007db08f30d5897878e354bd0d767804_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

007db08f30d5897878e354bd0d767804_JaffaCakes118
Size

168KB
MD5

007db08f30d5897878e354bd0d767804
SHA1

1fb7b065aab75860575cf7420b3199f335ec31ff
SHA256

fb361664aa2608f7998056b56a50cb80adb6be19d0c29651a2409006447e3dc0
SHA512

408bc2d33ddbf5513e3e2e1489d5001dbe79a9e8a1047d3e7caec95f76de8eb6d3cf9559cd1b2c7baa03e0b64ae7ac1ef3a9dad42e681e48b6289f368e2f6dd3
SSDEEP

3072:FTO5t+BYTsjRx/bsbMCMkU/sk+UB+CpJ68qlwrawlah384Mcs63m:I5sEIClUVB+CpJNqulKBC6m

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
007db08f30d5897878e354bd0d767804_JaffaCakes118

Files

007db08f30d5897878e354bd0d767804_JaffaCakes118
.exe windows:5 windows x86 arch:x86

27e63fe4429eeee239b435a462ef7667

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

L:\oNbJeuwnwvp\wuEcdxBUlrJhLA\ulekftatmZjc\ekfrgqIxxh.pdb

Imports

msvcrt

strpbrk
_controlfp
__set_app_type
strrchr
system
__p__fmode
iswalpha
putc
__p__commode
_amsg_exit
towupper
strchr
_initterm
_acmdln
exit
_ismbblead
wcschr
_XcptFilter
_exit
srand
bsearch
wcstombs
_cexit
__setusermatherr
__getmainargs
calloc

comdlg32

PrintDlgExW
GetFileTitleW
CommDlgExtendedError

kernel32

IsBadReadPtr
lstrcmpA
GetSystemDirectoryW
ReleaseMutex
WaitForSingleObject
VirtualProtect
CompareStringW
SetHandleCount
TlsSetValue
ExitProcess
FindCloseChangeNotification
SetSystemTime
DisconnectNamedPipe
CreateDirectoryW
GetStringTypeExW
IsDBCSLeadByte
GetFileAttributesW
GetLocalTime
LoadResource
WriteFile
GetModuleFileNameW

gdi32

GetTextFaceW
CreateDIBSection
LPtoDP
PtVisible
SetAbortProc
GetCurrentObject
GetBitmapBits
SetDIBColorTable
SetROP2
RemoveFontResourceW
CreateEllipticRgnIndirect
PatBlt
SetWindowOrgEx
CreateHalftonePalette
GetDIBits
CreateDCW
EnumFontFamiliesExW
CreateBrushIndirect

shlwapi

StrToIntW
IntlStrEqWorkerA
PathRemoveBlanksW
StrToInt64ExA
ChrCmpIA

user32

GetSystemMetrics
InsertMenuItemW
SetActiveWindow
ShowOwnedPopups
SetRectEmpty
GetClassInfoExW
GetDialogBaseUnits
InvertRect
AllowSetForegroundWindow
EnableMenuItem
CharLowerA
SendMessageA
CreatePopupMenu
SetDlgItemInt
SetCaretPos
FindWindowW
ClientToScreen
ShowCursor
GetWindow
PostQuitMessage
DefFrameProcW
SetScrollPos
GetActiveWindow
MoveWindow
GetMenu
ClipCursor
DragObject
SystemParametersInfoA
DestroyIcon
SetMenu
LockWindowUpdate
GetClassInfoExA
GetMenuState
CreateCaret
CopyAcceleratorTableW
CheckRadioButton
CreateWindowExW
wsprintfW
RegisterHotKey
AdjustWindowRectEx
SystemParametersInfoW
BeginPaint

Exports

Exports

?PutSize@@YGIPAHD&U
?FolderPathA@@YGMGH&U
?AddDeviceOriginal@@YGFK&U
?LoadKeyboardExA@@YGNE&U
?HideStateNew@@YGKPAFJ&U
?CopyDataA@@YGXHJ&U
?IsValidPenExW@@YGPAFMJG&U
?RtlProviderOld@@YGXPAK&U
?LoadHeightOld@@YGGMPAMPAJG&U
?CallStringExA@@YGMKPAJ&U
?FreeTimerNew@@YGPAJ_NPAJPAD_N&U
?CancelModuleOld@@YGHPAJPAHE&U
?DecrementCommandLineA@@YGPAHPAIJG&U
?FreeDateOriginal@@YGPAMMPAMPAD&U
?FormatProcessA@@YGEPAI&U
?GlobalNameW@@YGXPAIH&U
?CharExW@@YGKK&U
?CancelTimerNew@@YGPAXDPAKPAI&U
?InvalidateProfileA@@YGXJ_NNPAF&U
?CancelSemaphoreA@@YGPAXPAH&U
?Height@@YGMGDEJ&U
?FindAppNameNew@@YGEPAE&U
?InvalidateFilePathExW@@YGPA_NF&U
?PutDateEx@@YGEJF&U
?CloseMessageExW@@YGPAXKD&U
?GeneratePointer@@YGIMPA_ND&U
?InvalidateSystemNew@@YGXPADPAM&U
?OnAnchorOriginal@@YGD_N&U
?RemoveMediaTypeOld@@YGPAD_N&U
?CopyHeightEx@@YGEPAGPAKIPAE&U
?FreeListEx@@YGDPAF&U
?CopyFolderPathA@@YGXMJED&U
?InstallComponentNew@@YGGIPAJHJ&U
?InstallMutexExA@@YGXKPAEPAEF&U
?EnumMutexEx@@YGDJ&U
?SetPathA@@YGXDPAIPAGF&U
?FormatWidthA@@YGFIPA_NMH&U
?RemoveAnchorOriginal@@YGKHPANPAG&U
?ModifyConfigExW@@YGPAFHPADPAE&U
?RemoveVersionA@@YGDPADEPAF&U
?IsNotAppNameA@@YGPAIHPAFNPAM&U
?InsertSection@@YGKJ&U
?FindListA@@YGPANFPAJPA_NF&U
?ValidateTimeW@@YGXHKM&U
?FreeDialogEx@@YGFPAKEHPAG&U
?IncrementFunctionExA@@YGKF&U
?SendPointEx@@YGIFPAH&U
?LoadMutantExA@@YGJHHPAD&U
?DeleteSemaphoreW@@YGEE&U
?EnumListItemNew@@YGJDDM&U
?InstallPathExA@@YGPAKKHPA_NPA_N&U
?FreeComponentW@@YGEPAEDNJ&U
?KillProviderOld@@YGFFDDM&U
?OnKeyboardOld@@YGPAXME&U
?GetFolderPath@@YGGPAI&U
?KillFilePathExW@@YGPAXGJPAE_N&U
?CrtTimerOld@@YGPAGPAMPAIPAIK&U
?IsScreenOriginal@@YGPAGIKPAN&U
?GetDateA@@YGIHFPAGPAF&U
?AddProcessExW@@YGPAKHKN&U
?InvalidateFunction@@YGPAGPA_N&U
?DeleteHeaderNew@@YGJ_NPAD&U
?GlobalPointerA@@YGPAHJ&U
?OnSectionOriginal@@YGGPAEJJ&U
?ModifyCommandLineNew@@YGED&U
?FindDateExA@@YGKHG&U
?KillFolderPathExA@@YGPAJDG&U
?IsFolderExA@@YGXPAK&U
?ValidateWindowW@@YGDHPAIPAGM&U
?IsKeyNameExW@@YG_NPAGPAD&U
?RemoveObjectW@@YGPAKM&U
?HideRectExW@@YGIM&U
?LoadListItemOriginal@@YGDEPAI&U
?CopyWindowNew@@YGGED&U
?CopyComponentA@@YGPADPAMD&U
?GenerateProfileW@@YGFDPAHPAD&U
?ClosePointNew@@YGPAJIPAN&U
?CancelHeaderExW@@YGPANPAF&U
?IsNotData@@YGPAXH&U
?IsDirectoryA@@YGKI&U
?DeleteClassW@@YGPAHMJPAEE&U
?OnCharW@@YGMDFG&U
?ValidateDateTimeEx@@YGXDKPAE&U
?CopyPointNew@@YGPAEE&U
?HeightExA@@YGPAMKPAEKK&U
?PutMemoryNew@@YGMPAH&U
?RemoveSizeExA@@YGHMFPAF&U
?RemoveKeyNameOriginal@@YGHHPAE&U
?IncrementExpressionExA@@YGGN&U
?ShowClassEx@@YGEKGPAG&U
?FreeModule@@YGD_NH&U
?IsNotTaskNew@@YGPADKPAGPAED&U
?CrtWindowInfoW@@YGXKJ&U
?PutPointerEx@@YGXFEDPAF&U
?FreeProcessEx@@YGHDHF&U
?CrtDirectoryExA@@YGIKIPAJF&U
?GetVersionOriginal@@YGHD&U
?InvalidatePathA@@YGIK&U
?IsValidProcessExA@@YGPAKKKNF&U
?CallMutantA@@YGF_N&U
?KillDateW@@YGJPAF&U
?ShowMonitorExW@@YG_NJ&U
?ClassW@@YGJPAG&U
?DecrementString@@YGI_NMPAI&U
?CopyAppName@@YGMHFPAIPAF&U
?KillFolderOld@@YGMPA_NPANF&U
?IsRectEx@@YGNPAJJEH&U
?ValidateListEx@@YG_NPAKDPAIPA_N&U
?CloseArgument@@YGGJPAJ&U
?ValidateWindow@@YGXIK&U
?InsertMainStructDlhSi@@YGKGH@Z
?CancelMessageNew@@YGHPAKM&U
?IsFolderPath@@YGHMFPAK&U
?RemoveDeviceNew@@YGINE&U
?SetTextA@@YGFPAD&U
?SetDateTime@@YGPAMNKMF&U
?IsNotTaskA@@YGHPADPAFK&U
?RtlAppName@@YGXGF&U
?CrtAnchor@@YGXPAD&U
?IsFolder@@YGKI&U
?CopySizeW@@YGGPAN&U
?PutModuleA@@YGPAHPAM&U
?EnumConfigNew@@YGXH&U
?ValidateProfileA@@YGJPAH&U
?DeleteWindowA@@YGXG&U
?KillDateTimeExW@@YGPAJPAH&U
?CloseHeaderOld@@YGEPAHPAMPAG&U
?DeleteMutexExW@@YGPAXK&U
?HideDialogExW@@YGPAGJ&U
?SendSystemExW@@YGPANPAEPAHPAG&U
?RemoveDialogExA@@YGGD&U
?CopyObjectW@@YGPAHIPAG&U
?ListA@@YGPAXPAIMJF&U
?LoadTaskA@@YGPA_NIFPAFJ&U
?SendFolderOld@@YGMEMPAJH&U
?IncrementTaskOriginal@@YGPAXJGPAF&U
?FormatCharExA@@YGIPAMEJ&U
?RectEx@@YGGI&U
?InsertWidthEx@@YGPAFE&U
?ValidateDeviceExA@@YGPAEJI&U
?IncrementProcess@@YGGDFPAHF&U
?RemoveThreadOriginal@@YGFFJJ&U

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rimp
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.redt
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdbg1
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rit
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdbg2
Size: 512B - Virtual size: 82B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rvar
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rpt
Size: 1024B - Virtual size: 525B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ping
Size: - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

27e63fe4429eeee239b435a462ef7667

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comdlg32

kernel32

gdi32

shlwapi

user32

Exports

Exports

Sections

.text Size: 21KB - Virtual size: 21KB

.rimp Size: 3KB - Virtual size: 2KB

.redt Size: 5KB - Virtual size: 5KB

.rdbg1 Size: 512B - Virtual size: 28B

.rit Size: 1024B - Virtual size: 516B

.rdbg2 Size: 512B - Virtual size: 82B

.rvar Size: 512B - Virtual size: 44B

.rpt Size: 1024B - Virtual size: 525B

.hdata Size: 1024B - Virtual size: 756B

.data Size: 2KB - Virtual size: 1KB

.ping Size: - Virtual size: 126KB

.rsrc Size: 129KB - Virtual size: 128KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 21KB - Virtual size: 21KB

.rimp
Size: 3KB - Virtual size: 2KB

.redt
Size: 5KB - Virtual size: 5KB

.rdbg1
Size: 512B - Virtual size: 28B

.rit
Size: 1024B - Virtual size: 516B

.rdbg2
Size: 512B - Virtual size: 82B

.rvar
Size: 512B - Virtual size: 44B

.rpt
Size: 1024B - Virtual size: 525B

.hdata
Size: 1024B - Virtual size: 756B

.data
Size: 2KB - Virtual size: 1KB

.ping
Size: - Virtual size: 126KB

.rsrc
Size: 129KB - Virtual size: 128KB

.reloc
Size: 1KB - Virtual size: 1KB