f365d79ef836617ca8677659fe915f2e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f365d79ef836617ca8677659fe915f2e_JaffaCakes118
Size

440KB
MD5

f365d79ef836617ca8677659fe915f2e
SHA1

b6c8c0fcca5a1a8c5dc1bff2f2c6056d4516ab2b
SHA256

e9567ca356c2948e1af2690ef71c34ce14f79f09a58dfd33f348f23cff5ed90e
SHA512

91358a6b937a92fd5fd0683356da7bfc62ec5e7176505d05e3b43f54b3d66274fd2ac54d28e76474aa5aa9621b32dcb5ae1718984e8052f9a1e569b85b4fa3b3
SSDEEP

6144:aiFk+83HJqCJ96fj6FRKBiw4puRQhxuGe8hTT2FzqMfzg:+kCJ946s8YRQhVl0qMr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f365d79ef836617ca8677659fe915f2e_JaffaCakes118

Files

f365d79ef836617ca8677659fe915f2e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

11608fb425e63020f489ed7c6bfb16a0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

htons
ntohl
htonl

shlwapi

PathParseIconLocationW
PathRemoveFileSpecW
PathIsRelativeW
PathFileExistsW
PathAppendW
PathCombineW
SHGetValueW

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
wcsncat
_snwprintf
wcstok
memmove
_waccess
atof
_vsnwprintf
_purecall
??1type_info@@UAE@XZ
__dllonexit
_onexit
_controlfp
wcscat
wcsstr
wcscpy
_itow
malloc
wcsncpy
__p___argc
__p___wargv
wcslen
_wtoi
wcstol
realloc
free
_wcsicmp
sprintf
time
srand
rand
swscanf
??2@YAPAXI@Z
wcscmp
_wunlink
??3@YAXPAX@Z
__CxxFrameHandler
_wsplitpath

mfc42u

ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4621
ord4419
ord3592
ord641
ord800
ord1143
ord1165
ord860
ord861
ord858
ord540
ord324
ord2294
ord2293
ord2362
ord4229
ord6330
ord1761
ord4704
ord2371
ord755
ord470
ord4847
ord4370
ord6195
ord4155
ord6193
ord3087
ord2820
ord535
ord6237
ord795
ord693
ord609
ord2574
ord4396
ord3365
ord3635
ord2567
ord4390
ord3569
ord6051
ord1768
ord5286
ord3397
ord4418
ord3716
ord567
ord3281
ord6879
ord6667
ord3991
ord2634
ord6896
ord6898
ord3993
ord3084
ord4470
ord2385
ord5714
ord3792
ord1560
ord5228
ord2139
ord2859
ord1177
ord268
ord1561
ord5264
ord6868
ord537
ord690
ord6279
ord6278
ord4124
ord5679
ord389
ord940
ord5568
ord2910
ord4197
ord922
ord925
ord2810
ord942
ord665
ord5803
ord1971
ord6381
ord5180
ord354
ord4272
ord2756
ord5349
ord5352
ord5804
ord3257
ord5198
ord3224
ord1225
ord538
ord1105
ord927
ord3313
ord4273
ord6655
ord5706
ord3658
ord5438
ord5446
ord6390
ord1594
ord2755
ord6920
ord6918
ord353
ord6654
ord1921
ord4270
ord3614
ord3621
ord2406
ord5871
ord1634
ord2855
ord3871
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord3396
ord4616
ord3733
ord561
ord815
ord2078
ord1226
ord6640
ord2613
ord6433
ord1131
ord3948
ord2717
ord1220
ord1203
ord1202
ord5436
ord6379
ord4016
ord4015
ord1258
ord2225
ord283
ord3131
ord5785
ord5783
ord5869
ord6168
ord5732
ord3568
ord809
ord556
ord1088
ord2114
ord2746
ord2854
ord6871
ord6597
ord1791
ord3348
ord290
ord614
ord3998
ord2721
ord6466
ord2719
ord2722
ord654
ord772
ord610
ord801
ord341
ord500
ord287
ord541
ord4221
ord5599
ord5602
ord5598
ord5604
ord5854
ord5856
ord5853
ord6874
ord3253
ord539
ord6136
ord6138
ord6135
ord6139
ord5427
ord3343
ord4345
ord2984
ord3574
ord2617
ord297
ord619
ord2025
ord1196
ord2606
ord5852
ord941
ord2983
ord668
ord3176
ord3180
ord4053
ord2773
ord2762
ord356
ord3785
ord2836
ord2099
ord640
ord2442
ord1633
ord323
ord3566
ord5781
ord6921
ord536
ord3173
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord5261
ord912
ord4183
ord699
ord397
ord1569
ord1075
ord5674

kernel32

SizeofResource
InterlockedExchange
GetSystemTime
LoadLibraryExW
ExpandEnvironmentStringsW
lstrcpynW
WinExec
CreateDirectoryW
InterlockedDecrement
InterlockedIncrement
CloseHandle
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
VirtualQueryEx
GetDriveTypeW
GetShortPathNameW
IsBadWritePtr
CopyFileW
OpenFile
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
GetCurrentThreadId
LoadLibraryA
OpenProcess
TerminateProcess
WaitForSingleObject
GetWindowsDirectoryW
LoadLibraryW
FreeLibrary
GetModuleFileNameW
DeleteFileW
FindFirstFileW
FindClose
GetVersionExW
lstrlenW
WideCharToMultiByte
WritePrivateProfileStringW
lstrlenA
MultiByteToWideChar
GetTempPathW
GetPrivateProfileStringW
FindResourceW
LoadResource
LockResource
GetPrivateProfileSectionW
WritePrivateProfileSectionW

user32

CopyIcon
LoadCursorW
GetDesktopWindow
GetWindowThreadProcessId
LookupIconIdFromDirectory
FindWindowW
LoadImageW
MessageBoxW
PostQuitMessage
GetSysColor
FillRect
RedrawWindow
RegisterWindowMessageW
SetWindowLongW
IsWindow
InflateRect
ReleaseDC
GetDC
GetParent
SetCursor
GetMessagePos
ScreenToClient
PtInRect
KillTimer
MessageBeep
SystemParametersInfoW
LoadIconW
SendMessageW
SetForegroundWindow
DestroyIcon
CreateIconFromResource
InvalidateRect
SetTimer
DestroyCursor
IsWindowEnabled
GetActiveWindow
SetActiveWindow
GetDlgItem
SetWindowTextW
EnableWindow
GetWindowRect
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon

gdi32

GetTextExtentPoint32W
SetPixel
GetPixel
CreateCompatibleBitmap
BitBlt
CreateBitmap
CreateCompatibleDC
GetStockObject
CreateFontIndirectW
GetObjectW

advapi32

RegOpenKeyExW
RegOpenKeyW
RegEnumValueW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegOpenKeyExA
RegQueryValueExW
RegCloseKey
RegQueryValueExA

shell32

ExtractIconW
SHGetSpecialFolderPathW
SHChangeNotify
SHGetMalloc
ShellExecuteW
SHGetDesktopFolder

ole32

CoLoadLibrary
CoTaskMemAlloc
StgOpenStorage
StgCreateDocfile
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CoRevokeClassObject

oleaut32

SysStringLen
SysFreeString
SysStringByteLen
SysAllocString
VariantClear
SysAllocStringLen

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 280KB - Virtual size: 278KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

11608fb425e63020f489ed7c6bfb16a0

Headers

File Characteristics

Imports

ws2_32

shlwapi

msvcrt

mfc42u

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp60

version

Sections

.text Size: 280KB - Virtual size: 278KB

.rdata Size: 68KB - Virtual size: 66KB

.data Size: 16KB - Virtual size: 14KB

.rsrc Size: 60KB - Virtual size: 58KB

.text Size: 12KB - Virtual size: 9KB

.text
Size: 280KB - Virtual size: 278KB

.rdata
Size: 68KB - Virtual size: 66KB

.data
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 60KB - Virtual size: 58KB

.text
Size: 12KB - Virtual size: 9KB