099aa8badc5c416b6938e6c13981102b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

099aa8badc5c416b6938e6c13981102b_JaffaCakes118
Size

1.1MB
MD5

099aa8badc5c416b6938e6c13981102b
SHA1

80f61f7791d98fc1b195ffdbefe0a5ce3865b45a
SHA256

c8484fe8072083219cec074c41364e207860175be7c3f59d1299f53c53b6d921
SHA512

93cb2b2d88fb38e4c9a44f220a9f4f595382b8e6069e15b17f3bc428949f261e25a046fb6b1e6d3c106a39b21147e5b892b7f0ddefaa16cda986b30ce84987d5
SSDEEP

24576:kn4DtzFumGIz9sg2ywDnxzj76CnNj2zQMKSe1HjJli:knsLsg2yQxzj76ix2kMWV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
099aa8badc5c416b6938e6c13981102b_JaffaCakes118

Files

099aa8badc5c416b6938e6c13981102b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ddfdbc35e4bf324dc018cfc08c438f5a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

s5cred

S5CCSet
S5CCDelete
S5CCClose
S5CCGet
S5CCDialog2
S5CCDialog
S5CC_EnumIds
S5CCOpen
S5CC_Init
S5CC_Exit

s5impl

S5RpcClose
WSPSetSocksify
S5IOSend
S5IORecv
S5RpcCommand
S5RpcOpen
S5RpcInit
S5RpcCleanup

ws2_32

WSAStartup
closesocket
WSACleanup
inet_ntoa
socket
ntohs
ntohl
inet_addr
bind
htonl
setsockopt
htons
gethostname
gethostbyname
getsockname
select
__WSAFDIsSet
recvfrom
sendto
WSAGetLastError

winmm

timeGetTime

mfc42

ord5160
ord4976
ord1008
ord5162
ord690
ord2393
ord798
ord1997
ord6407
ord1988
ord532
ord5808
ord1075
ord5204
ord3229
ord2638
ord1228
ord3610
ord656
ord2370
ord3499
ord5356
ord809
ord4275
ord1087
ord3092
ord2122
ord2078
ord6880
ord6453
ord3663
ord2614
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord6215
ord2379
ord926
ord924
ord939
ord6334
ord556
ord2358
ord4277
ord4129
ord2763
ord5440
ord6383
ord5450
ord6394
ord2567
ord2859
ord5053
ord5875
ord2754
ord3571
ord3626
ord755
ord640
ord2414
ord2405
ord5785
ord1641
ord1640
ord2971
ord323
ord470
ord4673
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord940
ord4358
ord2621
ord1134
ord5214
ord6375
ord2725
ord2652
ord1669
ord1168
ord1690
ord2054
ord4431
ord3700
ord1146
ord497
ord5849
ord2881
ord4259
ord2863
ord6197
ord6380
ord4715
ord5056
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord5288
ord4439
ord801
ord6883
ord6222
ord6223
ord541
ord818
ord1908
ord6176
ord3699
ord1175
ord5710
ord3638
ord389
ord1832
ord5651
ord3126
ord350
ord5683
ord922
ord2645
ord923
ord3874
ord2764
ord4202
ord5861
ord536
ord4278
ord859
ord6143
ord296
ord617
ord4402
ord3640
ord693
ord4243
ord3797
ord4284
ord3439
ord913
ord398
ord4189
ord5951
ord5953
ord3317
ord5594
ord3095
ord3097
ord6781
ord5608
ord5632
ord6467
ord3742
ord1768
ord2152
ord1233
ord3619
ord1871
ord3692
ord6157
ord5791
ord816
ord562
ord3475
ord5637
ord860
ord6028
ord4258
ord768
ord2642
ord489
ord4396
ord609
ord3574
ord5287
ord2575
ord4835
ord4948
ord4854
ord4377
ord5161
ord4742
ord4905
ord4376
ord1907
ord823
ord2515
ord4853
ord355
ord4710
ord3452
ord2864
ord2862
ord6199
ord2097
ord537
ord3996
ord2558
ord1200
ord2915
ord5572
ord535
ord3301
ord858
ord3998
ord2818
ord941
ord5981
ord6907
ord6905
ord800
ord4234
ord2302
ord567
ord825
ord324
ord641
ord384
ord540
ord3721
ord795
ord686
ord771
ord2528
ord4627
ord5781
ord472
ord5633
ord914
ord5934
ord5782
ord932
ord3662
ord5821
ord4123
ord3138
ord6282
ord1158
ord5768
ord3706
ord2089
ord3021
ord5852
ord2107
ord2841
ord1650
ord1574
ord1099
ord1572
ord2581
ord4219
ord3639
ord1847
ord283
ord5787
ord1802
ord559
ord5862
ord812
ord6283
ord3767
ord3486
ord6200
ord6136
ord3763
ord3771
ord5937
ord6070
ord6134
ord2111
ord781
ord3708
ord1916
ord6242
ord4401
ord3803
ord4080
ord1083
ord3079
ord3825
ord3831
ord3830
ord6172
ord5859
ord5890
ord4758
ord3440
ord2937
ord501
ord4225
ord692
ord4734
ord4397
ord2576
ord2079
ord2024
ord2413
ord4217
ord4424
ord909
ord1771
ord4644
ord6366
ord836
ord3810
ord1797
ord1232
ord6376
ord5856
ord3876
ord6605
ord1117
ord482
ord3067
ord2535
ord2537
ord3761
ord2919
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord5265
ord6170
ord920
ord5605
ord3993
ord3055
ord3870
ord6195
ord701
ord832
ord2452
ord845
ord4480
ord919
ord928
ord2065
ord6086
ord4190
ord1576
ord415
ord654
ord3982
ord6140
ord2090
ord6139
ord357
ord5641
ord1872
ord3481
ord996
ord5620
ord1150
ord936
ord5863
ord5216
ord869
ord5989
ord4299
ord273
ord1969
ord1861
ord6403
ord3983
ord603
ord5829
ord3436
ord3980
ord925
ord2813
ord5933
ord2814
ord3880
ord3425
ord3054
ord3227
ord3408
ord3758
ord269
ord826
ord600
ord1578
ord1243
ord1176
ord613
ord4023
ord289
ord1567
ord268
ord4040
ord3495
ord3435
ord4083
ord1945
ord1081
ord5789
ord3573
ord3693
ord998
ord5621
ord2860
ord6329
ord1264
ord5600
ord2714
ord4330
ord4133
ord4297
ord5788
ord3939
ord3337
ord2820
ord5873
ord5681
ord1842
ord3522
ord2890
ord4185
ord1266
ord1271
ord6141
ord414
ord1199
ord6129
ord6130
ord6128
ord3752
ord3754
ord3756
ord772
ord5606
ord5860
ord500
ord5769
ord4204
ord5858
ord2740
ord610
ord341
ord3984

msvcrt

_ismbcdigit
_stricmp
??0exception@@QAE@ABQBD@Z
strcat
calloc
_ismbcalpha
isdigit
_mbsinc
strtod
log10
fmod
floor
pow
fabs
sqrt
cos
sin
modf
_mbsninc
_mbscspn
_mbsnbcmp
_ismbcalnum
_ismbcprint
_mbctolower
_mbctoupper
_mbstok
sscanf
_mbsrchr
_mbsnset
_strdup
memchr
_getpid
_itoa
_unlink
__CxxFrameHandler
_setmbcp
?terminate@@YAXXZ
_CxxThrowException
_splitpath
??0exception@@QAE@ABV0@@Z
isspace
memmove
strncpy
??1exception@@UAE@XZ
time
atoi
_errno
_beginthreadex
free
_except_handler3
malloc
sprintf
strtok
mktime
localtime
isalpha
strchr
toupper
qsort
_pctype
__mb_cur_max
_isctype
_purecall
fclose
fprintf
fopen
tolower
realloc
fread
strncmp
_vsnprintf
ftell
_iob
fflush
rename
fseek
getenv
_stat
strftime
vfprintf
_EH_prolog
??1type_info@@UAE@XZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
localeconv
memset
strcpy
abs
memcmp
_mbslen
_mbsstr
_mbsspnp
_mbscoll
_mbsicoll
atol
_mbsdec
_mbschr
_mbclen
strlen
strcmp
_mbctype
_mbsicmp
_mbsnbicmp
memcpy
atof
_mbsnbcpy
_ftol
_mbscmp
bsearch
__RTDynamicCast

kernel32

lstrlenW
GetVersion
CreateFileA
DeleteFileA
CloseHandle
GetTempPathA
SetEndOfFile
GetTempFileNameA
CreateProcessA
GetLastError
LoadResource
FindResourceA
LockResource
SetEvent
WriteFile
CreateEventA
SetFilePointer
GetSystemDirectoryA
ReadFile
FindClose
FindFirstFileA
lstrlenA
SetLastError
Sleep
MultiByteToWideChar
InterlockedIncrement
InterlockedDecrement
GetTickCount
GetModuleFileNameA
VirtualQuery
InterlockedExchange
CreateMutexA
ReleaseMutex
OpenMutexA
FreeLibrary
LocalFree
WaitForSingleObject
FormatMessageA
GetCurrentThreadId
LocalAlloc
SetFileAttributesA
LoadLibraryA
LoadLibraryExA
GetModuleHandleA
GetProcAddress
GetSystemTime
GetStartupInfoA
lstrcpyA
GlobalReAlloc
GetUserDefaultLCID
GlobalFree
WritePrivateProfileStringA
GetThreadLocale
GetLocaleInfoA
GlobalSize
GetPrivateProfileStringA
GlobalAlloc
GlobalLock
SizeofResource
MulDiv
GlobalUnlock

user32

GetMenuStringA
GetOpenClipboardWindow
UnregisterClassA
SetRect
DestroyCursor
ValidateRect
IsZoomed
DrawTextA
AdjustWindowRectEx
EnableWindow
RegisterWindowMessageA
LoadIconA
SendMessageA
GetDialogBaseUnits
LoadImageA
LoadCursorA
SetCursor
RedrawWindow
UpdateWindow
GetNextDlgGroupItem
DrawFocusRect
DispatchMessageA
PeekMessageA
MsgWaitForMultipleObjects
LoadMenuA
GetSubMenu
PostMessageA
IsIconic
GetSystemMetrics
DrawIcon
GetSystemMenu
AppendMenuA
ShowWindow
SetForegroundWindow
MapWindowPoints
DrawStateA
CopyRect
GetCursorPos
PtInRect
GetDC
ReleaseDC
InvalidateRect
GetSysColor
KillTimer
SetTimer
ShowScrollBar
GetWindowRect
OffsetRect
IsRectEmpty
SetFocus
IsWindowVisible
IsWindow
IsChild
GetFocus
GetCapture
GetKeyState
ReleaseCapture
SetWindowPos
EmptyClipboard
SetCapture
GetClientRect
SetActiveWindow
IntersectRect
FillRect
InvertRect
MessageBeep
GetClassInfoA
RegisterClassA
CallWindowProcA
SetWindowLongA
SystemParametersInfoA
GetDlgCtrlID
GetParent
wsprintfA
CloseClipboard
SetClipboardData
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CharLowerA
DrawEdge
DefWindowProcA
RegisterClipboardFormatA
SetRectEmpty
LoadBitmapA
EqualRect
GetDCEx
GetTopWindow
ScreenToClient
PostQuitMessage
HideCaret
ShowCaret
InflateRect
GetDesktopWindow
GetWindow
GetClassNameA
SubtractRect
TranslateMessage
EnableScrollBar
CreateWindowExA
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
ClientToScreen
FrameRect
CreatePopupMenu
SetCaretPos
CreateCaret
DestroyCaret

gdi32

GetViewportExtEx
EnumFontFamiliesExA
EnumFontFamiliesA
DeleteDC
SetBrushOrgEx
ExtCreatePen
CreatePenIndirect
DPtoLP
StretchDIBits
GetBkColor
GetTextExtentPoint32A
SelectObject
GetTextColor
CreateICA
GetWindowExtEx
Ellipse
FrameRgn
FillRgn
CreatePolygonRgn
CreatePen
Rectangle
PatBlt
CreateRectRgn
SetPixel
Polygon
GetTextExtentPointA
RectVisible
CreateBitmap
GetTextMetricsA
CreateFontIndirectA
GetDIBColorTable
CreatePalette
CreateHalftonePalette
RealizePalette
StretchBlt
DeleteObject
CreateSolidBrush
GetStockObject
GetObjectA
CreateBrushIndirect
SetTextColor
SetBkColor
ExtTextOutA
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
SetViewportExtEx
SetWindowExtEx
SetMapMode
GetDeviceCaps

advapi32

RegEnumKeyA
RegQueryValueExA
RegCloseKey
RegEnumValueA
OpenSCManagerA
RegisterEventSourceA
RegEnumKeyExA
DeregisterEventSource
RegOpenKeyA
RegSetValueExA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
InitializeSecurityDescriptor
ReportEventA
CloseServiceHandle
EnumServicesStatusA
OpenServiceA
QueryServiceConfigA
SetSecurityDescriptorDacl

shell32

DragQueryFileA
ShellExecuteA
Shell_NotifyIconA
DragFinish
SHGetFileInfoA
ExtractIconA

comctl32

ImageList_ReplaceIcon
ImageList_GetIcon
ImageList_Draw
ImageList_GetIconSize

msvcp60

??0logic_error@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?_Xlen@std@@YAXXZ
??_7out_of_range@std@@6B@
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Xran@std@@YAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1out_of_range@std@@UAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

ole32

CoUninitialize
CoInitialize
CoCreateInstance
CreateILockBytesOnHGlobal
CreateStreamOnHGlobal
OleConvertIStorageToOLESTREAM
StgCreateDocfileOnILockBytes
ProgIDFromCLSID
CLSIDFromProgID
OleSave
OleCreateFromData
OleGetClipboard
OleSetClipboard
OleConvertOLESTREAMToIStorage
OleFlushClipboard

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

oledlg

ord3

oleaut32

SafeArrayAccessData
VarR8FromStr
SafeArrayDestroy
VariantClear
SafeArrayUnaccessData
SafeArrayCreate

Sections

.text
Size: 764KB - Virtual size: 760KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddfdbc35e4bf324dc018cfc08c438f5a

Headers

File Characteristics

Imports

s5cred

s5impl

ws2_32

winmm

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

msvcp60

ole32

version

oledlg

oleaut32

Sections

.text Size: 764KB - Virtual size: 760KB

.rdata Size: 164KB - Virtual size: 160KB

.data Size: 28KB - Virtual size: 59KB

shared Size: 4KB - Virtual size: 8B

.rsrc Size: 172KB - Virtual size: 168KB

.text
Size: 764KB - Virtual size: 760KB

.rdata
Size: 164KB - Virtual size: 160KB

.data
Size: 28KB - Virtual size: 59KB

shared
Size: 4KB - Virtual size: 8B

.rsrc
Size: 172KB - Virtual size: 168KB