fde19baadd9491e9fd4d07c8e23bad40_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fde19baadd9491e9fd4d07c8e23bad40_JaffaCakes118
Size

96KB
MD5

fde19baadd9491e9fd4d07c8e23bad40
SHA1

520339f1de038e1fa7a9d850cc355c5e7b50969c
SHA256

5a100541b3a0c40607b23a11aad2de1cc304807e6fc23f32edf093ce60a87766
SHA512

2d88e54c69040842e5f46f0990942ad01b8d3938ca48f7add685e1c45456a0e51ad18f7f6b519068f7b39e1015bf4164c6cbdf117718066348417c1def398bf2
SSDEEP

1536:nviALxkxbwWqY2KeJrMZxVwn0P0QzH4Hx7pTHJ44lzOREto/m7+dB:vDwbwtBhSW0cQMH1ZJ44lzORGoeC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fde19baadd9491e9fd4d07c8e23bad40_JaffaCakes118

Files

fde19baadd9491e9fd4d07c8e23bad40_JaffaCakes118
.exe windows:4 windows x86 arch:x86

159e17bbd2b0622cf4de889391fe2740

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

emodelview

ord5
ord6

comctl32

InitCommonControlsEx

kernel32

DeleteCriticalSection
MulDiv
FlushInstructionCache
WriteFile
InterlockedIncrement
CloseHandle
InterlockedDecrement
CreateProcessW
GetCommandLineW
InitializeCriticalSection
SetThreadPriority
GetCurrentThread
GetCurrentThreadId
SetPriorityClass
GetCurrentProcess
ResumeThread
GetModuleHandleW
GlobalUnlock
GlobalLock
GetTempPathW
lstrlenA
lstrcpyW
lstrcatW
CreateEventW
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
WaitForSingleObject
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
FindNextFileW
Sleep
OutputDebugStringW
FreeLibrary
SizeofResource
LoadResource
GetLastError
GetModuleFileNameW
FindResourceW
LoadLibraryExW
lstrcmpiW
RaiseException
lstrlenW
FindFirstFileW
DebugBreak
LeaveCriticalSection
lstrcmpW
FindClose
EnterCriticalSection
SetLastError
GlobalAlloc
SetEvent
QueryPerformanceCounter
CreateFileW

user32

CharNextW
UnregisterClassA
GetClassInfoExW
GetWindowLongW
GetDesktopWindow
SetWindowTextW
ReleaseCapture
GetWindowTextW
DefWindowProcW
SetCapture
GetParent
wvsprintfW
CallWindowProcW
GetSysColor
PostThreadMessageW
BeginPaint
RegisterClassExW
CreateWindowExW
IsChild
GetClientRect
GetFocus
InvalidateRect
DestroyAcceleratorTable
SetFocus
GetWindow
CreateAcceleratorTableW
InvalidateRgn
FillRect
RedrawWindow
EndPaint
IsWindow
LoadStringW
ClientToScreen
GetDC
GetDlgItem
ScreenToClient
SendMessageW
ReleaseDC
MoveWindow
RegisterWindowMessageW
SetWindowPos
DestroyWindow
SetWindowLongW
GetWindowTextLengthW
LoadCursorW
GetClassNameW

gdi32

GetDeviceCaps
GetObjectW
DeleteObject
DeleteDC
SelectObject
BitBlt
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject

advapi32

RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoRevokeClassObject
OleLockRunning
CoResumeClassObjects
OleInitialize
CoGetClassObject
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
CoCreateInstance
OleUninitialize
CoRegisterClassObject

oleaut32

VariantClear
RegisterTypeLi
SysAllocStringLen
SysStringByteLen
UnRegisterTypeLi
SysAllocString
VariantInit
LoadTypeLi
SysStringLen
OleCreateFontIndirect
LoadRegTypeLi
VarUI4FromStr
SysFreeString

hoopsmanager

??0EString@@QAE@ABV0@H@Z
??BEString@@QBEPB_WXZ
??1EString@@QAE@XZ

emodelutils

?GetViewerDir@LocalUtils@@SA?AVEString@@XZ

msvcr80

_decode_pointer
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__set_app_type
_except_handler4_common
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_CxxThrowException
?terminate@@YAXXZ
memcmp
wcsstr
??2@YAPAXI@Z
_purecall
memcpy
_resetstkoflw
wcscpy_s
wcscat_s
_wtoi
_beginthreadex
iswdigit
_wfullpath
wcsncmp
swprintf_s
wcslen
wcsrchr
_recalloc
free
wcsncpy_s
memset
malloc
memcpy_s
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
__CxxFrameHandler3
__p__fmode
??3@YAXPAX@Z
??_V@YAXPAX@Z

Sections

.text
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

159e17bbd2b0622cf4de889391fe2740

Headers

File Characteristics

Imports

emodelview

comctl32

kernel32

user32

gdi32

advapi32

ole32

oleaut32

hoopsmanager

emodelutils

msvcr80

Sections

.text Size: 44KB - Virtual size: 44KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 33KB - Virtual size: 50KB

.text
Size: 44KB - Virtual size: 44KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 33KB - Virtual size: 50KB