0584127bd87bfa885c967b33cfd4230c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0584127bd87bfa885c967b33cfd4230c_JaffaCakes118
Size

380KB
MD5

0584127bd87bfa885c967b33cfd4230c
SHA1

24e5eef0ae4ff00f1b01db7132b5ba088ef02eb1
SHA256

42c8f7aeeb3aeffd7e14f0244af444e29ccba90221cd61f76fac73faf547b798
SHA512

22dfb0088e61cb8ac96050f3f10858df0bf03576c180b2bf36ca1bbe2f9743238db61eaa0caa2703b172f6f22896799a047a5110ff94b25c8c60e419a617267b
SSDEEP

6144:Kd+sdUiFjrLtOH72SZwA0elSBMx4GY2aEHeVPg9kI5zFKDfHr0:Ko4UiHObhSBMeGYKyYGzHr0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0584127bd87bfa885c967b33cfd4230c_JaffaCakes118

Files

0584127bd87bfa885c967b33cfd4230c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

90e15ef36f34ef0fd19c8b739f0e0f4a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2514
ord6052
ord4078
ord4710
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord6571
ord5863
ord1168
ord4189
ord715
ord415
ord5620
ord1195
ord6199
ord3092
ord2860
ord6055
ord1776
ord4441
ord4424
ord818
ord567
ord1949
ord4275
ord1233
ord2379
ord6453
ord3573
ord3626
ord1641
ord2414
ord283
ord5787
ord5789
ord2864
ord5873
ord6172
ord755
ord470
ord536
ord939
ord4284
ord3797
ord3754
ord5981
ord6197
ord2152
ord6412
ord6129
ord6128
ord5768
ord3756
ord3752
ord613
ord289
ord6130
ord2652
ord1669
ord3495
ord5290
ord3742
ord5875
ord3873
ord1146
ord3803
ord1771
ord6366
ord2413
ord2024
ord4401
ord3639
ord692
ord6239
ord3317
ord4123
ord2859
ord3402
ord2411
ord2023
ord3582
ord996
ord616
ord5605
ord2642
ord4398
ord5280
ord3597
ord2737
ord6283
ord6282
ord2370
ord699
ord397
ord2289
ord2302
ord912
ord4188
ord2645
ord6215
ord5593
ord3938
ord2301
ord1768
ord4299
ord6880
ord3610
ord656
ord3874
ord6334
ord3903
ord2727
ord6467
ord2730
ord702
ord400
ord5572
ord2915
ord924
ord1175
ord5596
ord3441
ord941
ord3988
ord539
ord861
ord1567
ord879
ord882
ord268
ord2801
ord2740
ord4853
ord2763
ord1259
ord273
ord1835
ord915
ord926
ord4376
ord4998
ord5651
ord3127
ord3616
ord665
ord5442
ord353
ord2841
ord2448
ord5834
ord2044
ord2107
ord1799
ord4622
ord290
ord614
ord4226
ord2867
ord2817
ord2818
ord4003
ord4278
ord4809
ord5597
ord5607
ord2762
ord559
ord812
ord5862
ord2761
ord1081
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord3748
ord1726
ord5260
ord4432
ord772
ord500
ord4464
ord2639
ord2753
ord3986
ord6142
ord5606
ord5067
ord4635
ord4607
ord4716
ord4750
ord5016
ord4834
ord3615
ord3452
ord4055
ord4608
ord3499
ord4606
ord5751
ord4155
ord2990
ord3415
ord5024
ord3514
ord6344
ord5627
ord1003
ord3449
ord3787
ord3250
ord4697
ord3058
ord3065
ord6336
ord2510
ord5244
ord5577
ord3172
ord5653
ord4954
ord2401
ord4387
ord3454
ord3198
ord6081
ord6175
ord4623
ord4430
ord654
ord2064
ord2988
ord350
ord4287
ord542
ord802
ord5858
ord341
ord5860
ord640
ord1640
ord323
ord3701
ord773
ord501
ord3447
ord3196
ord5622
ord986
ord1253
ord342
ord1182
ord398
ord700
ord5594
ord6569
ord1083
ord4695
ord5939
ord2003
ord5730
ord2185
ord2184
ord3107
ord5616
ord988
ord3444
ord3193
ord4162
ord3353
ord6451
ord1262
ord4214
ord3619
ord5621
ord5159
ord2776
ord3994
ord819
ord5611
ord568
ord3089
ord1871
ord354
ord4277
ord6883
ord5710
ord541
ord860
ord801
ord4202
ord923
ord922
ord2729
ord4129
ord858
ord535
ord940
ord825
ord540
ord6383
ord5265
ord641
ord5450
ord5440
ord6394
ord5632
ord913
ord3439
ord2764
ord4083
ord5683
ord4160
ord5608
ord5861
ord1099
ord823
ord2614
ord4191
ord6143
ord1574
ord603
ord1969
ord800
ord3663
ord537

msvcrt

__CxxFrameHandler
_splitpath
_mbsdec
_mbscmp
_purecall
wcscpy
wcslen
_access
free
sprintf
malloc
_itoa
_mbsicmp
iscntrl
time
memmove
realloc
calloc
_mbspbrk
??1type_info@@UAE@XZ
_EH_prolog
qsort
_CxxThrowException
_ftol
_strdup
_errno
_mbctype
_mbsinc
_stat
atoi
_ismbslead
_mbsnbcmp
_wcsicmp
_initterm
_adjust_fdiv
__dllonexit
_onexit

devshl

ord1023
?classCMultiSlob@CMultiSlob@@2UCRuntimeClass@@B
ord3912
?classCSlobPage@CSlobPage@@2UCRuntimeClass@@B
ord434
ord96
ord3600
ord200
?classCSlob@CSlob@@2UCRuntimeClass@@A
ord5451
ord594
ord255
ord4937
ord1603
ord3005
ord3180
ord2211
ord5369
ord3275
ord3427
ord3525
ord1761
ord2637
ord77
ord2377
ord1416
ord5540
ord5693
ord106
?messageMap@C3dDialog@@1UAFX_MSGMAP@@B
ord3990
ord3791
ord1400
ord1689
ord39
ord1794
ord5536
ord2800
ord1694
ord99
ord1226
ord1832
ord3992
ord3793
ord1518
ord927
ord3677
ord4232
ord4673
ord2897
ord102
?messageMap@CDlgTab@@1UAFX_MSGMAP@@B
ord5359
ord5083
ord5455
ord5472
ord2851
ord5712
ord2856
ord5715
ord500
ord918
ord1323
ord4595
ord172
ord4589
ord5277
ord1463
ord531
ord2319
?classCPartView@CPartView@@2UCRuntimeClass@@B
ord2212
ord983
ord1164
ord119
ord1537
ord1887
ord1298
ord2344
ord2346
ord5449
ord2995
ord5598
ord2805
ord2844
ord2993
ord3011
ord2591
ord2546
ord2397
ord5350
ord5382
ord5404
ord5420
ord5333
ord5311
ord5269
ord1210
ord4912
ord958
ord4662
ord1207
ord4012
?classCDockablePartView@CDockablePartView@@2UCRuntimeClass@@B
?messageMap@CDockablePartView@@1UAFX_MSGMAP@@B
ord2975
ord2433
ord2435
ord2434
ord4997
ord3514
ord2036
ord4820
ord3928
ord4152
ord1240
ord2976
ord2234
ord5264
ord2393
ord1712
ord1719
ord1861
ord5500
ord3605
ord4337
ord1792
ord5477
ord3863
ord3628
ord4656
ord4689
ord441
ord105
ord1458
ord2074
ord1467
ord3991
ord3792
ord3675
ord4229
ord3772
ord379
ord42
?messageMap@C3dFileDialog@@1UAFX_MSGMAP@@B
ord1690
ord1184
ord5344
ord4017
?classCPartDoc@CPartDoc@@2UCRuntimeClass@@B
?messageMap@CPartDoc@@1UAFX_MSGMAP@@B
ord5267
ord2391
ord2767
ord2021
ord4588
ord3582
ord4330
ord3902
ord2992
ord1148
ord936
ord3081
ord5378
ord3378
ord3377
ord1244
ord3750
ord4238
ord4222
ord5168
ord559
ord5341
ord223
ord2048
ord3558
ord2424
ord5171
ord1283
ord1714
ord1902
ord3249
ord2607
ord1548
ord2612
ord1616
ord2772
ord3415
ord2401
ord2312
ord1123
ord5107
ord3172
ord3030
ord3458
ord2469
ord5607
ord2247
ord4686
ord2946
ord477
ord555
ord145
ord220
ord1080
ord2773
ord4015
?classCPartFrame@CPartFrame@@2UCRuntimeClass@@B
ord4846
ord221
ord4845
IsShellDefFileVersion
ord1601
ord1617
ord2385
ord1609
ord3042
ord2493
ord5634
ord3097
ord655
ord3007
ord5716
ord5533
ord429
ord90
ord2858
ord3851
ord3501
ord3321
ord1752
ord2296
?theClipboardSlob@@3VCClipboardSlob@@A
?classCPartTemplate@CPartTemplate@@2UCRuntimeClass@@B
ord2486
ord3579
ord1213
ord3218
ord225
ord561
ord5043
ord1563
ord1241
ord3137
ord2776
ord3846
ord1878
ord1177
ord1300
ord4613
ord2396
ord1284
ord1275
ord1262
ord400
ord5587
ord996
ord1126
ord1406
ord62
ord5526
ord5528
ord5525
ord469
ord1268
ord133
ord2040
ord5198
ord1622
ord1176
ord1667
ord1664
ord2235
ord2455
ord1381
?m_rgprd@CSlob@@2PAUPRD@@A
ord3212
ord4246
ord256
ord2693
ord3777
ord4692
ord1438
ord5447
ord925
ord436
ord5493
ord3551
ord2895
ord3612
ord3830
ord2781
ord2782
ord3227
ord4293
ord2952
ord5358
ord2245
ord5542
?g_pAutomationState@@3PAUIDsAutomationState@@A
ord3557
ord1469
ord3502
ord1435
ord2860
ord1464
ord1756
?theUndoSlob@@3VCUndoSlob@@A
ord5405
ord1202
ord3435
ord4571
ord169
?classCProjSlob@CProjSlob@@2UCRuntimeClass@@B
ord233
ord5170
ord568
ord498
ord1319
ord1317
ord1398
ord4669
ord3190
ord2320
ord1211
ord961
ord4913
ord5270
ord1264
ord4014
ord5422
ord5313
ord5334
ord2398
ord5383
ord5351
ord3012
ord2547
ord2592
ord2806
ord2994
ord2845
ord5599
ord2820
ord2819
ord1877
ord1555
ord1175
ord2345
ord2996
ord2347
ord2392
ord4671
ord4664
ord563
ord1613
ord1143
ord1575
ord5670
ord5604
ord5561

kernel32

lstrlenA
CreateFileA
FindResourceA
GetLastError
CreateEventA
FindClose
IsDBCSLeadByte
FindFirstFileA
lstrlenW
FindNextFileA
LoadLibraryA
FreeLibrary
GetProcAddress
GetTickCount
DisableThreadLibraryCalls
GetProfileIntA
MulDiv
SetProcessWorkingSetSize
lstrcpyA
DeleteFileA
GetCurrentProcess
CloseHandle

gdi32

CreatePatternBrush
ExtTextOutA
PatBlt
GetTextExtentPoint32A
DeleteObject
CreateBitmap
TextOutA
SetPixelV
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
GetTextMetricsA

user32

LoadIconA
OffsetRect
RedrawWindow
DeleteMenu
wsprintfA
GetMenuStringA
GetMenuItemCount
RegisterWindowMessageA
InsertMenuA
IsWindowVisible
GetWindowLongA
GetTopWindow
GetParent
SetFocus
ShowScrollBar
InflateRect
IsIconic
SetForegroundWindow
DispatchMessageA
SendMessageA
TranslateMessage
WindowFromPoint
GetWindowRect
KillTimer
PtInRect
SetWindowLongA
ScreenToClient
SetTimer
IsChild
GetCursorPos
GetActiveWindow
GetCapture
ClientToScreen
SetCapture
GetClientRect
ReleaseCapture
GetKeyState
GetSysColor
InvalidateRect
GetFocus
FrameRect
FillRect
UpdateWindow
LoadCursorA
DrawFocusRect
EnableWindow
MessageBeep
GetSystemMetrics
BringWindowToTop

advapi32

RegOpenKeyExA
RegCloseKey
GetUserNameA
RegQueryValueExA

ole32

CoTaskMemFree
RegisterDragDrop
RevokeDragDrop
DoDragDrop
CoTaskMemAlloc

Exports

Exports

ExitPackage
InitPackage

Sections

.text
Size: 276KB - Virtual size: 272KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90e15ef36f34ef0fd19c8b739f0e0f4a

Headers

File Characteristics

Imports

mfc42

msvcrt

devshl

kernel32

gdi32

user32

advapi32

ole32

Exports

Exports

Sections

.text Size: 276KB - Virtual size: 272KB

.data Size: 12KB - Virtual size: 8KB

.rsrc Size: 60KB - Virtual size: 56KB

.reloc Size: 24KB - Virtual size: 21KB

.text
Size: 276KB - Virtual size: 272KB

.data
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 60KB - Virtual size: 56KB

.reloc
Size: 24KB - Virtual size: 21KB