0a30e57e7f5a8f049a225824744bbcc7_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0a30e57e7f5a8f049a225824744bbcc7_JaffaCakes118
Size

97KB
MD5

0a30e57e7f5a8f049a225824744bbcc7
SHA1

15101ae2d760023e103d70fd678aee59bd6a3474
SHA256

ffe0c83e4dc9c824943db23bdac2e2776d0a6b34837544f40e1b50985c055564
SHA512

2c414153ad4bde0a4543fa5cb8ed5c7b1e03c270bb9825026e12232b4050a4c0ec77925078f370ee56b0db3edae66758683735220233ec740b5a9b22ad0aa003
SSDEEP

1536:cgAacetMW7skEiwywvKuHDeO3M4+ZcgJbCQNx95GeOfezjx:bht/OKwSsCO3M4qR8eOfijx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0a30e57e7f5a8f049a225824744bbcc7_JaffaCakes118

Files

0a30e57e7f5a8f049a225824744bbcc7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

f5ad97dfeb5e4ec8ae6349002671b5e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\bld_area\os_r2.9.2\src\bin\bin.iru\InstWrap.pdb

Imports

kernel32

WaitForSingleObject
InterlockedIncrement
InterlockedDecrement
lstrlenA
GetModuleFileNameW
EnterCriticalSection
DeleteCriticalSection
LeaveCriticalSection
FreeLibrary
LoadLibraryExW
InitializeCriticalSection
RaiseException
lstrcmpiW
GetModuleHandleW
GetExitCodeProcess
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoW
InterlockedCompareExchange
Sleep
CreateMutexW
CloseHandle
MultiByteToWideChar
LockResource
GetLastError
GetFileAttributesW
GetLocaleInfoW
FindResourceExW
SizeofResource
WideCharToMultiByte
GetSystemDefaultLangID
LoadResource
GetTempPathW
lstrlenW
GetCurrentThreadId
FindResourceW
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP

user32

CharNextW
PostMessageW
SetActiveWindow
IsIconic
SetForegroundWindow
UnregisterClassA
GetWindowPlacement
LoadImageW
GetSystemMetrics
SendMessageW
DestroyWindow
FindWindowW
SetWindowPlacement

advapi32

RegQueryInfoKeyW
RegDeleteValueW
RegisterTraceGuidsW
GetTraceEnableFlags
UnregisterTraceGuids
GetTraceEnableLevel
RegDeleteKeyW
GetTraceLoggerHandle
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
TraceMessage
RegSetValueExW

shell32

ShellExecuteExW

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarUI4FromStr

shlwapi

UrlEscapeA

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

ccl80u

ord2729
ord2730
ord2732
ord1448
ord2767
ord2768
ord2402
ord1647
ord1648
ord1651
ord1198
ord3030
ord1654
ord1658
ord1660
ord1662
ord1664
ord1668
ord1671
ord1951
ord1926
ord1928
ord1193
ord3029
ord3023
ord3022
ord3020
ord3017
ord3016
ord3015
ord2387
ord2796
ord2794
ord2779
ord1653
ord2782
ord1190
ord2508
ord1657
ord2458
ord2665
ord1441
ord1440
ord1957
ord3410
ord1938
ord1538
ord614
ord158
ord157
ord1652
ord1191

msvcr80

_controlfp_s
_CxxThrowException
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
?terminate@@YAXXZ
memset
wcsncpy_s
_ultoa_s
malloc
strncmp
_strlwr_s
??0exception@std@@QAE@ABQBDH@Z
_purecall
wcsstr
memcpy
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
memcpy_s
?what@exception@std@@UBEPBDXZ
_mbscmp
vsprintf_s
_vscprintf
_vscwprintf
??_V@YAXPAX@Z
vswprintf_s
??2@YAPAXI@Z
memmove_s
calloc
_recalloc
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
free
??0exception@std@@QAE@ABQBD@Z
??3@YAXPAX@Z

winhttp

WinHttpOpenRequest
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpCloseHandle
WinHttpWriteData
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpOpen
WinHttpConnect
WinHttpCrackUrl

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.prdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f5ad97dfeb5e4ec8ae6349002671b5e6

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp80

ccl80u

msvcr80

winhttp

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 92KB - Virtual size: 90KB

.prdata Size: 80KB - Virtual size: 80KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 92KB - Virtual size: 90KB

.prdata
Size: 80KB - Virtual size: 80KB