2fa293fbfdeb193ec4e9db6409e3201b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2fa293fbfdeb193ec4e9db6409e3201b_JaffaCakes118
Size

218KB
MD5

2fa293fbfdeb193ec4e9db6409e3201b
SHA1

45f7b1723a7f2075eae35ca2937659e0b1dcc62d
SHA256

c9a879069f700114282cdd0eecfa6ce32fbea98bf1da89f31212ebad9f5f2712
SHA512

f99ccfc6a8308cf3953b18eb2e6a8b54309b847d04caf76dd30080e2791b04fc636b9b2bd0bbab56ce756c7afaa4a6cdfb352976f68063e49e3033b438a7430a
SSDEEP

3072:goMwtvND9BX+plmRCq8OZAZ8HdcA4PNbuyXkeqL15/4MGgAYaNJBThs3i880cxjV:gGSlmfZ28HO/PNbTXUrGYYTl88pi7Vi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2fa293fbfdeb193ec4e9db6409e3201b_JaffaCakes118

Files

2fa293fbfdeb193ec4e9db6409e3201b_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4e3abeea5f2b3346efc33f9ce33ffc96

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

K:\sXqIhTfvxya\copojQfZwQmN\gsqRvheld\ermimued\gtzrtnWjvom.pdb

Imports

user32

CreateWindowExW
DrawAnimatedRects
SetScrollPos
RemoveMenu
OpenIcon
SetMenu
keybd_event
ShowOwnedPopups
GetKeyboardLayoutList
GetDlgItemTextW
CopyImage
CharUpperA
DefWindowProcW
SetLastErrorEx
CharUpperBuffW
AppendMenuW
CharNextA
IsMenu
InsertMenuItemW
SendMessageW
CharToOemW
DefFrameProcA
CharNextExA
GetWindowTextA
SetCursor
GetIconInfo
SetPropW
SetWindowLongW
HiliteMenuItem
GetKeyboardLayout
AdjustWindowRect
InternalGetWindowText
CharNextW
GetDC
ReplyMessage
GetSystemMetrics
CharLowerA
CharUpperW
DrawMenuBar
FindWindowA
SetWindowRgn
MapWindowPoints
GetClassInfoA
SetFocus
SetMenuItemInfoW
SystemParametersInfoA
CloseDesktop
DefWindowProcA
SendMessageA
EnumThreadWindows
IsIconic
CopyAcceleratorTableW
RemovePropW
GetMessagePos
DrawFocusRect
DrawIconEx
MapVirtualKeyExW
SetScrollInfo
HideCaret
WaitMessage
LoadMenuA
EnableMenuItem
GetSysColorBrush
mouse_event
PeekMessageA
GetWindowTextLengthW
GetMenuItemCount
GetUpdateRect
GetMenu
OpenDesktopW
AppendMenuA
SendMessageTimeoutW
DestroyMenu
GetClassInfoExW
GetDCEx
GetScrollRange
GetMessageA
GetClientRect
LookupIconIdFromDirectory
IsCharAlphaW
GetCaretPos
ReleaseDC
GetAsyncKeyState
FindWindowExW
IsZoomed
CreateDialogIndirectParamW
TranslateAcceleratorA
GetMonitorInfoW
LoadCursorA
EnableScrollBar
GetMessageW
CharLowerBuffW
MessageBoxExW
DeferWindowPos
GetCursorPos
SendInput
EnumWindows
LoadIconA
ShowScrollBar
GetKeyboardLayoutNameW
RegisterClassExW
AdjustWindowRectEx
MonitorFromPoint
DragObject
ArrangeIconicWindows
wvsprintfW
GetSystemMenu
GetMessageExtraInfo
GetForegroundWindow
EndPaint
GetWindowPlacement
ShowCursor
GetMenuStringW
DrawStateA
DestroyCursor
CharLowerW
GetClassInfoW
TileWindows
GetUserObjectInformationW
RegisterClassA

kernel32

Sleep
OpenFileMappingW
HeapReAlloc
SetCommState
LoadLibraryA
FileTimeToLocalFileTime
CompareFileTime
SetMailslotInfo
lstrcmpiA
IsDBCSLeadByte
MapViewOfFile
GetStdHandle
GetSystemDirectoryA
CreateWaitableTimerW
CallNamedPipeW
LCMapStringW
GlobalHandle
GlobalFree
VirtualAlloc
SetHandleInformation
GetLocaleInfoW
FlushViewOfFile
SearchPathA
GetTimeZoneInformation
GetStartupInfoA
SetLastError
CreateEventW
FormatMessageW
FindFirstChangeNotificationW
OpenEventA
TransactNamedPipe
HeapWalk
GlobalFindAtomW
GetFullPathNameW
GlobalMemoryStatus
WaitForMultipleObjectsEx
GetLocaleInfoA
GetSystemDirectoryW
GetNumberFormatA
SetCurrentDirectoryA
SetPriorityClass
CreateFileMappingW
IsBadWritePtr
SetEvent
GlobalFlags
CopyFileA
CreateSemaphoreA
GetModuleFileNameA
HeapSize
GlobalCompact
GetModuleHandleA
CreateMutexA
VerSetConditionMask
GetThreadTimes
GetProcAddress
LockFile
ExitThread

gdi32

RoundRect
CreateBitmap
TextOutA
GetTextMetricsA
ExtFloodFill
SelectObject
GetNearestColor
LPtoDP
CombineRgn
CreateFontIndirectA
GetCharWidth32W
CreatePalette
SaveDC
CreateDIBSection
PolyBezier
GetTextExtentPoint32W
GetObjectA
SetTextColor
CreateRoundRectRgn
GetDIBits
RectInRegion
FillRgn
StartPage
GetCurrentObject
DPtoLP
GetBitmapBits
Ellipse
SetBitmapDimensionEx
OffsetRgn
ResizePalette
CreateFontW
CreateCompatibleBitmap
PatBlt
SetWindowOrgEx
Escape
StretchDIBits
UnrealizeObject
EndPath
CreateDiscardableBitmap
SetStretchBltMode
SetDIBitsToDevice
CreateBrushIndirect
GetDIBColorTable
Polygon
GetTextColor
EnumFontFamiliesW
PathToRegion
EndDoc
DeleteDC
GetFontData
CreateDCW

shlwapi

StrChrIA

msvcrt

vsprintf
mbtowc
sprintf
_controlfp
__set_app_type
strcoll
fgetc
__p__fmode
__p__commode
bsearch
_amsg_exit
wcstombs
strncpy
_initterm
_acmdln
iswspace
wcsrchr
fgets
exit
strrchr
_ismbblead
setvbuf
_XcptFilter
_exit
isprint
gets
islower
fclose
fseek
_cexit
remove
swprintf
wcsstr
isalnum
wcsncmp
calloc
__setusermatherr
strtok
swscanf
isalpha
wcscoll
strchr
strcpy
iswalpha
mbstowcs
wcscpy
rand
__getmainargs

Exports

Exports

?RtlPathExW@@YGHPANH]A
?RtlProviderW@@YGXPAD]A
?GetExpressionOriginal@@YGPAMDKPADK]A
?IncrementObjectExA@@YGFEE]A
?ClosePointerEx@@YGXND]A
?DecrementPoint@@YGJJPAJ]A
?KillListItemNew@@YGPAFDHDPAG]A
?InsertOptionOld@@YGKPADPAJED]A
?InvalidateFileA@@YGGPA_NPAM]A
?RtlRectEx@@YGDF]A
?ValidatePointExW@@YGKM]A
?HideMonitorOld@@YGXPAINGPAH]A
?MonitorExW@@YGDI]A
?RtlExpressionExW@@YGPAIPAMMDI]A
?IncrementModuleA@@YGKI]A
?OnHeaderW@@YGXIPAIGN]A
?LoadModuleNew@@YGPAHF]A
?IsNotPenExW@@YGIMNNK]A
?OnFilePathEx@@YGII_NFH]A
?CopyProjectEx@@YGPAXKIM]A
?LoadListEx@@YGPAKPADM]A
?IsNotFunctionOld@@YGPAFPAE]A
?CloseSystemW@@YGPAXDJKPAF]A
?SetPenExA@@YGPANDFGPAH]A
?EnumPointA@@YGXFNM]A
?CrtAppNameOriginal@@YGHH]A
?RemoveArgumentOld@@YGJMPAM]A
?GetClassExW@@YGPAIPAJPAJF]A
?HideScreenNew@@YGJPAGI_N]A
?ShowProcessA@@YGHHJ]A
?InvalidateFullNameW@@YGPAXGH]A
?CopySystemOld@@YGXFII]A
?SendSectionOld@@YGDH]A
?IsNotProfileA@@YGMEDHF]A
?DeletePointEx@@YGGPAE]A
?IsNotSectionEx@@YGNPAE]A
?CallStateW@@YGPAXGPAFI_N]A
?InstallProfileEx@@YGHFKNH]A
?SendFileExA@@YGKPAI]A
?InsertSemaphoreA@@YGXK]A
?SendTextW@@YGPAKPANNDM]A
?ShowModuleExA@@YGEJF]A
?ModifySection@@YGFPAJPAJ]A
?InsertPathW@@YGFPAM]A
?FreeFilePathEx@@YGFFGMPAG]A
?IncrementSection@@YGPAEPAI]A
?FormatMediaTypeW@@YGPAKPADPAMPAJH]A
?GetDateTimeNew@@YGPAXF]A
?OnValueNew@@YGNPAJPAFK]A
?FormatThreadW@@YGEJJ]A
?InstallEventExA@@YGPAF_NHFPAJ]A
?ModifyCommandLineW@@YGDPAH]A
?CallProcess@@YGPAINPAF]A
?ValidateThread@@YGPAEPAGPAMHD]A
?FindTimerW@@YGIH]A
?AddCharOld@@YGJPAIGD]A
?DecrementDateExA@@YGXFM]A
?IsHeaderW@@YGPAGDPAKK]A
?DecrementTimer@@YGKPAD]A
?KillFileA@@YGPAXPAH]A
?LoadFunctionW@@YGPAHPAE]A
?InsertCommandLineA@@YGPAGFEPAF]A
?HideDataEx@@YGPAMGE]A
?CrtMessageOriginal@@YGKJPAIMG]A
?KillKeyboardNew@@YGXHPAJ]A
?ModifyPointerEx@@YGPAIPAK]A
?GenerateConfigOld@@YGPAHPAF]A
?LoadClass@@YGIPA_NMIE]A
?CrtWindowExW@@YGPAX_NKPAM]A
?OnConfigW@@YGEN]A
?HidePointerA@@YGXPAMPAJPAF]A
?InstallHeaderA@@YGFPAEPADKI]A
?FindTimerEx@@YGNPADPAJH]A
?CrtObjectNew@@YGPAHI]A
?AddProfileEx@@YGPAHPADD]A
?SetHeightExW@@YGPAXPANPAH]A
?SetStringOriginal@@YGEEKKG]A
?LoadFunctionNew@@YGXHEGG]A
?FreeFilePathNew@@YGEPAEMPAH]A
?LoadTimerOriginal@@YGHIPAIPAK]A
?CrtThreadEx@@YGPA_NG]A
?IsWindowA@@YGJDDF]A
?DecrementWindowW@@YGEPAHPAEHPAE]A
?CallProjectOriginal@@YGEM]A
?CancelDateA@@YGXGJFE]A
?IsAppNameOriginal@@YGDMPAKPAFM]A
?CrtAppNameA@@YGXH_NPAMI]A
?FreeWidthW@@YGKEPAHDH]A
?InstallSystem@@YGDFNKPA_N]A
?CancelDataNew@@YGNJE_NG]A
?IsValidKeyboardNew@@YGD_NHNJ]A
?DecrementProviderA@@YGPAEH]A
?CopyPathExW@@YGFFFNG]A
?ShowListItemExW@@YGPAGMMG_N]A
?GenerateAppNameW@@YGXPAJPADKM]A
?MemoryExA@@YGHPADDHM]A
?IsValidMediaTypeNew@@YGXF]A
?LoadFilePathNew@@YGKDPAJPAFK]A
?InvalidateMutexW@@YGEHH]A
?OnValueEx@@YGPAGJMPAE]A
?SendDeviceOld@@YG_NNPAHPAE]A
?AddDialogExA@@YGMMIIF]A
?CallTimeEx@@YGIPAFF]A
?KillSystem@@YGNM]A
?SetConfigExW@@YGPAJPAK]A
?InvalidateTextExW@@YGPAIPAKG]A
?IsDateOriginal@@YGGD]A
?GetCharExW@@YGPAXPAGGE]A
?LoadRectExA@@YGPAIJGJ]A
?IncrementProcessNew@@YGNPAFGPAE]A
?CrtProjectEx@@YGHPAGPAIH]A
?GenerateFullNameNew@@YGXKPAKK]A
?PutWindowInfoExW@@YGGD]A
?DecrementKeyNameExW@@YGPANPAG]A
?FreeDataA@@YGPAMIJPAKM]A
?GenerateClassNew@@YGMKFH_N]A
?AddTimerW@@YGPAFPAEPAI]A
?SendListW@@YGXPAE]A
?AddProcessOld@@YGXPAEPAM]A
?CopyWidthExA@@YGNPAE]A
?ShowFolderOriginal@@YGPAXPAN]A
?KillMutexW@@YGHPAJPAM]A
?AddModuleOld@@YGXG]A
?PutClassA@@YGJPANHD]A
?CallExpression@@YGEIJJ]A
?ModifyFileExA@@YGMPAHI]A
?RemoveArgumentExA@@YGPAHPADHPAMJ]A
?CrtConfigA@@YGHPAE]A
?CancelSectionOld@@YGPAKE_N]A
?FormatMediaTypeExA@@YGEPAJ]A
?ValidateMediaTypeExW@@YGKI]A
?FindSemaphoreW@@YGIDJ]A
?GenerateVersionEx@@YGFI_NIM]A
?SetMutantNew@@YGPAMMNKPAM]A
?FormatAppNameExA@@YGPAJPAFMPAHM]A
?RtlListItem@@YGPAXPAM]A
?RtlPenEx@@YGENEJI]A
?KillObjectOld@@YGXHDPAMPAI]A
?RtlFileNew@@YGXIPAGE_N]A
?FindKeyboardEx@@YGXJDEG]A
?ValidateListItemNew@@YGXPAJE]A
?KillKeyboardW@@YGMGI_N]A
?RemoveDeviceOriginal@@YGHPAIIPAIPAK]A
?SetProviderExA@@YGFGPAKPAE]A
?FormatObject@@YGX_NJM]A
?CopyPathOriginal@@YGXMHPAE]A
?DeleteKeyNameExA@@YGMPANPA_NK]A
?DecrementOptionEx@@YGMPAIPAHPAKM]A
?OnFileExA@@YGPAIPAIHD]A
?SetEventW@@YGXPAGIPAMH]A
?CrtExpressionExW@@YGID]A
?SendExpressionEx@@YGDPAFPAMPAIF]A
?IncrementMutantNew@@YGJPAE_NPAEJ]A
?InstallWidthNew@@YGPAJK_N]A
?RemoveComponentOriginal@@YGKFE]A
?CrtFilePath@@YGMPAFPAKEPAI]A
?InvalidateFilePathExA@@YGPAKNPAEKPAJ]A
?SendMessageA@@YGPAX_NPAJ]A
?RtlDirectoryExA@@YGKPAFPAGD]A
?CloseFolderPathA@@YGHHIPAH]A
?InstallPenExW@@YGGFPAD]A
?CancelOptionEx@@YGKPA_NPAEE]A
?CancelName@@YGHPAMIKPAH]A
?FormatSystem@@YGEM]A
?CrtMonitorOriginal@@YGHN]A
?GlobalFileNew@@YG_NF]A
?CloseDialogOriginal@@YGPAE_N]A
?SendPathNew@@YGPAXFPADNPAH]A
?KillFolderPath@@YGPAHKPAHE]A
?GetKeyNameExA@@YGNJPAHPAI]A
?ValidatePointerOriginal@@YGIGDK]A
?FreeNameOld@@YGPAGPAKJ_N]A
?KillPointer@@YGPAJPAHE]A
?InsertCommandLineNew@@YGGPAJPANK]A
?ModifyMutexExW@@YGGGM]A
?ShowPointerEx@@YGGEPAFPAEE]A
?CommandLineNew@@YGPAKPADDIG]A
?ValidateEventA@@YGPAGPA_NII]A
?ShowEventExW@@YGXII]A
?AddTimeExW@@YGPADGPAJPAF]A
?KillTaskEx@@YGMDID]A
?RtlPointerW@@YGMPAEPAIPAE]A
?CopyMediaTypeNew@@YGIM_NPAD]A
?ModifyFullNameExW@@YGXPAMK]A
?InsertProcessOld@@YGNPAJPAMGM]A
?RemoveFolderEx@@YGI_NPAN]A
?SendDataA@@YGKEGM]A
?IsValidDateTimeA@@YGKNFMG]A
?CallWindowInfoA@@YGPAFKK]A
?CopyScreenA@@YGMFHD]A
?GlobalMutantOriginal@@YGPAEPAMF]A
?OnSizeExW@@YGXPAM]A
?LoadPathA@@YGPAJMKE]A
?RtlMutex@@YGMJ]A
?LoadThreadA@@YGXPAMKPAHPAG]A
?RemoveOptionNew@@YGDM]A
?LoadObject@@YGEJPAIG]A
?IsValidArgumentOld@@YGPAKJN]A
?InstallWindowW@@YGJHE]A
?CopyComponentA@@YGPAIH_N]A
?IncrementTaskA@@YGEPAH]A
?CloseWindowExA@@YGPAXFPAFPAHM]A
?InvalidateValueExA@@YGHPAKPAHI]A
?ModifyOptionOld@@YGHFDPAE]A
?CopyExpressionExA@@YGFNIM]A
?OnPointExW@@YGGIPANHPAF]A
?ValidateFunctionA@@YGPAIGJG]A
?OnCharExA@@YGPAXEIH]A
?IsValidValueOriginal@@YGPAEF]A
?OnFullNameExA@@YGKEIPAMG]A
?SetMutant@@YGMGPAD]A
?ModifyState@@YGPAHI]A
?GlobalFolderPathOriginal@@YGIPAIN_N]A
?FindConfigOriginal@@YGKFPAMHI]A
?RtlProjectExA@@YGIFPANK]A
?LoadSizeW@@YGPADPANEH]A
?CallConfigNew@@YGDK]A
?CallWindowW@@YGXKPAM]A
?ValidateDirectoryNew@@YGDPANFPAGD]A
?InvalidateDateTimeNew@@YGPADPADPAJF]A
?DeleteCommandLineExA@@YGPADMIPAG]A
?DestinationSysCounterDnDHuuey@@YGKGHE@Z
?InvalidateProfileEx@@YGPAHGM]A
?RemoveCommandLineEx@@YGXPAHPAMH]A

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.zimp
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 173KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e3abeea5f2b3346efc33f9ce33ffc96

Headers

File Characteristics

PDB Paths

Imports

user32

kernel32

gdi32

shlwapi

msvcrt

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 31KB

.zimp Size: 6KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 178KB

.rsrc Size: 173KB - Virtual size: 173KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 31KB - Virtual size: 31KB

.zimp
Size: 6KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 178KB

.rsrc
Size: 173KB - Virtual size: 173KB

.reloc
Size: 1KB - Virtual size: 1KB