10a2f19c3072374da0ec40a306ee3875_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

10a2f19c3072374da0ec40a306ee3875_JaffaCakes118
Size

392KB
MD5

10a2f19c3072374da0ec40a306ee3875
SHA1

472ed296fd924c35bd407bc8a851bc2da8f9440d
SHA256

6ab09cf73e6f7e231d75b2d443af1d0ed25333ee594fe81f33b868d7436960d1
SHA512

cb22b091af9a31bec5af19000031e87a4b29e52fac05d2ef0e44f3543096791e733e73ec174190f49a55b1316226916aa52f96459e751c2d6321dcafb81392a8
SSDEEP

12288:uG0G3bU0EdIM7CSZaUsp6+PhtD4El7C8ZpKOz:uGbUzZaU0l7XT/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
10a2f19c3072374da0ec40a306ee3875_JaffaCakes118

Files

10a2f19c3072374da0ec40a306ee3875_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f9026aec0f9ed73704fd35b5f60485e4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetErrorMode
GetLogicalDrives
ReleaseMutex
RaiseException
LocalFree
FindClose
lstrlenA
SetLastError
GetLastError
LoadLibraryA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
MulDiv
ReadFile
GlobalAlloc
FreeLibrary
WriteFile
GetCurrentProcessId
GetStdHandle
GetExitCodeProcess
lstrcpyA
FlushInstructionCache
InterlockedIncrement
TerminateThread
CreateThread
SetThreadPriority
ResumeThread
InterlockedExchange
lstrcmpiA
GetTickCount
GetCurrentThreadId
WaitForSingleObject
IsBadReadPtr
EnterCriticalSection
SetEvent
LeaveCriticalSection
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
ResetEvent
GlobalLock
GlobalUnlock
GlobalFree
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
SetProcessAffinityMask
Sleep
InterlockedDecrement
LocalAlloc
SetNamedPipeHandleState
HeapDestroy
OpenProcess

user32

UnregisterDeviceNotification
GetActiveWindow
SetCursor
PostQuitMessage
DestroyMenu
TrackPopupMenu
MonitorFromPoint
IsIconic
GetWindowThreadProcessId
IsWindowVisible
GetTopWindow
SetForegroundWindow
GetSystemMenu
TranslateMessage
EndDialog
DestroyWindow
ShowWindow
GetSystemMetrics
SetFocus
MessageBoxA
CallNextHookEx
UnhookWindowsHookEx
ClipCursor
SetWindowPos
GetScrollInfo
SetScrollInfo
GetScrollPos
SetRectEmpty
DeleteMenu
SetWindowRgn
BringWindowToTop
InvalidateRgn
IsWindow
IsWindowEnabled
SetTimer
DestroyIcon
PtInRect
WindowFromPoint
GetKeyState
EqualRect
SetRect
UpdateWindow
GetDC
ReleaseDC
BeginPaint
CheckMenuItem
EndPaint
InvalidateRect
GetDlgCtrlID
GetDlgItem
ScreenToClient
MoveWindow
EnumWindows
GetSubMenu
GetAsyncKeyState
SetActiveWindow
KillTimer
IsZoomed
SetCapture
GetCapture
ReleaseCapture
GetCursorPos
GetMenuState
OpenIcon
GetParent
GetWindow
GetWindowRect
IntersectRect
GetClientRect
MapWindowPoints
FillRect
IsRectEmpty
GetDesktopWindow

gdi32

MoveToEx
LineTo
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetBkColor
CreatePen
BitBlt
SetBkMode
SetTextColor
DeleteObject
SetDIBitsToDevice
DeleteDC
CreateRectRgn
GetRgnBox
CombineRgn
GetDIBits
CreateHalftonePalette
CreatePalette
GetDIBColorTable
SetDIBits
GetDeviceCaps
OffsetRgn
CreateRectRgnIndirect
CreateEllipticRgn
DPtoLP
LPtoDP
SetMapMode
SetWindowOrgEx
GetPixel
CreateSolidBrush

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW

ole32

RevokeDragDrop
RegisterDragDrop
CoInitialize
CoGetClassObject
CoUninitialize
OleInitialize
OleUninitialize
CoCreateInstance
CoSetProxyBlanket
ReleaseStgMedium
OleRun
DoDragDrop

oleaut32

VariantChangeType
VariantCopy
GetErrorInfo
SysFreeString
SysAllocString
VariantClear
VariantInit

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7out_of_range@std@@6B@
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
?_Xran@std@@YAXXZ
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IPBGI@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ

comctl32

ImageList_AddMasked
InitCommonControlsEx
ImageList_Create
ord17
ImageList_Destroy

winmm

mixerOpen
mixerGetNumDevs
waveOutGetNumDevs
mixerSetControlDetails
mixerClose

shlwapi

PathFileExistsW
PathFindExtensionW
PathRemoveBackslashW

settingdecryption

DS_TestSettingFile

umsghook

HOOK_Uninitialize
HOOK_Initialize

umgieffectcore

MGI_SetMaxResolution
MGI_EnableCoreLib
MGI_Initialize
MGI_Release
MGI_UnInitPlugInManager
MGI_SetPerformanceImproveResult
MGI_OnDeviceRemove
MGI_OnNewDevice
MGI_InitPlugInManager
MGI_SetCurrentEffectID
MGI_SetCurrentEffectParam
MGI_UpdateClassEffects
MGI_SwitchModule
MGI_ReSetCurrentEffect

msvcrt

wcsncpy
_wfopen
fread
fclose
_strcmpi
fseek
fwrite
rand
srand
time
memcmp
strlen
fgetws
iswalpha
_waccess
wcsncmp
fopen
atol
difftime
_strnicmp
ftell
_controlfp
??1type_info@@UAE@XZ
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
_except_handler3
__CxxFrameHandler
strncmp
??2@YAPAXI@Z
swprintf
wcslen
free
realloc
memmove
_wcsicmp
_ftol
iswspace
wcsrchr
wcstoul
wcsstr
wcscpy
_wcslwr
wcschr
_wsplitpath
_purecall
??0exception@@QAE@ABV0@@Z
_wtoi
_CxxThrowException
_itow
strchr
wcscat
swscanf
memset
wcscmp
malloc
_wmakepath
iswdigit
_wcsnicmp
_exit
_XcptFilter
exit

magengin

magGetLayerBits
magCreatePicture
magGetLayer
magImportToPicture
magDestroyPicture
magLayerGetMask
magGetLayerProperty

psapi

GetModuleFileNameExW
EnumProcessModules

urlmon

CopyStgMedium

magpltfm

magStrCopy
magHeapFree
magHeapUnlock
magMemZero
magHeapLock
magHeapAlloc

magpcmac

Mag0FSExpRelease
Mag0FSExpCreateExp
Mag0FSExpCalculateFSRCreate
Mag0FSRRelease

Sections

.text
Size: 280KB - Virtual size: 277KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f9026aec0f9ed73704fd35b5f60485e4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp60

comctl32

winmm

shlwapi

settingdecryption

umsghook

umgieffectcore

msvcrt

magengin

psapi

urlmon

magpltfm

magpcmac

Sections

.text Size: 280KB - Virtual size: 277KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 16KB - Virtual size: 27KB

.rsrc Size: 64KB - Virtual size: 140KB

.text
Size: 280KB - Virtual size: 277KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 16KB - Virtual size: 27KB

.rsrc
Size: 64KB - Virtual size: 140KB