0e00b3421e201ef3f6b543b9451406f6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0e00b3421e201ef3f6b543b9451406f6_JaffaCakes118
Size

360KB
MD5

0e00b3421e201ef3f6b543b9451406f6
SHA1

7ea2cd4fa8fadaafc053606ebc39ddc947186892
SHA256

077401d23a6ec4799f03804dc56e3499398150cffe7637f7c5fd433fbac3caa1
SHA512

84adfedcaf6352213910d483566a88c7b903287b09c9124ad67ac35e615468b0b5620925941c492cb0d4ea51f51db7d647dbafff8597d1f7ae75eb182f55514d
SSDEEP

6144:jG8r+hAL5uOc9U89oI+jo+u7+68JSnxN6X5cUBk/so/IoHqPYMsrh7Aa3+P2vljK:jvr+XOc9UYopje7+68CxN6p1k/so/Io6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e00b3421e201ef3f6b543b9451406f6_JaffaCakes118

Files

0e00b3421e201ef3f6b543b9451406f6_JaffaCakes118
.exe windows:5 windows x86 arch:x86

d7d6a8b52b969b4b962f0ecabf9e9c64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

tmpnam
_gmtime64
_mktime64
rename
clearerr
fseek
ftell
fwrite
setvbuf
fgets
_popen
fflush
_pclose
tmpfile
fscanf
getenv
strrchr
strtoul
strncpy
getc
fclose
freopen
ferror
fprintf
fread
fopen
ungetc
strerror
feof
strstr
rand
strcmp
strcpy
wcsncpy
_lock
_exit
wcstoul
sprintf
_strcmpi
system
exit
realloc
_wtoi
memchr
_purecall
calloc
ceil
memcpy
_wcsicmp
wcscmp
isalpha
isdigit
isupper
iscntrl
toupper
islower
strpbrk
isxdigit
atan2
sqrt
cos
modf
ldexp
pow
log
tanh
sinh
tan
fmod
srand
cosh
acos
floor
frexp
log10
atan
exp
fabs
asin
sin
remove
clock
strftime
setlocale
_localtime64
_wrename
_time64
_onexit
_setjmp3
isalnum
ispunct
iswdigit
tolower
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
_controlfp
?terminate@@YAXXZ
_itoa
_snprintf
isleadbyte
mbtowc
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
fputs
_XcptFilter
memcmp
wcsstr
isspace
free
malloc
??_U@YAPAXI@Z
??_V@YAXPAX@Z
??2@YAPAXI@Z
strlen
wcslen
memset
??3@YAXPAX@Z
_iob
__mb_cur_max
strchr
_errno
_cexit
towlower
__wgetmainargs
__dllonexit
_unlock
memmove
abs
strcoll
strcat
strcspn
strncat
strtod
longjmp
localeconv
_except_handler3

urlmon

ObtainUserAgentString

wininet

HttpQueryInfoW
InternetSetOptionW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetOpenW

shlwapi

PathIsDirectoryW

kernel32

GetCommandLineW
VirtualFree
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
OutputDebugStringA
GetModuleHandleA
GetModuleFileNameA
TerminateProcess
OpenProcess
LoadLibraryA
GetVersionExW
RemoveDirectoryW
FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
SetFileTime
SystemTimeToFileTime
WideCharToMultiByte
FormatMessageA
GetFullPathNameW
LocalFree
LocalAlloc
GetExitCodeProcess
Sleep
CreateProcessW
GetFileAttributesW
OutputDebugStringW
DebugBreak
GetExitCodeThread
CreateThread
WaitForSingleObject
lstrlenA
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
lstrcpyW
SetFilePointer
WriteFile
CreateFileW
LockResource
SetCurrentDirectoryW
CreateDirectoryW
GetTempPathW
DeleteFileW
CloseHandle
GetTickCount
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetLastError
lstrcmpiW
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
lstrlenW
InterlockedIncrement
InterlockedDecrement
RaiseException
GetVersion
VirtualQuery
GetSystemInfo
GetModuleHandleW
GetProcAddress
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc

user32

IsWindowVisible
wvsprintfW
SetTimer
wsprintfW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetDlgItem
GetClassNameW
GetSysColor
RedrawWindow
UpdateWindow
CreateWindowExW
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
DestroyAcceleratorTable
DefWindowProcW
LoadCursorW
RegisterClassExW
FindWindowA
GetClassInfoExW
SetWindowTextW
EndDialog
SetRect
ShowWindow
MessageBoxA
PostQuitMessage
MessageBoxW
GetDesktopWindow
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
SendMessageW
LoadIconW
PostMessageW
KillTimer
SetWindowLongW
CreateDialogIndirectParamW
DestroyWindow
IsWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
UnregisterClassA

gdi32

GetDeviceCaps
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyW
RegCreateKeyW
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetFolderPathW

ole32

CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
CoCreateGuid
OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString
VariantInit
LoadRegTypeLi
VariantClear
DispCallFunc
SysAllocStringLen
OleCreateFontIndirect
SysStringLen
LoadTypeLi
VarBstrCmp
VariantChangeType
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr

Sections

.text
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d7d6a8b52b969b4b962f0ecabf9e9c64

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

urlmon

wininet

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 201KB - Virtual size: 200KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 110KB - Virtual size: 110KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 201KB - Virtual size: 200KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 110KB - Virtual size: 110KB

.reloc
Size: 10KB - Virtual size: 10KB