eef41eb8b469ceff68e45c6fdddc946b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eef41eb8b469ceff68e45c6fdddc946b_JaffaCakes118
Size

402KB
MD5

eef41eb8b469ceff68e45c6fdddc946b
SHA1

ccf7ba5eb941ded2e020a6a0462a923b7c7ac6c6
SHA256

a81b7c1c33b148505c73be4203d570d96ec9354749afe7f65adcc7d539c1b1cf
SHA512

023b3ddcd4eb7b367a7a611654a0b5c9813438846e5cb7cfaa2b3bb4a606d27be6bc117d31ecb4a9b035640575e1040626bc00f59ca70142360e4ff2f32e631d
SSDEEP

6144:VpzVEIbKf7ESr/+z2A8QgG4psdDIXGg7VT8rKtD:VDEeKf3CzkZJtD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eef41eb8b469ceff68e45c6fdddc946b_JaffaCakes118

Files

eef41eb8b469ceff68e45c6fdddc946b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b9ba9bc0d68026424b6906fc3377caaa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

hpomem07

_memCreateSharedArea@16
_memReAllocBlock@12
_memUnlockBlock@8
_memLockBlock@8
_memAllocBlock@8

hpqmfc09

?messageMap@CCUEWinApp@@1UAFX_MSGMAP@@B
??1CBetterListCtrl@@UAE@XZ
??1CEditLimitSize@@UAE@XZ
??0CEditLimitSize@@QAE@XZ
??0CBetterListCtrl@@QAE@XZ
??1CCUEWinApp@@UAE@XZ
?GetItemTextColor@CBetterListCtrl@@MAEKJH@Z
?AddBitmapWnd@CBitmapPaletteWnd@@SAPAV1@PAUHINSTANCE__@@PAVCWnd@@1IIW4ATTACH_STYLE@1@FF@Z
?messageMap@CFliteDialog@@1UAFX_MSGMAP@@B
??0CFliteDialog@@QAE@PAUDIHPCUECtxDesc@@IKIPBUtagTAPASLinkMapEntry@@PAVCWnd@@HH@Z
??1CFliteDialog@@UAE@XZ
?SetBitmapPalette@CFliteDialog@@MAEXIPAUHINSTANCE__@@@Z
?SetTAPASHelpLink@CFliteDialog@@MAEXK@Z
?SetContextHelpLinkMap@CFliteDialog@@MAEXPBUtagTAPASLinkMapEntry@@@Z
?RepositionRelatedControls@CFliteDialog@@MAEXPAUCONTROL_MAP_ENTRY@@HKH@Z
?classCFliteDialog@CFliteDialog@@2UCRuntimeClass@@B
?ExitInstance@CCUEWinApp@@UAEHXZ
??0CAiOCommandLineInfo@@QAE@XZ
??1CAiOCommandLineInfo@@UAE@XZ
??0CCUEWinApp@@QAE@XZ
?GetCursorIndex@CBetterListCtrl@@MAEFPAF@Z
?DeleteEntry@CBetterListCtrl@@UAEHH@Z
?GetItemBkColor@CBetterListCtrl@@MAEKJH@Z
?SendParentNotify@CBetterListCtrl@@MAEXI@Z
?OnChildNotify@CBetterListCtrl@@UAEHIIJPAJ@Z
?DrawItem@CBetterListCtrl@@MAEXPAUtagDRAWITEMSTRUCT@@@Z
?InitializeColumns@CBetterListCtrl@@UAEFFPBUtagCOLUMN_INFO@@@Z
?AddEntry@CBetterListCtrl@@UAEHJH@Z
?FindEntry@CBetterListCtrl@@UAEHJ@Z
?GetEntryData@CBetterListCtrl@@UBEJH@Z
?GetSelItems@CBetterListCtrl@@UBEHHPAH@Z
?SetSel@CBetterListCtrl@@UAEHHH@Z
?SortView@CBetterListCtrl@@UAEXJ@Z
?SetIniInfo@CBetterListCtrl@@UAEXVCString@@0@Z
?SaveDlgSettings@CBetterListCtrl@@UAEXXZ
?SaveDlgSettings@CBetterListCtrl@@UAEXVCString@@0@Z

hpqtap08

_TapasHandleHelpButton@12

kernel32

LocalAlloc
FreeLibrary
LoadLibraryA
LocalFree
LeaveCriticalSection
MultiByteToWideChar
CloseHandle
GetPrivateProfileStringA
GetModuleFileNameA
GetPrivateProfileIntA
GetProcAddress
LocalLock
SetErrorMode
Sleep
GlobalUnlock
GlobalLock
GetAtomNameA
DeleteAtom
GetProfileStringA
AddAtomA
GetTempFileNameA
GetTempPathA
GetProfileIntA
IsBadWritePtr
InterlockedExchange
lstrcpyA
lstrcmpiA
GetLocaleInfoA
WideCharToMultiByte
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
GetACP
EnterCriticalSection
LocalUnlock
GetModuleHandleA
CreateFileA
GetStartupInfoA

user32

RedrawWindow
GetSystemMetrics
SetCapture
SetCursor
GetWindowRect
SendMessageA
EnableWindow
DispatchMessageA
TranslateMessage
GetKeyState
CharUpperA
FillRect
LoadBitmapA
GetWindow
GetClassNameA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
DefWindowProcA
GetClientRect
LoadStringA
PeekMessageA
SetRect
LoadMenuA
GetSubMenu
IsWindowVisible
DrawIcon
LoadIconA
MessageBoxA
IsIconic
ShowWindow
SetForegroundWindow
GetParent
PostMessageA
ReleaseCapture
ClientToScreen
WindowFromPoint
IsWindow
DestroyCursor
GetWindowLongA
PtInRect
LoadCursorA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysAllocStringByteLen
VariantClear
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

msvcrt

iswctype
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
atof
time
localtime
_mbsrchr
_ftol
remove
_mbstok
sprintf
__mb_cur_max
_isctype
_pctype
_controlfp
_mbschr
free
calloc
toupper
_chdrive
_chdir
_getcwd
atol
_itoa
_except_handler3
atoi
exit
_mbsnbicmp
_mbsnbcpy
??2@YAPAXI@Z
_purecall
_mbscmp
??3@YAXPAX@Z
__CxxFrameHandler
_acmdln
_setmbcp

mfc42

ord2575
ord3074
ord3111
ord3506
ord1644
ord2863
ord6270
ord2438
ord3654
ord2584
ord4220
ord4224
ord6453
ord5859
ord6141
ord2765
ord501
ord773
ord3702
ord470
ord755
ord1146
ord795
ord609
ord3721
ord3574
ord4396
ord3021
ord1085
ord2817
ord6569
ord1108
ord1175
ord861
ord5214
ord1134
ord2621
ord3738
ord4622
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3619
ord3626
ord2414
ord472
ord2826
ord1641
ord1083
ord537
ord3346
ord5163
ord4710
ord4160
ord2089
ord1576
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4257
ord482
ord2527
ord4852
ord4375
ord1658
ord1905
ord6907
ord1848
ord4083
ord4284
ord2148
ord3910
ord3293
ord4243
ord3640
ord2801
ord2740
ord882
ord879
ord2614
ord924
ord926
ord939
ord3663
ord6571
ord1871
ord562
ord2860
ord5789
ord6605
ord6880
ord816
ord5981
ord4809
ord2379
ord3874
ord2864
ord3089
ord4275
ord2301
ord2642
ord6905
ord3286
ord3998
ord6007
ord858
ord713
ord414
ord3662
ord5821
ord6334
ord542
ord941
ord535
ord802
ord4853
ord1574
ord5953
ord4299
ord3749
ord6199
ord2818
ord1168
ord3092
ord6215
ord5265
ord4376
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord4407
ord3610
ord2411
ord2023
ord4218
ord2578
ord6055
ord4078
ord1776
ord4398
ord5241
ord2385
ord3081
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3825
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord616
ord2976
ord3402
ord3830
ord3831
ord641
ord3079
ord4080
ord4627
ord4424
ord3582
ord800
ord324
ord656
ord2358
ord860
ord540
ord567
ord2302
ord2299
ord2370
ord4234

gdi32

CreateBrushIndirect
CreatePalette
GetBkColor
CreateSolidBrush
ExtTextOutA
GetMetaFileA
StartPage
PlayMetaFile
EndPage
Escape
PatBlt
Rectangle
CreateMetaFileA
TextOutA
CreateCompatibleDC
GetMapMode
SetMapMode
StretchBlt
CloseMetaFile
CreateICA
CreateDCA
DeleteDC
DeleteMetaFile
CreatePen
RestoreDC
StretchDIBits
SaveDC
GetTextExtentPoint32A
EndDoc
StartDocA
LineTo
MoveToEx
SelectObject
CreateFontA
GetDeviceCaps
CreateFontIndirectA
GetTextMetricsA
GetObjectA
GetStockObject
DeleteObject
RealizePalette
SelectPalette

comctl32

ImageList_DragMove
ImageList_DragEnter
ImageList_BeginDrag
ImageList_DragLeave
ImageList_EndDrag

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

Exports

Exports

?COMWndProc@@YGJPAUHWND__@@IIJ@Z

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HPOSPD07
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b9ba9bc0d68026424b6906fc3377caaa

Headers

File Characteristics

Imports

hpomem07

hpqmfc09

hpqtap08

kernel32

user32

advapi32

ole32

oleaut32

msvcrt

mfc42

gdi32

comctl32

msvcp60

Exports

Exports

Sections

.text Size: 84KB - Virtual size: 82KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 4KB - Virtual size: 5KB

HPOSPD07 Size: 4KB - Virtual size: 2KB

.rsrc Size: 132KB - Virtual size: 130KB

.text
Size: 84KB - Virtual size: 82KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 4KB - Virtual size: 5KB

HPOSPD07
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 132KB - Virtual size: 130KB