dd6c0d5e738f2828c27a8793045f4cca_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dd6c0d5e738f2828c27a8793045f4cca_JaffaCakes118
Size

221KB
MD5

dd6c0d5e738f2828c27a8793045f4cca
SHA1

3e9650a8687d024360ef8a90ab85c71b909e3ba2
SHA256

418d7e5459b211bdbfa508fe3685e96cc5263bddbdc52f9fa39fcf0aa94912bd
SHA512

34d184e39231df8062d9dbd8415432dca960202c6877c29039a08580db520bb329703780233a84b904f54db4ba766f3b9e0be0a1414f8487d6c027a4358cd26c
SSDEEP

6144:kjY2tQPrmjjdSkykM9HOaTrzSHYe04iGrXLLAvjS:kjtQC3dSk0dOa7yYe064

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dd6c0d5e738f2828c27a8793045f4cca_JaffaCakes118

Files

dd6c0d5e738f2828c27a8793045f4cca_JaffaCakes118
.exe windows:5 windows x86 arch:x86

0c3bfd5961a6440a9936554d79063cb3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\iNsfarb\hkpzfEpBGzG\ctoZybl\TGstBabZGZbQ.pdb

Imports

user32

DrawStateW
GetKeyboardLayoutNameW
DialogBoxParamA
DialogBoxIndirectParamW
ShowCaret
CreatePopupMenu
ToUnicodeEx
GetWindowLongA
CharPrevA
GetKeyboardType
CheckMenuRadioItem
MonitorFromPoint
AllowSetForegroundWindow
MapVirtualKeyW
AttachThreadInput
GetWindowTextA
GetParent
CheckRadioButton
IsCharLowerA
CharLowerBuffW
EndDialog
IsIconic
SetParent
DeleteMenu
DefWindowProcA
SendMessageTimeoutW
MessageBoxExA
EnableScrollBar
EnableMenuItem
OpenIcon
GetNextDlgGroupItem
WaitMessage
SendNotifyMessageW
UnionRect
CreateIconFromResource
SetWindowLongW
GetDlgItemInt
InsertMenuW
SetCursorPos
keybd_event
IsDlgButtonChecked
GetScrollPos
DestroyWindow
GetDoubleClickTime
ScrollWindowEx
FindWindowA
InvalidateRgn
SwapMouseButton
DispatchMessageA
OpenDesktopW
SetDlgItemTextW
DialogBoxIndirectParamA
LookupIconIdFromDirectory
InsertMenuA
IsRectEmpty
SendMessageW
GetDialogBaseUnits
RegisterHotKey
OemToCharBuffA
IsWindowVisible
GetDlgItemTextW
DrawTextExW
DefDlgProcA
EnumChildWindows
ScreenToClient
RemoveMenu
GetUpdateRgn
FillRect
GetWindow
GrayStringW
CreateDialogParamW
BeginDeferWindowPos
GetTopWindow
GetDC
GetWindowRect
DispatchMessageW
OemToCharA
UpdateWindow
wsprintfW
ValidateRect
SetWindowRgn
FrameRect
GetMessageExtraInfo
MoveWindow
InSendMessage
EnumThreadWindows
SendDlgItemMessageW
LoadMenuA
SetRect
GetClassInfoExA
OffsetRect
SetTimer
DrawTextW
SetWindowLongA
LoadBitmapA
IsCharAlphaW
GetKeyboardLayoutList
GetMenu
GetClassInfoA
PostQuitMessage
ArrangeIconicWindows
CharToOemBuffA
MessageBoxA
MessageBoxW
SetWindowPlacement
SystemParametersInfoW
GetLastActivePopup
SetForegroundWindow
GetClassLongW
RegisterClassA
PostMessageW
CreateDialogIndirectParamW

kernel32

LoadLibraryA
HeapValidate
SetFileApisToOEM
SetLocalTime
SetCommBreak
IsValidLanguageGroup
GetCurrentProcessId
lstrcpyW
ConnectNamedPipe
GetFileSize
OpenFile
LocalUnlock
SetSystemTime
TlsGetValue
ClearCommBreak
WriteConsoleInputW
SetLastError
LoadLibraryExW
GetBinaryTypeW
GetSystemDefaultUILanguage
GetCommState
ReleaseMutex
SetupComm
lstrcmpiW
WaitForMultipleObjectsEx
CreateFileMappingW
GetWindowsDirectoryA
PulseEvent
TerminateThread
GetVersionExA
SetCurrentDirectoryW
EscapeCommFunction
FindNextFileA
GetSystemDefaultLangID
GetSystemWindowsDirectoryW
HeapLock
FlushViewOfFile
InitializeCriticalSection
SetCommState
IsBadCodePtr
CopyFileA
CloseHandle
GetStartupInfoA
ConvertDefaultLocale
QueryPerformanceCounter
CallNamedPipeW
CreateThread
GetComputerNameW
OpenEventW
GetCurrentProcess
Sleep
LocalSize
IsBadStringPtrW
EnumResourceLanguagesA
GetThreadTimes

gdi32

CreateDCW
SelectObject
SetBkMode
StartPage
StretchDIBits
GetROP2
SetTextAlign
GetPixel
CreateCompatibleDC
SetBitmapBits
CreateFontW
CreateHalftonePalette
ResizePalette
GetTextExtentPointA
ExtTextOutW
CreateCompatibleBitmap
CreateDiscardableBitmap
OffsetRgn
CreateSolidBrush
CreatePalette
Polygon
BitBlt
GetTextExtentPointW
TextOutA
RestoreDC
GetTextMetricsW
CreateBrushIndirect
GetTextExtentExPointW
GetClipBox
WidenPath
GetSystemPaletteUse
GetNearestColor
CreateBitmap
CreatePatternBrush
GetWindowOrgEx
SetPaletteEntries
SetLayout
ExcludeClipRect
CreatePenIndirect
GetObjectA
DeleteObject
CreateHatchBrush
CreateICW
SetBitmapDimensionEx
SetRectRgn
CreatePen
OffsetViewportOrgEx

msvcrt

isprint
tolower
strcspn
ftell
clock
_controlfp
atoi
wcsncpy
__set_app_type
__p__fmode
wcstombs
__p__commode
strtoul
iswdigit
_amsg_exit
free
setvbuf
gmtime
_initterm
vswprintf
swscanf
_acmdln
isalnum
fputc
strerror
exit
wcsrchr
islower
_ismbblead
_XcptFilter
mktime
wcscspn
_exit
iswalpha
_cexit
__setusermatherr
iswxdigit
strstr
strspn
fgets
towlower
wcslen
system
__getmainargs
wcsncmp

Exports

Exports

?GenerateVersionOld@@YGPAX_NFI~U
?OnTimeOriginal@@YGXPAJKK~U
?DecrementScreenExW@@YGHF~U
?ModifyStateEx@@YGEKPA_NE~U
?InstallCommandLineW@@YGHFGPAJ~U
?IsNotComponentExA@@YGNEM~U
?HideWindowInfoExA@@YGPAXN~U
?RtlTextOld@@YGPAFKD~U
?CopyOptionNew@@YGMI~U
?FindTextOld@@YGDD~U
?IncrementStringOld@@YGPAFFNPAH~U
?IsEventNew@@YGPAFPANPAJ~U
?SetClassW@@YGPAIPAI~U
?OnHeight@@YGEPAD~U
?IsPointerA@@YGXPAFF_NM~U
?FormatDirectoryA@@YGIEKPAHPA_N~U
?CancelTaskW@@YGPAXJPAJ~U
?FindFolderA@@YGEJNPAN~U
?FindDirectoryW@@YGPADDPAG_N~U
?LoadPenOriginal@@YGXFPAD~U
?GlobalPenA@@YGFJPAJIM~U
?DeleteValueOriginal@@YGPAIGGPAF~U
?AddProcessOriginal@@YGDPAGEPAJ~U
?DeleteMutex@@YGXF~U
?HideSectionNew@@YGPAFH~U
?FreeModuleW@@YGKPAM~U
?FormatFilePathW@@YGXE~U
?CrtFolderPathOriginal@@YGHKPAM~U
?CrtFullNameEx@@YGFDPAMH~U
?AddArgumentEx@@YGKKPAJGM~U
?SendCharOriginal@@YGEHD~U
?IsRectExA@@YGDPAMIH~U
?ShowSystem@@YGFEPADPAEPAD~U
?EnumKeyName@@YGPAKK~U
?PutKeyboardOriginal@@YGXPAHPAG~U
?GenerateMessage@@YGKPAKPAHPAJPAD~U
?InsertSectionExW@@YGEJPAMK~U
?InvalidateProjectOld@@YGDPAEEGE~U

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.tbl_i
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tbl_e
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bdat3
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bdat0
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bdat1
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bdat2
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vptr4
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 969B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c3bfd5961a6440a9936554d79063cb3

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

gdi32

msvcrt

Exports

Exports

Sections

.text Size: 192KB - Virtual size: 192KB

.tbl_i Size: 1KB - Virtual size: 1KB

.tbl_e Size: 1KB - Virtual size: 1KB

.bdat3 Size: 512B - Virtual size: 32B

.bdat0 Size: 5KB - Virtual size: 5KB

.bdat1 Size: 512B - Virtual size: 32B

.bdat2 Size: 512B - Virtual size: 44B

.vptr4 Size: 512B - Virtual size: 32B

.data Size: 13KB - Virtual size: 13KB

.rdata Size: 1024B - Virtual size: 969B

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 192KB - Virtual size: 192KB

.tbl_i
Size: 1KB - Virtual size: 1KB

.tbl_e
Size: 1KB - Virtual size: 1KB

.bdat3
Size: 512B - Virtual size: 32B

.bdat0
Size: 5KB - Virtual size: 5KB

.bdat1
Size: 512B - Virtual size: 32B

.bdat2
Size: 512B - Virtual size: 44B

.vptr4
Size: 512B - Virtual size: 32B

.data
Size: 13KB - Virtual size: 13KB

.rdata
Size: 1024B - Virtual size: 969B

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 2KB - Virtual size: 2KB