0eaf16564f54529f3d0bf817bc70ad00_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0eaf16564f54529f3d0bf817bc70ad00_JaffaCakes118
Size

195KB
MD5

0eaf16564f54529f3d0bf817bc70ad00
SHA1

aa8ac8236864944b5b03625616afeffa6a54b3bc
SHA256

4908edb3a7b733d96818404b6900af85328da23ca00acf7dd11c4159f4c81417
SHA512

4ed945fa4382067031021ef9cb728d0862b5cf823bb0e97df2a259daab2e15f0627fc9b29533e18c05d8c9c1ab1cb5cb4764cb3e235796643c19ea03e46ed5e9
SSDEEP

3072:yuruMRfoRwHB8a2+L9R57EtyjtmakGkp5+7xUH1PCvR4RxDmNN8+/:8XRwHt3H57pnO5+7xUIvRImNN5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0eaf16564f54529f3d0bf817bc70ad00_JaffaCakes118

Files

0eaf16564f54529f3d0bf817bc70ad00_JaffaCakes118
.exe windows:5 windows x86 arch:x86

eb19875c90b5f8b43cb3ad907feea9be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord5015
ord3101
ord4599
ord4994
ord4410
ord5084
ord5497
ord4622
ord4651
ord5748
ord4150
ord2986
ord3412
ord5019
ord5623
ord1003
ord3444
ord4691
ord3055
ord3061
ord6332
ord2502
ord2534
ord5738
ord1740
ord5573
ord3167
ord5650
ord4417
ord4950
ord4854
ord4819
ord4381
ord3449
ord3193
ord3256
ord3275
ord3376
ord4617
ord4424
ord456
ord6076
ord1567
ord6171
ord3782
ord2006
ord6391
ord5451
ord3293
ord4477
ord1773
ord2785
ord2853
ord5648
ord5013
ord5100
ord4915
ord4997
ord4724
ord4663
ord4484
ord4339
ord4332
ord4641
ord5016
ord4486
ord4506
ord4956
ord4649
ord4376
ord4639
ord2540
ord5504
ord4032
ord3263
ord3348
ord4616
ord4418
ord5820
ord720
ord420
ord5952
ord1868
ord1886
ord1797
ord260
ord826
ord4294
ord2859
ord2371
ord1662
ord2644
ord5506
ord2937
ord2550
ord4458
ord6195
ord2239
ord2385
ord2793
ord4017
ord3295
ord6466
ord744
ord3765
ord2515
ord993
ord1079
ord447
ord2386
ord6336
ord1258
ord2154
ord1262
ord6335
ord5994
ord3211
ord2246
ord2153
ord2170
ord4037
ord1640
ord429
ord748
ord2394
ord1984
ord3437
ord3792
ord4487
ord3490
ord1722
ord1130
ord824
ord1255
ord738
ord1196
ord3764
ord2167
ord2513
ord441
ord3023
ord4583
ord4886
ord4526
ord5070
ord4335
ord4343
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord6051
ord1768
ord5236
ord5286
ord3743
ord1719
ord4426
ord341
ord303
ord654
ord448
ord2082
ord357
ord535
ord858
ord2776
ord6211
ord861
ord3450
ord3397
ord1941
ord589
ord764
ord1172
ord5977
ord4282
ord3658
ord3621
ord2406
ord3614
ord1634
ord567
ord2567
ord4390
ord3569
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord6168
ord5869
ord5785
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord4370
ord4847
ord609
ord1137
ord4155
ord540
ord613
ord6193
ord289
ord2070
ord2108
ord325
ord4229
ord5155
ord5156
ord5154
ord4899
ord4736
ord4970
ord4942
ord4352
ord4371
ord4848
ord5283
ord4829
ord3694
ord489
ord4253
ord4254
ord4709
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord3695
ord496
ord768
ord771
ord2877
ord3568
ord2855
ord4215
ord2576
ord3649
ord2430
ord1637
ord2442
ord5783
ord5871
ord283
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord2332
ord2294
ord2729
ord5268
ord2606
ord1197
ord1145
ord3087
ord2293
ord2350
ord1560
ord268
ord5706
ord941
ord940
ord665
ord1971
ord3784
ord5180
ord354
ord4224
ord4602
ord4710
ord6238
ord1173
ord1561
ord2634
ord922
ord4273
ord4272
ord5679
ord5568
ord2914
ord5061
ord4629
ord4601
ord4744
ord5010
ord4828
ord4485
ord2331
ord616
ord772
ord4263
ord6138
ord5856
ord4270
ord3566
ord1143
ord5781
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord500
ord5878
ord3312
ord2854
ord3871
ord2836
ord2099
ord3290
ord6150
ord2522
ord4360
ord4051
ord5467
ord4116
ord2381
ord1703
ord1708
ord5230
ord6365
ord5275
ord5058
ord5244
ord2436
ord3725
ord807
ord554
ord3084
ord2072
ord4448
ord4491
ord6451
ord5080
ord2290
ord4118
ord3867
ord319
ord4357
ord5083
ord4358
ord5078
ord1702
ord1704
ord3375
ord3680
ord450
ord747
ord1878
ord4246
ord4497
ord5950
ord3099
ord3133
ord4143
ord5491
ord2096
ord4454
ord6142
ord5879
ord2112
ord2879
ord5652
ord5472
ord6060
ord2486
ord2619
ord2618
ord6266
ord2004
ord4940
ord3249
ord2433
ord1688
ord5000
ord4464
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord3398
ord2874
ord2873
ord4149
ord4072
ord5233
ord5281
ord2641
ord1658
ord4430
ord5248
ord4421
ord739
ord439
ord442
ord736
ord5082
ord1834
ord4237
ord5996
ord2109
ord4504
ord4356
ord2992
ord5193
ord4695
ord1263
ord1229
ord5047
ord6191
ord3865
ord5024
ord1946
ord5468
ord4146
ord5278
ord674
ord796
ord6373
ord4451
ord529
ord366
ord2912
ord2795
ord958
ord6308
ord4172
ord3313
ord6006
ord5769
ord2593
ord3175
ord3178
ord3171
ord3502
ord3609
ord1259
ord6023
ord6022
ord5438
ord6381
ord1105
ord3785
ord1099
ord703
ord603
ord6397
ord5441
ord1961
ord273
ord403
ord6398
ord6385
ord2885
ord3515
ord3516
ord1008
ord1192
ord4128
ord4292
ord4225
ord5784
ord5035
ord3688
ord6115
ord562
ord3578
ord620
ord1230
ord1709

msvcrt

wcscoll
wcstod
_ftol
memmove
strncpy
setlocale
_wcsdup
free
_wcsicmp
_c_exit
swprintf
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
wcscmp
iswspace
wcslen
_exit
wcscpy
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp
_except_handler3
__CxxFrameHandler
_purecall

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExW
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExA

kernel32

FreeLibrary
lstrcmpW
lstrcmpiW
MulDiv
GlobalLock
GlobalUnlock
GlobalFree
GetLocaleInfoW
lstrlenW
LoadLibraryA
lstrcpyW
GlobalAlloc
Sleep
GetShortPathNameW
GetModuleFileNameW
GetVersion
SetCurrentDirectoryW
WideCharToMultiByte
CreateFileW
GetModuleHandleA
GetCurrentThreadId
GetStartupInfoW
lstrcatW
GetDateFormatW
GetTimeFormatW
EnumTimeFormatsW
EnumDateFormatsW
GetUserDefaultLCID
GetLocalTime
GetFileAttributesW
GetLastError
ExpandEnvironmentStringsW
lstrcpynW
GlobalGetAtomNameW
lstrcpyA
lstrlenA
SetEvent
ResetEvent
GetProcAddress
LoadLibraryW
CloseHandle
CreateEventW
FindResourceW
GlobalSize
lstrcmpA
DeleteAtom
GetModuleHandleW
SetThreadPriority
ResumeThread
FormatMessageW
GlobalAddAtomW
InterlockedIncrement
ReadFile

gdi32

GetObjectW
SetPixel
CreatePen
DeleteObject
EnumFontFamiliesW
EnumFontFamiliesExW
BitBlt
CreateCompatibleDC
CreateSolidBrush
GetStockObject
Rectangle
GetTextColor
GetBkColor
GetPaletteEntries
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetTextMetricsW
GetTextExtentPoint32W
CreateICW
CreateFontIndirectW
ScaleWindowExtEx
DPtoLP
GetDeviceCaps
CreateDCW
SelectObject

user32

SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
DefWindowProcW
GetAsyncKeyState
KillTimer
SetTimer
LoadMenuW
RemoveMenu
GetSubMenu
GetMenuItemCount
DeleteMenu
GetWindow
FindWindowW
ReleaseDC
GetDC
EnumWindows
IntersectRect
GetClassNameW
SendMessageTimeoutW
SetForegroundWindow
GetCapture
DrawEdge
LoadCursorW
EqualRect
SetRectEmpty
SendMessageW
RegisterWindowMessageW
EnableWindow
RegisterClipboardFormatW
PtInRect
SetRect
OffsetRect
GetWindowRect
GetClientRect
ClientToScreen
UpdateWindow
InvalidateRect
SetActiveWindow
SetCapture
ReleaseCapture
GetKeyState
IsClipboardFormatAvailable
CountClipboardFormats
GetMonitorInfoW
MonitorFromWindow
GetDlgItem
DrawTextW
TabbedTextOutW
GrayStringW
GetSystemMetrics
LoadIconW
WinHelpW
CopyRect
FillRect
DrawFocusRect
CreatePopupMenu
AppendMenuW
LoadStringW
GetSysColor
SetWindowLongW
GetWindowLongW
SetWindowTextW
GetWindowTextW
SetFocus
IsWindow
IsWindowEnabled
GetFocus
GetParent
IsChild
LoadBitmapW
GetNextDlgTabItem
wsprintfW
DispatchMessageW
TranslateMessage
GetDesktopWindow
BringWindowToTop
ScreenToClient
PostMessageW
GetClassInfoW
PeekMessageW
MsgWaitForMultipleObjects
CharToOemA
OemToCharBuffA
CharToOemBuffA

comdlg32

GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
CommDlgExtendedError

shell32

SHGetSpecialFolderPathW
ShellAboutW
SHGetSettings
DragQueryFileW
DragFinish

ole32

OleUninitialize
OleInitialize
StringFromCLSID
ReadClassStg
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
ReleaseStgMedium
OleRegGetUserType

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eb19875c90b5f8b43cb3ad907feea9be

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

comdlg32

shell32

ole32

Sections

.text Size: 120KB - Virtual size: 119KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 69KB - Virtual size: 68KB

.text
Size: 120KB - Virtual size: 119KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 69KB - Virtual size: 68KB