b5cb29242abdfcba7bb2e61049e4493d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b5cb29242abdfcba7bb2e61049e4493d_JaffaCakes118
Size

444KB
MD5

b5cb29242abdfcba7bb2e61049e4493d
SHA1

97a7fb02f5d23b78f230dc2e1aaa723d91e2a100
SHA256

af86d91f102295f0582e44dd8777bc853e2aa86b2b3f46dd371b19dea16250b8
SHA512

812cdf96e81aa303cfd743a7c7b261f224454810975b45a8f85d7ce2164e80411f55cc09414177f51021b53555dbb670bf0497fcef79f79b0223b5ab89803daa
SSDEEP

12288:J4E7HQaOe3lCxSmHqm1N407aZo1RWdR5w+GAr:J4E7HQaOe1CxSmHqm1N40OZc0dR5br

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b5cb29242abdfcba7bb2e61049e4493d_JaffaCakes118

Files

b5cb29242abdfcba7bb2e61049e4493d_JaffaCakes118
.exe windows:5 windows x86 arch:x86

6ff59ee6d83940f290b0dff0bbfa5542

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc100

ord4724
ord2163
ord11420
ord11421
ord13301
ord7073
ord13299
ord8486
ord3676
ord3618
ord11806
ord7091
ord1732
ord14075
ord10922
ord13181
ord11413
ord7144
ord13767
ord13483
ord13480
ord13485
ord13482
ord13484
ord11726
ord7510
ord13481
ord3409
ord5238
ord11172
ord11180
ord4078
ord7355
ord7584
ord3620
ord265
ord7141
ord5803
ord9449
ord11184
ord11153
ord11787
ord5098
ord9281
ord6112
ord6835
ord9399
ord6836
ord5534
ord12535
ord2881
ord2878
ord7349
ord2417
ord14059
ord14061
ord14060
ord14058
ord8305
ord11107
ord14062
ord14045
ord13972
ord13973
ord8235
ord11025
ord3395
ord10883
ord13294
ord8070
ord2088
ord1929
ord316
ord4341
ord4340
ord3390
ord1292
ord895
ord2416
ord1242
ord6584
ord10071
ord1448
ord901
ord5207
ord310
ord2626
ord305
ord5242
ord13045
ord3839
ord1313
ord6270
ord1288
ord888
ord946
ord1294
ord1900
ord381
ord12704
ord12702
ord12868
ord2824
ord1951
ord12962
ord4785
ord9475
ord10030
ord1210
ord788
ord11154
ord6217
ord9994
ord8351
ord2847
ord12644
ord11190
ord11188
ord1496
ord1503
ord1509
ord1507
ord1514
ord4373
ord4410
ord4381
ord4393
ord4389
ord4385
ord4415
ord4406
ord4377
ord4419
ord4398
ord4364
ord4368
ord4401
ord3991
ord13980
ord3984
ord2661
ord13302
ord7074
ord13300
ord6128
ord10672
ord12482
ord5253
ord2338
ord11060
ord3484
ord2945
ord2944
ord2846
ord11103
ord4622
ord12531
ord4903
ord5095
ord8439
ord4881
ord5123
ord4625
ord4774
ord4606
ord5444
ord6897
ord6898
ord6888
ord4772
ord7357
ord9286
ord8304
ord5532
ord2752
ord2973
ord2974
ord10360
ord10007
ord8137
ord11067
ord6678
ord266
ord6073

msvcr100

__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
_vsnwprintf
__FrameUnwindFilter
__CxxUnregisterExceptionObject
_controlfp_s
_invoke_watson
_except_handler4_common
_onexit
_lock
__dllonexit
_CxxThrowException
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
??0exception@std@@QAE@ABQBD@Z
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
??1exception@std@@UAE@XZ
ceil
memmove
_time64
_setmbcp
_unlock
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
__argv
exit
wcstombs
setlocale
atoi
malloc
rand
srand
__CxxFrameHandler3
_CIasin
_CIsin
__getmainargs
_CIsqrt
floor
memset
??3@YAXPAX@Z
_amsg_exit
_CIlog

kernel32

lstrcpyA
LocalAlloc
GetConsoleTitleA
GetProcAddress
GetModuleHandleA
LocalFree
GetModuleFileNameW
GetCurrentProcess
GetEnvironmentStrings
lstrlenA
GetWindowsDirectoryA
Sleep
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetTickCount
WaitForSingleObject
GlobalAlloc
CreateEventA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringA
GlobalUnlock
GlobalFree
GlobalLock
lstrcmpiA
GetProfileStringA
VirtualAlloc
QueryPerformanceCounter
DecodePointer
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
EncodePointer
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
GetLastError

user32

FillRect
OpenClipboard
GetWindow
LoadCursorA
SetCursor
BeginPaint
LoadImageA
GetKeyState
GetMenu
GetForegroundWindow
DrawIcon
IsIconic
LoadIconW
GetSystemMetrics
EmptyClipboard
GetMenuItemCount
LoadBitmapA
GetDlgItemTextA
CheckDlgButton
EndDialog
SetWindowTextA
EnableWindow
IsDlgButtonChecked
SendDlgItemMessageA
SetDlgItemInt
SetClipboardData
GetKeyboardLayout
GetActiveWindow
SetCursorPos
ChildWindowFromPoint
ScreenToClient
GetWindowThreadProcessId
IsWindowVisible
GetTopWindow
MessageBoxW
SetFocus
SetForegroundWindow
GetWindowTextA
SetWindowLongA
GetWindowLongA
SetWindowContextHelpId
DispatchMessageA
GetWindowDC
CreateWindowExA
GetCursorPos
DialogBoxIndirectParamA
DestroyIcon
GetSysColor
LoadIconA
GetDlgItem
SystemParametersInfoA
RedrawWindow
GetDesktopWindow
UpdateWindow
ShowWindow
SetWindowPos
GetWindowRect
FindWindowA
GetClientRect
GetDC
SetTimer
CloseClipboard
LoadMenuA
SendMessageA
ReleaseDC
InvalidateRect
PeekMessageA

gdi32

SetPixelV
CreateBitmap
DeleteDC
GetObjectA
StretchBlt
GetPixel
CreateSolidBrush
DeleteObject
GetTextExtentExPointA
GetViewportOrgEx
EnumFontsA
GetStockObject
SwapBuffers
ExcludeClipRect
SetWindowOrgEx
CreateCompatibleBitmap
SetTextJustification
SelectObject
BitBlt
GetDIBits
GetCurrentObject
CreateCompatibleDC

msimg32

TransparentBlt

comdlg32

CommDlgExtendedError

winspool.drv

ord201
EnumPrintersA

advapi32

SetSecurityDescriptorDacl
CryptEnumProviderTypesA
InitializeSecurityDescriptor
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHGetFileInfoA
SHBrowseForFolderA
SHAppBarMessage

comctl32

InitCommonControlsEx
ord17
ImageList_Create
ImageList_ReplaceIcon

shlwapi

StrStrW
PathFindFileNameA

ole32

RegisterDragDrop
CoCreateInstance
CoInitialize
CoCreateGuid
StringFromGUID2

oleaut32

VariantClear
VariantInit
VarI4FromStr

ws2_32

WSAGetLastError

psapi

GetModuleBaseNameW

avifil32

AVIStreamStart

odbc32

ord41
ord9

winmm

sndPlaySoundA
mmioSeek

pdh

PdhAddCounterW

opengl32

wglGetCurrentDC
glFlush
glEnd
glColor3f
glBegin
glDisable
glClear
glLoadIdentity
glMatrixMode
glViewport
glVertex2f

glu32

gluOrtho2D

imm32

ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmSetConversionStatus
ImmGetConversionStatus
ImmGetContext

uxtheme

OpenThemeData

ntdsapi

DsReplicaGetInfoW
DsGetRdnW

tapi32

lineGetLineDevStatus

quartz

AMGetErrorTextW

msvcp100

?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
??1_Container_base12@std@@QAE@XZ

iphlpapi

GetNetworkParams

gdiplus

GdipCreatePen1
GdipDeletePen
GdipCreateStringFormat
GdipDeleteStringFormat
GdipCreatePath
GdipDeletePath
GdipCreateFontFamilyFromName
GdipDeleteFontFamily
GdipAddPathString
GdiplusStartup

wtsapi32

WTSEnumerateProcessesA

mscoree

_CorExeMain

Sections

.text
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ff59ee6d83940f290b0dff0bbfa5542

Headers

DLL Characteristics

File Characteristics

Imports

mfc100

msvcr100

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

ole32

oleaut32

ws2_32

psapi

avifil32

odbc32

winmm

pdh

opengl32

glu32

imm32

uxtheme

ntdsapi

tapi32

quartz

msvcp100

iphlpapi

gdiplus

wtsapi32

mscoree

Sections

.text Size: 50KB - Virtual size: 49KB

.rdata Size: 127KB - Virtual size: 127KB

.data Size: 2KB - Virtual size: 32KB

.rsrc Size: 257KB - Virtual size: 257KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 50KB - Virtual size: 49KB

.rdata
Size: 127KB - Virtual size: 127KB

.data
Size: 2KB - Virtual size: 32KB

.rsrc
Size: 257KB - Virtual size: 257KB

.reloc
Size: 5KB - Virtual size: 5KB