ed93e401437c9343faf45da2dde0ee62_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ed93e401437c9343faf45da2dde0ee62_JaffaCakes118
Size

1.7MB
MD5

ed93e401437c9343faf45da2dde0ee62
SHA1

696928f25c822f6f32c0e3ad727d6391eb6596f5
SHA256

f9bea4f6d5cbedc530614f68fc7f2dd07d94f0fb125213058ae9bb42f9b7f418
SHA512

0522f75e882dbc8ac0cbdc12ecabd4877c316a955383eeedd5ab2bafef9783b9b2d98604c4522ae5430418b942d0bf7cd1dd7326b248b9d0038d9f6e86a6a1de
SSDEEP

12288:7YUSV823TXsjw/PZMp5HWOqMulegSqOtjTo0IA4yk0TAD68XAmXoj+pVS9yVn:a2OPo5HWTFxfOJTo0eyk0G7X2++9yVn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed93e401437c9343faf45da2dde0ee62_JaffaCakes118

Files

ed93e401437c9343faf45da2dde0ee62_JaffaCakes118
.exe windows:4 windows x86 arch:x86

68b8a22f69bd535ac8aba1f9fc42cd3a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6052
ord1775
ord5280
ord4425
ord3597
ord3573
ord641
ord324
ord4234
ord6442
ord4710
ord4123
ord6199
ord2642
ord941
ord6663
ord535
ord6453
ord3610
ord656
ord3873
ord6880
ord2089
ord5981
ord765
ord3337
ord4299
ord1175
ord4376
ord3708
ord781
ord2111
ord4853
ord3698
ord2108
ord2370
ord2302
ord6334
ord2645
ord2575
ord3574
ord2558
ord6907
ord3880
ord3425
ord3054
ord5933
ord2860
ord6283
ord6282
ord3092
ord1768
ord6134
ord3920
ord539
ord665
ord1979
ord6385
ord5186
ord354
ord2405
ord6007
ord3286
ord4476
ord2086
ord6785
ord4287
ord2119
ord3803
ord4202
ord4285
ord2408
ord4055
ord5572
ord2915
ord5678
ord3693
ord5788
ord5787
ord773
ord501
ord5600
ord2776
ord998
ord3977
ord1083
ord5607
ord4219
ord2581
ord613
ord2514
ord541
ord801
ord861
ord4133
ord4297
ord940
ord922
ord538
ord3721
ord3567
ord602
ord795
ord2076
ord2116
ord6605
ord472
ord4124
ord1232
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5794
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3733
ord810
ord4271
ord6889
ord6676
ord3914
ord5651
ord3127
ord3616
ord5442
ord3318
ord350
ord341
ord654
ord5858
ord6140
ord924
ord926
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2080
ord3227
ord3408
ord3758
ord4480
ord4400
ord3630
ord682
ord3584
ord543
ord803
ord4148
ord3811
ord920
ord1949
ord3138
ord2123
ord4000
ord2813
ord837
ord4998
ord5265
ord3301
ord4278
ord4694
ord5148
ord6242
ord3910
ord3293
ord6888
ord6696
ord6675
ord283
ord3302
ord6762
ord4243
ord693
ord3640
ord3370
ord4402
ord2582
ord939
ord551
ord3089
ord4284
ord4267
ord804
ord3729
ord4406
ord1146
ord2380
ord2099
ord6197
ord2864
ord470
ord755
ord3996
ord3998
ord2100
ord1576
ord2096
ord2862
ord384
ord818
ord686
ord3742
ord4407
ord6172
ord5873
ord2754
ord2753
ord5789
ord2450
ord692
ord3639
ord4401
ord2024
ord2413
ord6366
ord1771
ord537
ord2614
ord928
ord3810
ord5934
ord2814
ord858
ord860
ord2725
ord1134
ord1205
ord2621
ord1199
ord6438
ord823
ord6215
ord2818
ord815
ord561
ord3738
ord4622
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord609
ord567
ord3572
ord3402
ord2574
ord2078
ord3874
ord5875
ord323
ord2859
ord1640
ord1641
ord5785
ord640
ord3571
ord2122
ord1088
ord540
ord4160
ord800
ord5290
ord2379
ord4275
ord1793
ord2414
ord3626
ord3663
ord825
ord556
ord1168
ord809
ord3619
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord289
ord6055

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_acmdln
memset
__CxxFrameHandler
??1type_info@@UAE@XZ
_setmbcp
_CxxThrowException
_wcsicmp
__getmainargs
_controlfp
strlen
strcpy
_snprintf
strrchr
time
strchr
_mbscmp
strtok
fwrite
fclose
fread
fseek
fopen
strcat
sscanf
_ismbcdigit
atoi
_stricmp
free
malloc
strcmp
_except_handler3
fprintf
_strnicmp
fgets
rewind
memcpy
memcmp
wcslen
_beginthreadex
strncpy
rand
srand
_ftol
memmove
strstr
_vsnprintf
isalnum
wcsncpy
atol
_mbsnbcpy
_mbsnbcmp
_strlwr
strncat
wcscmp
_purecall
_mbsicmp
atof
realloc
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
sprintf

kernel32

GetVersionExA
lstrcmpA
lstrlenA
RemoveDirectoryA
CreateProcessA
CreateFileA
GetShortPathNameA
FreeLibrary
LocalAlloc
LocalFree
DeleteFileA
GetTempPathA
GetTempFileNameA
CopyFileA
MoveFileExA
CreateMutexA
GetLastError
CloseHandle
FindClose
GetModuleHandleA
GetProcAddress
GetPrivateProfileStringA
GetPrivateProfileIntA
SetFileAttributesA
GetSystemDirectoryA
LoadLibraryA
GetModuleFileNameA
IsBadReadPtr
GetFileAttributesExA
GetStartupInfoA
FindFirstFileA
GetEnvironmentVariableA
FindNextFileA
GetWindowsDirectoryA
GetCurrentProcess
LockResource
LoadResource
SizeofResource
FindResourceA
MultiByteToWideChar
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForSingleObject
CreateDirectoryA
InterlockedDecrement
UnmapViewOfFile
GetFileSize
MapViewOfFile
CreateFileMappingA
OutputDebugStringA
Sleep
GetLocalTime
GetTickCount
ReadFile
WideCharToMultiByte
lstrlenW
GetPrivateProfileSectionA
lstrcpyA
TerminateThread
SuspendThread
GetExitCodeThread
WritePrivateProfileStringA
DeviceIoControl
TerminateProcess
OpenProcess
GetCurrentProcessId
HeapAlloc
GetProcessHeap
HeapFree
GetFileTime
OpenFile
SetFilePointer
GlobalFree
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
WriteFile
GetDriveTypeA
GetCommandLineA
lstrcmpiA
InterlockedExchange
RaiseException
MulDiv

user32

CreateWindowExA
IsChild
SetFocus
SystemParametersInfoA
FrameRect
DrawFrameControl
GetWindowDC
ReleaseDC
KillTimer
SetTimer
GetCursorPos
IsWindowVisible
LoadCursorA
SetCursor
GetWindowRect
GetFocus
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
ExitWindowsEx
wsprintfA
GetWindowLongA
FillRect
IsWindow
GetSysColor
GetWindow
EndPaint
BeginPaint
RedrawWindow
GetClassNameA
GetDesktopWindow
CreateAcceleratorTableA
DestroyWindow
RegisterClassExA
DestroyIcon
PtInRect
GetParent
PostMessageA
WaitForInputIdle
DrawTextA
FindWindowA
ShowWindow
SetForegroundWindow
GetWindowTextLengthA
LoadBitmapA
SendMessageA
GetClientRect
CopyRect
GetDlgItem
InvalidateRect
EnableWindow
LoadImageA
CharNextA
GetSubMenu
UpdateWindow
MessageBoxA
LoadIconA
GetWindowTextA
SetWindowTextA
RegisterWindowMessageA
ReleaseCapture
SetCapture
InvalidateRgn
SetActiveWindow
ScreenToClient
PeekMessageA
TranslateMessage
DispatchMessageA
CloseWindow
DrawIconEx
SetWindowRgn
InflateRect
SetRect
GrayStringA
TabbedTextOutA
LoadMenuA
OffsetRect
SetWindowLongA
GetWindowThreadProcessId
FindWindowExA
LoadStringA
GetSystemMetrics
MoveWindow
GetAsyncKeyState
SetWindowPos
SetClassLongA
EqualRect
GetDC
DefWindowProcA
GetClassInfoExA
CallWindowProcA

gdi32

RoundRect
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteDC
GetDeviceCaps
CreateFontIndirectA
GetStockObject
GetTextColor
CreatePen
Rectangle
GetTextExtentPoint32A
CreateSolidBrush
CreateFontA
GetObjectA
SelectObject
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
DeleteObject
CreateRoundRectRgn

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

CreateServiceA
LookupAccountNameA
DeleteAce
GetExplicitEntriesFromAclA
SetNamedSecurityInfoA
SetEntriesInAclA
BuildExplicitAccessWithNameA
ChangeServiceConfigA
ControlService
StartServiceA
QueryServiceStatus
RegOpenKeyExA
RegEnumKeyA
OpenServiceA
DeleteService
RegFlushKey
OpenSCManagerA
CloseServiceHandle
GetSidIdentifierAuthority
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyA
RegEnumValueA
RegCloseKey
GetUserNameA
GetNamedSecurityInfoA

shell32

SHGetFileInfoA
ShellExecuteExA
DragQueryFileA
DragFinish
SHGetSpecialFolderPathA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHCreateDirectoryExA
SHFileOperationA

comctl32

ImageList_Draw
ImageList_ReplaceIcon
ImageList_Remove
ImageList_GetImageCount
ImageList_GetIconSize
_TrackMouseEvent
ImageList_AddMasked

ole32

CoGetMalloc
OleUninitialize
OleInitialize
OleLockRunning
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromProgID
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitialize
StringFromCLSID
CreateStreamOnHGlobal
CLSIDFromString

olepro32

ord251
ord253

oleaut32

GetErrorInfo
SysFreeString
VariantClear
SysAllocString
VariantInit
SysAllocStringLen
SysStringByteLen
SysAllocStringByteLen
DispCallFunc
VariantCopy
SysStringLen
LoadRegTypeLi

setupapi

SetupIterateCabinetA

iphlpapi

GetAdaptersInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

PathRemoveFileSpecA
PathRenameExtensionA
SHDeleteValueA
StrStrIA
SHGetValueA
SHSetValueA
PathFileExistsA
PathAppendA
PathCombineA
StrTrimA
SHDeleteKeyA
PathFindFileNameA
PathIsDirectoryA

msimg32

TransparentBlt

psapi

EnumProcessModules
GetModuleFileNameExA

Sections

.text
Size: 464KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.KAO
Size: 569B - Virtual size: 569B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

68b8a22f69bd535ac8aba1f9fc42cd3a

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

setupapi

iphlpapi

version

shlwapi

msimg32

psapi

Sections

.text Size: 464KB - Virtual size: 461KB

.rdata Size: 108KB - Virtual size: 106KB

.data Size: 44KB - Virtual size: 51KB

.rsrc Size: 1.1MB - Virtual size: 1.1MB

.KAO Size: 569B - Virtual size: 569B

.text
Size: 464KB - Virtual size: 461KB

.rdata
Size: 108KB - Virtual size: 106KB

.data
Size: 44KB - Virtual size: 51KB

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

.KAO
Size: 569B - Virtual size: 569B