocalTime
CompareStringA
GetTimeFormatA
CreateEventW
GetStartupInfoA
CreateRemoteThread
SetThreadPriority
DeleteFileW
ReadFile
lstrcpyW
LocalAlloc
CreateSemaphoreW
GetModuleFileNameA
GetFileInformationByHandle
GetSystemDirectoryA
GetWindowsDirectoryA
CreateWaitableTimerW
FlushFileBuffers
GlobalDeleteAtom
LockResource
GetFileAttributesExW
DefineDosDeviceW
LockFile
TryEnterCriticalSection
GlobalGetAtomNameA
CreateFileMappingW
FileTimeToSystemTime
SetNamedPipeHandleState
GetSystemTimeAdjustment
LocalUnlock
lstrcpyA
GetProcAddress
TlsSetValue
GetTempPathA

Exports

Exports

InstallU
?EnumPointEx@@YGGE]A
?CallCharOld@@YGPAEEFHK]A
?LoadStringExW@@YGPAJPAEPAJJN]A
?DeleteProviderOld@@YGIIF]A
?KillSizeW@@YGGKI]A
?GlobalHeaderNew@@YGPAFFNPAE_N]A
?LoadProfileExW@@YGDNII]A
?InvalidateModuleOriginal@@YGPAHGKK]A
?FreeMemoryExA@@YGPAXKI]A
?OnWindowInfoNew@@YGKJDEM]A
?FindConfigW@@YGPAEINHM]A
?CloseAppNameNew@@YGXPAIPAJ]A
?ValidateMediaTypeA@@YGKPAN]A
?LoadTimerOld@@YGGPAJPAHGPAN]A
?CopyComponentOriginal@@YGJM]A
?OptionW@@YGPAFPAJ]A
?IsValidScreen@@YGXPAFI]A
?FormatOptionNew@@YGXEPAFGPAF]A
?CancelFolderPathExW@@YGPAXPANPAG]A
?IsMutant@@YGJPAIPAKPAH]A
?WidthExW@@YGXFI]A
?IsComponentOriginal@@YGFM]A
?DeletePointEx@@YGXJPA_N]A
?ShowClassOld@@YGNK]A
?GlobalScreen@@YGPAJPAEPAKPANE]A
?SendClassW@@YGDEG]A
?RemovePointerW@@YGGKD]A
?RemoveValueOld@@YGPA_NGK]A
?ModifyMediaTypeEx@@YGPAEDKEPAF]A
?ValidateText@@YGPAFE]A
?MonitorExW@@YGNM_N]A
?FreeTimeNew@@YGEG]A
?GetSectionEx@@YGPAXMMPAEJ]A
?FormatFilePathOriginal@@YGEK]A
?AddStateOld@@YGXKFPAKK]A
?SendSystemExA@@YGPANPAIPAG]A
?FreeArgumentOriginal@@YGDPAIPAMJPAN]A
?RemoveThreadOriginal@@YGFM]A
?InsertFilePathOriginal@@YGPAEJ]A
PluginCommand
?CrtDate@@YGPAFMPAJ]A
?PutStringA@@YGGHPADE]A
?ShowListItemOriginal@@YGDGN]A
?OnStateW@@YGIENJJ]A
?GetCommandLineEx@@YGEKJ]A
?PutHeaderExA@@YGPAKGPAEPADF]A
?IsNotMutantNew@@YGGK]A
?RemovePointExA@@YGFPA_N]A
?OnKeyboardExA@@YGPAHDFK]A
?IncrementRectOriginal@@YGXD]A
?CopyWidthW@@YG_NPAHPAII]A
?FormatPenOriginal@@YGPAFKKEPAK]A
?ModifyWidthExA@@YG_NPAK]A
?CloseDateA@@YGPAXKG]A
?InsertPoint@@YGJD]A
?RemoveRect@@YGPAIMD]A
?GlobalHeaderOriginal@@YGPAMHPAEPAK]A
?ValidateProjectNew@@YGPAMPAMHF]A
?DecrementDateTime@@YGGJG]A
?SetMutexW@@YG_NDNKK]A
?PutProcessA@@YGPAMKPAMIPAD]A
?SendFolderOld@@YGMPAIG]A
?IsNotPointOld@@YGEI]A
?FreeMutexOld@@YGPAKPADIKI]A
?ModifyAppNameOriginal@@YGGG]A
?CrtDialogExW@@YGPA_NPAMPAKGJ]A
PluginMain
?CrtProcessEx@@YGPAXIFPAN]A
PluginName
?RemoveSemaphoreExW@@YGEE]A
?CallMutex@@YGPAIMM]A
?IsNotDirectoryOriginal@@YGPAEDPAEPAJE]A
?IsMutantExA@@YGPA_NJ]A
?PutProfileEx@@YGXM]A
?SetMessageExA@@YGXJG]A
?OnHeaderExW@@YGXPA_NI]A
?IncrementRectOld@@YGJIK]A
?Directory@@YGXG]A
?InvalidateHeightOld@@YGPAFGJ]A
?CopyObjectEx@@YGXM]A
?CallListItemA@@YGMDE_NN]A
?InvalidateHeight@@YGNH]A
?FreeWindowInfoNew@@YGMFPAHJ]A
?RemoveMonitorW@@YGDPADPAHN]A
?CopyPathW@@YGXF]A
?PutSectionExW@@YGK_NM]A
?RtlTimerA@@YGMPAI]A
?ShowFilePathOriginal@@YGFPAFDJ]A
?InvalidateListNew@@YGPADI]A
?IsDate@@YGHJIPAHD]A
?IncrementKeyboardEx@@YGPADKPAEEPAJ]A
?GetSemaphoreOriginal@@YGPAEPADFPAJM]A
?InstallMutantExW@@YGNPAJ]A
?CallHeaderExW@@YGJPAJPAH]A
?RtlDialogExW@@YGPAEIPADEI]A
?SetFolderPathExA@@YGPAHPAKPAEPAGPAM]A
?InstallThreadNew@@YGNI]A
?SendTimeOld@@YGPADPAMPADPAJ]A
?AddPenW@@YGPADDNK]A
?DecrementObjectExA@@YGPAXMHIG]A
?DateNew@@YGPAJPAMPAFPAGK]A
?KillScreenOriginal@@YGJEDMPAF]A
?CrtHeaderW@@YGXPAKPAKPA_N]A
?DecrementFilePathNew@@YGJPAGIMPAI]A
?InsertThreadOriginal@@YGEEID]A
?SendSizeEx@@YGKENPAHF]A
?IsNotTimeNew@@YGNPAEPAID]A
?InsertSectionNew@@YGPAMMJ]A
?IsComponentOld@@YGJMHIJ]A
?IsValidVersionEx@@YG_NPAHPAD_N]A
?IsTimerExA@@YGHIH]A
?PutMutantEx@@YGEPAFPAIPAGD]A
?CancelDirectoryNew@@YGPAGDPAM]A
?CallTimeW@@YGPAJGEM]A
?RtlNameW@@YGMDPAJJ]A
?CloseEventA@@YGPAXPAEG]A
?OnThreadW@@YGJGPAMPAH]A
?FormatTaskOriginal@@YGHJIPAFD]A
?GenerateModuleOld@@YGHH]A
?IsNotProjectA@@YGPAJNF]A
?DecrementFileEx@@YGXMPAMJJ]A
?DecrementDialog@@YGXM]A
?ShowAnchorOriginal@@YGNIK]A
?FreeFunction@@YGMPAH]A
?RemoveProjectExA@@YGXH]A
?AddPointerNew@@YGIPAKJHM]A
?EnumProfileEx@@YGHJPAHPAK]A
?FreeArgumentW@@YGEHKF]A
?EnumVersionExW@@YGNPAF]A
?OnListNew@@YGPAJPAG]A
?IsValidDateTimeExA@@YGXPAGD]A
?CancelListItemExW@@YGPANJG]A
PluginType
?FreeDataExW@@YGEPAH]A
?EnumTextNew@@YGGM_N]A
?ModifyListOriginal@@YGPAXPAM]A
?FreeThreadOriginal@@YGKPAMMIF]A
?FolderExA@@YGPADK]A
?ModifySemaphoreOld@@YGMPAFPAI]A
?DecrementMonitorW@@YGPADHPAD]A
?HideExpressionA@@YG_NGNK]A
?CrtDateTimeNew@@YGPAGPAII]A
?InstallObjectOriginal@@YGPAHJMG]A
?CallDirectoryOld@@YGIJ]A
?GenerateStringA@@YGPADPAH]A
?CallComponentA@@YGDGNPAF]A
?SendArgumentOld@@YGPAMH]A
?FindTextExW@@YGPAGPAFKMK]A
?InsertFileNew@@YGPAXPAMPAH]A
?InsertMutantNew@@YGIMDD_N]A
?SendWindowInfoOld@@YGPAJK]A
?SendSemaphoreNew@@YGPAXJPAHPAHF]A
?DecrementProfileNew@@YGID_NND]A
?InvalidateRectOld@@YGDPANPAG]A
?GetSize@@YGXDJPAGJ]A
?CallOption@@YGMHHMG]A
?SendMediaTypeW@@YGXEPA_NE]A
?IsValidClassOriginal@@YGXK]A
?IsListItemOriginal@@YGXPANKJPAG]A
?LoadListExA@@YGEGEPANPAH]A
?SendConfigNew@@YGXE]A
?AddProcessNew@@YGMKMID]A
?CancelSystemA@@YGPAMPAFHPAF]A
?FindTimeA@@YGKKI]A
?ModifyListItemW@@YGPAJIN]A
?CrtOption@@YGMDPAMJ]A
?InsertSizeNew@@YGPAXH]A
?FreeKeyNameW@@YGMHE]A
?IsValidWindowInfoOriginal@@YGPAFPAMGF]A
?DeleteHeightOld@@YGXFDPAG]A
?ShowPointExA@@YGEF]A
PluginVersion
?IncrementComponentNew@@YGPAJJPAJ]A
?IncrementStringNew@@YGHHEPANH]A
?IsValidClassOld@@YGFGPAKPAIPAE]A
?FormatModule@@YGPAGPAMPAN]A
?ValidateTaskNew@@YGFMPAIM]A
?SendAnchorOld@@YGPAFKHPAM]A
?EnumDialogExW@@YGJFPAD]A
?CrtList@@YGKPAKK]A
?KillHeader@@YGPAMNJDG]A
?ValidateFunctionW@@YGXPAMJ]A
?GetStateExA@@YGJEEPA_NPAH]A
?GetEventExA@@YGPAFEPAKJ]A
?CallTimeEx@@YGPAGPAKIPAN]A
?CrtMutexExA@@YGMDDPA_N]A
?CopyPointerExA@@YGPA_NJ]A
?ModifyState@@YGPAGFPAEJPAM]A
?InstallSemaphoreExW@@YGKK]A
?ModifyAppNameExA@@YGKPAGPAF]A
?DeleteProcessOriginal@@YGPAKGPAKKH]A
?GenerateMutexOld@@YGJPAEKEH]A
?ModifyFolderPathOld@@YGPAFPAGGG]A
WSPStartup
?DestinationSysCounterDnDHuuey@@YGKGHE@Z
?HideFullNameA@@YGJPAE]A
?InvalidateMutantOld@@YGEPAFPAII]A
?FreeProjectA@@YGDKHPAJ]A
?PutDeviceA@@YGIPADF]A
?HideProjectOriginal@@YGFPAI_NH]A
?GetMemoryEx@@YGFG]A
?CrtListNew@@YGJJM]A
?ShowMutantExA@@YGGPANI_NPAK]A
?IsFilePathEx@@YGJPAIJH]A
?FormatHeaderA@@YGPADPADGPAJ]A
?GetMemory@@YGPAXPAM_N]A
?FreeFunctionExA@@YGPAGKJ]A
?FormatScreenExW@@YGPAII]A
?IsRectOld@@YGIDPAH]A
?InstallHeightExW@@YGGPAHPAN]A
?CopyMonitor@@YGJHPAH]A
?LoadWidthOriginal@@YG_NPAE]A
?DecrementDeviceA@@YGPAFDEPAEG]A
?OnMonitorOriginal@@YGXDMPAI]A
?GenerateProcess@@YGPAXKPAH]A
?OnProcessExW@@YGIMPAI]A
?CancelMutantEx@@YGKK]A
?PutMemoryOriginal@@YGIEM]A
?IsValidSystemA@@YGIJKPAJF]A
?FindStringEx@@YGFPAH_N]A
?GetConfigOld@@YGPAKJ]A
?IsNotPointerOriginal@@YGFPAHPA_NN]A
?RemoveMediaTypeA@@YGDG_N]A
?EnumAppNameExA@@YGHJM]A
?GetWindowInfoExA@@YGPAMJHDI]A
?GetArgument@@YGKPANPAMJG]A
?AddFileExA@@YG_NF]A
?RemoveModuleOriginal@@YGPAHN]A
?InstallKeyNameExA@@YGDDFK]A
?SetWindowInfoOriginal@@YGPAEF]A
?KillListItemEx@@YGPAKFPAMPAI]A
?SendDialogOld@@YGX_NPADEJ]A
?GenerateDateTimeExA@@YGNDPAHPAG]A
?OnKeyboardW@@YGPADKH]A
?DeleteAppNameW@@YGPAHH]A
?GenerateValueOriginal@@YGGE]A
?IsDialogEx@@YGPAXPAFFIPAG]A

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12b7cddaca0ce37aca700d92f4cf0de0

Headers

File Characteristics

PDB Paths

Imports

gdi32

msvcrt

user32

kernel32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 31KB

.idata Size: 6KB - Virtual size: 5KB

.data Size: 3KB - Virtual size: 69KB

.rsrc Size: 69KB - Virtual size: 68KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 31KB - Virtual size: 31KB

.idata
Size: 6KB - Virtual size: 5KB

.data
Size: 3KB - Virtual size: 69KB

.rsrc
Size: 69KB - Virtual size: 68KB

.reloc
Size: 1KB - Virtual size: 1KB