db036df3b24173f0e6a6245e6ced3fce_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

db036df3b24173f0e6a6245e6ced3fce_JaffaCakes118
Size

225KB
MD5

db036df3b24173f0e6a6245e6ced3fce
SHA1

8bf400a50c444ee726362389bbe52d567e4fe559
SHA256

c1f11e7b8b131f49c31f86f1d235efd49f01d64a66088c1ebb869a4e35895bae
SHA512

fac558cd6a07100aa9dbebd502b365f58a9dc5700eec8cf4533a64edca689bbdc21374a6a432e98f2c8a98195331dd694c81ae96a9c52f9941ba8329d7866bc7
SSDEEP

3072:5t5xgAjM/U4vus8K80uadY/afk7OBWETGKlKwP459QHId3s3ywwQH2cJpdaujacR:X5VIU+uh0z1k7OKKlKwPEPhi2cXpj5R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
db036df3b24173f0e6a6245e6ced3fce_JaffaCakes118

Files

db036df3b24173f0e6a6245e6ced3fce_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d6129cb0bd0871ce6a37e3f9d510238a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

X:\mbHktlsatvtbiV\eyJancmot\qKwpdfpteaez.pdb

Imports

gdi32

SetROP2
RectInRegion
GetLayout
BitBlt
RemoveFontResourceW
GetTextExtentExPointW
ScaleWindowExtEx
MoveToEx
RealizePalette
SelectPalette
GetTextExtentPoint32W
SetBitmapBits
RectVisible
GetNearestPaletteIndex
SetBitmapDimensionEx
ExtTextOutW
CreatePen
GetTextExtentPointW
EndDoc
ExtFloodFill
PtVisible
CreateFontW
EnumFontFamiliesW
SetViewportOrgEx
GetClipBox
GetDIBits
UnrealizeObject
DPtoLP
CreateDIBSection
CreateBitmap
GetObjectW
GetBkMode
GetTextAlign
SelectClipRgn
GetFontData
TranslateCharsetInfo
GetPaletteEntries
SelectObject
GetTextMetricsW
GetTextColor
CreateCompatibleBitmap
SetAbortProc
EnumFontFamiliesExW
GetTextMetricsA

user32

DrawStateW
GetMenuStringW
InternalGetWindowText
CheckMenuItem
GetScrollInfo
ModifyMenuW
RemovePropW
CheckRadioButton
GetWindowTextA
ScrollWindowEx
ChangeMenuW
RemoveMenu
SetWindowRgn
CheckMenuRadioItem
GetSubMenu
GetClipCursor
DrawEdge
SetForegroundWindow
GetWindowTextLengthW
GetMenuState
MessageBoxExW
DefWindowProcA
CreateCaret
IsDialogMessageW
SetWindowLongA
SetClassLongW
CharNextW
ShowCaret
GetKeyboardType
ChildWindowFromPoint
GetDoubleClickTime
GetScrollPos
SetSysColors
CreateWindowExW
FrameRect
CallWindowProcA
InvalidateRect
DefDlgProcA
GetMenuItemRect
DrawFocusRect
GetIconInfo
SendMessageA
SwitchToThisWindow
DialogBoxIndirectParamW
GetSysColorBrush
AttachThreadInput
IsDialogMessageA
SendInput
IsCharAlphaW
GetNextDlgTabItem
SetScrollInfo
ScrollWindow
GetActiveWindow
EnumWindows
GetWindowTextW
AppendMenuA
ReplyMessage
SetWindowTextW
SetCaretPos
GetKeyboardLayout
GetDlgCtrlID
GetKeyboardLayoutNameW
WaitForInputIdle
FindWindowW
CharPrevW
GetUserObjectInformationA
RegisterWindowMessageW
EnumChildWindows
ExitWindowsEx
KillTimer
IsWindow
EnableScrollBar
RegisterWindowMessageA
SetFocus
UnloadKeyboardLayout
AdjustWindowRect
LoadAcceleratorsA
GetPropW
AdjustWindowRectEx
LockWindowUpdate
DestroyCaret
SetActiveWindow
OffsetRect
InsertMenuA
IsRectEmpty
GetClientRect
SetScrollRange
ArrangeIconicWindows
VkKeyScanW
ToUnicodeEx
SetTimer
FindWindowExW
LoadCursorA
UpdateWindow
LookupIconIdFromDirectory
ScreenToClient
CharNextA
AppendMenuW
GetMessageA
BeginPaint
GetMenuItemCount
LoadImageW
wvsprintfA
DrawIcon
GetSystemMenu
DestroyCursor
HideCaret

comctl32

ImageList_AddMasked
PropertySheetA
ImageList_Write
ImageList_GetIconSize
ImageList_Remove
ImageList_GetIcon

msvcrt

strtol
towlower
_controlfp
puts
__set_app_type
__p__fmode
__p__commode
_amsg_exit
mbtowc
strpbrk
mbstowcs
realloc
sscanf
_initterm
strncpy
strtoul
clock
perror
_acmdln
exit
wcsstr
fwrite
_ismbblead
calloc
malloc
_XcptFilter
fseek
vswprintf
isdigit
wcsncmp
atoi
_exit
_cexit
wcspbrk
wcsrchr
vsprintf
putchar
gets
strchr
__setusermatherr
iswxdigit
gmtime
time
wcstod
__getmainargs

kernel32

SetThreadExecutionState
HeapUnlock
SetThreadAffinityMask
lstrcmpiA
GetNumberFormatW
Sleep
EscapeCommFunction
GetFileAttributesExA
SetEndOfFile
LoadLibraryExW
FindNextFileA
DeviceIoControl
CreateNamedPipeA
FindClose
ReadFile
FileTimeToSystemTime
GlobalGetAtomNameA
ResumeThread
SetTimerQueueTimer
LoadLibraryA
LocalLock
ClearCommBreak
CompareStringA
CopyFileW
CreateFileW
GetTimeZoneInformation
GetLocaleInfoA
CancelWaitableTimer
lstrlenW
LoadLibraryExA
GetExitCodeProcess
InitializeCriticalSection
GetCurrentProcess
MoveFileA
WaitForMultipleObjects
GetSystemTimeAsFileTime
OpenEventW
MulDiv
SetFileTime
SleepEx
HeapFree
SetCurrentDirectoryA
SetSystemTimeAdjustment
IsBadWritePtr
HeapSize
CreateWaitableTimerA
SetThreadLocale
LocalAlloc
VerSetConditionMask
FindResourceW
GetBinaryTypeW
lstrcatW

Exports

Exports

?CrtFolderPathW@@YGGPAI&U
?ModifyScreenW@@YGXPAFPAMNG&U
?AddAppNameOriginal@@YG_NGMPAFD&U
?PutTimeOriginal@@YGXKKPAEPAN&U
?GetMediaType@@YGXJEPA_N&U
?GenerateProfileNew@@YG_NPAI&U
?ModifyDialogW@@YGPAX_NMI&U
?IsValidListOld@@YGPAXMNPAM&U
?RtlMutantW@@YGFDPAHG&U
?KillRectOld@@YGFPAGG&U
?RtlCharExW@@YGPAIDEFJ&U
?IncrementSectionOld@@YGPAXE&U
?OnDeviceOriginal@@YGKIJPAE&U
?DecrementAppNameExW@@YGPAXIPAJPAJK&U
?CopySectionW@@YGM_NM&U
?RtlCommandLine@@YGMPAMDPAM&U
?GenerateOptionA@@YGMDPAGPAM&U
?CallDataW@@YGGPAHMHJ&U
?CallKeyNameExW@@YGPAGF&U
?IsNotScreenExW@@YGXPA_NPADMJ&U
?HideArgument@@YGFPAKDG&U
?HideClass@@YGPAGFFI&U
?ClassOriginal@@YGHFM_NPAI&U
?InvalidateMessageNew@@YGXHKPA_NPAJ&U
?FormatFolderExW@@YGGHHIJ&U
?FormatTimerEx@@YGKI&U
?InstallWidthA@@YGDDKPAMJ&U
?FormatPathA@@YGPAXFF_NE&U
?RemovePointerOriginal@@YGEPAG&U
?IsValidExpressionExW@@YGPAM_NM&U
?OnFullNameNew@@YG_NG&U
?GlobalTaskOld@@YGKF&U
?DecrementFullNameOriginal@@YGPAENMPAH&U
?IsThreadOld@@YGFFD&U

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.imp
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.exp
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.byte1
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.code
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.byte0
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 6KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d6129cb0bd0871ce6a37e3f9d510238a

Headers

File Characteristics

PDB Paths

Imports

gdi32

user32

comctl32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 97KB - Virtual size: 96KB

.imp Size: 1KB - Virtual size: 1KB

.exp Size: 1KB - Virtual size: 1KB

.byte1 Size: 512B - Virtual size: 32B

.code Size: 512B - Virtual size: 32B

.byte0 Size: 512B - Virtual size: 44B

.data Size: 13KB - Virtual size: 13KB

.rdata Size: 6KB - Virtual size: 45KB

.rsrc Size: 101KB - Virtual size: 101KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 97KB - Virtual size: 96KB

.imp
Size: 1KB - Virtual size: 1KB

.exp
Size: 1KB - Virtual size: 1KB

.byte1
Size: 512B - Virtual size: 32B

.code
Size: 512B - Virtual size: 32B

.byte0
Size: 512B - Virtual size: 44B

.data
Size: 13KB - Virtual size: 13KB

.rdata
Size: 6KB - Virtual size: 45KB

.rsrc
Size: 101KB - Virtual size: 101KB

.reloc
Size: 2KB - Virtual size: 1KB