dc7435e26adae0c79eb153e42c690c33_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dc7435e26adae0c79eb153e42c690c33_JaffaCakes118
Size

180KB
MD5

dc7435e26adae0c79eb153e42c690c33
SHA1

ce13dd4eb47625d7abea9c628eaf269bfada013c
SHA256

81a022640c92e422113ac2237488eae47c103f77c63c183fcfc37b9828966721
SHA512

ab0e5acab90f6a3fa4102d1eab5b1fd760645c51c0852590eb870f1894ed9f7efbf880d11346d50c38ed53980db94400733189f715c8ced81e7a8222359de647
SSDEEP

3072:aPbxUqo6efXG6pdkt4zumiMI72Nkfw+ZJlaTKwwFegExBsR73XWINcZTFcmhuTjW:aPbxUq1e5deX7odmwCevunWDZJTQjlg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dc7435e26adae0c79eb153e42c690c33_JaffaCakes118

Files

dc7435e26adae0c79eb153e42c690c33_JaffaCakes118
.exe windows:4 windows x86 arch:x86

498f984eb4d6287e19542212956f924d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\depot\workscd\Calendar\Frame\Release\WksCal.pdb

Imports

wkwinuni

ord128
ord134
ord45
ord104
ord179
ord109
ord133
ord141
ord140
ord108
ord166
ord68
ord167
ord149
ord139
ord46
ord143
ord19
ord145
ord115
ord25
ord87
ord88
ord157
ord56
ord110
ord220
ord111
ord67
ord72
ord155
ord53
ord101
ord136
ord26
ord2
ord99
ord106
ord66
ord165
ord120
ord31
ord312
ord1
ord83
ord113
ord112
ord107
ord35
ord124
ord127
ord463
ord126
ord17
ord156
ord137

wkwbl

?WzStrStr@MWblStrings@@SAPAGPBGI0I@Z
?FailureReinstall@CWblMessages@@QAEXPAUHWND__@@PBG@Z
?WzStrStrEx@MWblStrings@@SAPAGPBGI0IW4EStringCompareType@@@Z
?FailureMemory@CWblMessages@@QAEXPAUHWND__@@@Z
?BCheckResources@@YA_N_NIII@Z
??3@YAXPAX0K@Z
?_WblMemoryUninit@@YAXXZ
?_WksHeapDestroy@@YAPAXPAX@Z
?NMessageBox@CWblMessages@@QAEHPAUHWND__@@IPBG@Z
?CwchLoadWz@MWblIntl@@SAHPAUHINSTANCE__@@IPAGH@Z
?LoadUIResourceDLL@MWblIntl@@SAPAUHINSTANCE__@@PBGPAU2@@Z
?CwchFromWz@MWblStrings@@SAHPBG@Z
?Init@CWblMessages@@QAEXPAUHINSTANCE__@@@Z
?_WksHeapCreate@@YAPAXKKK@Z
?CbFromWz@MWblStrings@@SAHPBG@Z
??2@YAPAXIPAXK@Z
?OperatorDelete@@YAXPAX@Z
??0CWblMessages@@QAE@XZ
?_WksHeapAlloc@@YAPAXPAXKK@Z

wkwat

?WksBFirstRunReg@@YAXXZ
?WksBFirstRunEula@@YA_NXZ
?WksBEulaAccepted@@YA_NXZ
?kPM_SPARKCOMMAND@@3IA
?CleanUpWksGen@@YAXXZ
?DryOff@@YAXXZ
?Splash@@YAHIPAGPAUHICON__@@1_N@Z
?HrInitWksGen@@YAJK@Z
?WksSetUnhandledExceptionFilter@@YAXXZ

kernel32

GetLocaleInfoA
GetACP
InterlockedExchange
MulDiv
LeaveCriticalSection
HeapAlloc
FlushInstructionCache
lstrcpynA
Sleep
ResetEvent
GetVersionExA
WaitForSingleObject
SetEvent
GetThreadLocale
GetCommandLineW
CloseHandle
GetCurrentProcess
GetLastError
GetCurrentThread
LoadResource
SizeofResource
FreeLibrary
MultiByteToWideChar
RaiseException
DeleteCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalLock
GlobalAlloc
EnterCriticalSection
GetVersion
GetProcessHeap
HeapFree
WideCharToMultiByte
IsValidLocale
GetModuleHandleA
GetStartupInfoW
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetCurrentThreadId

user32

IsIconic
SetForegroundWindow
GetLastActivePopup
MsgWaitForMultipleObjects
UnhookWindowsHookEx
CallNextHookEx
IsWindowVisible
SetFocus
PostQuitMessage
LoadStringA
GetClientRect
SetWindowPos
MessageBeep
MapWindowPoints
IsWindow
TrackPopupMenuEx
PtInRect
GetWindowRect
DestroyMenu
GetMenuItemCount
RemoveMenu
TranslateMessage
ShowWindow
InvalidateRgn
InvalidateRect
ReleaseCapture
SetCapture
DestroyWindow
RedrawWindow
GetDlgItem
IsChild
ReleaseDC
GetDC
EndPaint
FillRect
BeginPaint
GetSysColor
DestroyAcceleratorTable
MoveWindow
GetTopWindow
GetWindow
GetKeyState
GetDesktopWindow
GetFocus
GetParent
RegisterWindowMessageA
CreatePopupMenu

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ole32

OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
OleUninitialize
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
CoInitialize
CoTaskMemRealloc
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance

oleaut32

SysFreeString
VariantInit
VariantClear
SysStringByteLen
SysStringLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
RegisterTypeLi
UnRegisterTypeLi
VarUI4FromStr
SysAllocStringLen
SysAllocStringByteLen
SysAllocString

shlwapi

PathFindExtensionW

msvcr71

_controlfp
__CxxFrameHandler
_CxxThrowException
__security_error_handler
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
memset
memcpy
free
malloc
wcsncpy
_endthreadex
_beginthreadex
realloc
memmove
memcmp
_purecall
wcslen
wcsncmp
wcscmp
_vsnwprintf
_except_handler3
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_c_exit
_exit

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

498f984eb4d6287e19542212956f924d

Headers

File Characteristics

PDB Paths

Imports

wkwinuni

wkwbl

wkwat

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

msvcr71

Sections

.text Size: 56KB - Virtual size: 53KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 100KB - Virtual size: 100KB

.text
Size: 56KB - Virtual size: 53KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 100KB - Virtual size: 100KB