17b55e1bb584089aab4c83da6c0a9a41_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

17b55e1bb584089aab4c83da6c0a9a41_JaffaCakes118
Size

347KB
MD5

17b55e1bb584089aab4c83da6c0a9a41
SHA1

cddeb4715a11a1a57e0c210835bf6c0690f8867f
SHA256

2d737dd14720b3971142dd619c7f647c9e64ae5ac7a806cb86d75fc5f19a22e3
SHA512

2c20313d53b0e40b00cb9d391ddb49ee3b452040c33b0656364240eefbb23a3b4ab3164a41363a0273385a2971f94472067c500e7b4204834731ff8c7b72214b
SSDEEP

6144:C5T8l7YIpy2yg4AZjEcRBvCX+XZyGJD8KYsZ:CWl7823qKfXZus

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17b55e1bb584089aab4c83da6c0a9a41_JaffaCakes118

Files

17b55e1bb584089aab4c83da6c0a9a41_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c9fb086606c0f25de400901c8c269e43

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetCookieA

imutils2

ord782
ord299
ord436
ord245
ord503
ord1083
ord87
ord646
ord32
ord1147
ord455
ord502
ord1109
ord871
ord533
ord612
ord523
ord74
ord15
ord73
ord65
ord217
?GetTimeSpan@CImTimeStamp@@QBE?AVCTimeSpan@@XZ
?LoadTimeStamp@CImTimeStamp@@QAEHPBD0H@Z
??0CImTimeStamp@@QAE@XZ
ord647
ord740
ord5
ord400
ord564
ord810
ord512
ord14
ord967
ord780
ord548
ord840
ord679
ord1044
ord1226
ord629
ord952
ord953
ord931
?SaveTimeStamp@CImTimeStamp@@QAEXPBD0@Z
ord535
ord945
ord802
ord495
ord454
ord592
ord310
ord1013
ord540
ord1020
ord462
ord547
ord307
ord1033
ord573
ord649
ord616
ord691
ord672
ord1052
ord727
ord993
ord722
ord240
ord1197
ord617
ord551
ord842
ord453
ord606
ord690
ord721
ord585
ord586
ord761
ord300
ord448
ord397
ord418
ord1161
ord1039
ord1201
ord707
ord212
ord54
ord1043
ord608
ord394
ord36
ord837
ord252
ord238
ord91
ord1000
ord675
ord591
??1CImTimeStamp@@UAE@XZ
ord792
ord513

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shlwapi

PathAddBackslashA
PathFileExistsA

mfc42

ord4358
ord5265
ord4377
ord4854
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5287
ord3798
ord4835
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2982
ord3147
ord4948
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4425
ord768
ord567
ord489
ord656
ord2302
ord4258
ord4976
ord6199
ord4710
ord5875
ord4478
ord2754
ord2864
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord1576
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord5214
ord922
ord924
ord668
ord2770
ord356
ord535
ord1158
ord939
ord941
ord5683
ord2818
ord2725
ord926
ord5572
ord2915
ord6877
ord1601
ord2528
ord1008
ord860
ord3181
ord2764
ord3178
ord4058
ord2781
ord2575
ord4396
ord3574
ord609
ord6215
ord3092
ord3626
ord755
ord2414
ord4133
ord4297
ord5788
ord472
ord470
ord2646
ord5849
ord3698
ord3721
ord700
ord795
ord765
ord2623
ord1134
ord398
ord2135
ord818
ord2688
ord2393
ord6197
ord6377
ord6242
ord2463
ord6907
ord2642
ord3476
ord2862
ord1146
ord1168
ord2096
ord384
ord3996
ord3439
ord2614
ord699
ord4188
ord912
ord4202
ord397
ord5710
ord1949
ord4275
ord4034
ord1908
ord1690
ord5288
ord4439
ord2054
ord4431
ord496
ord497
ord771
ord4259
ord4715
ord2882
ord2881
ord2379
ord3089
ord5056
ord4284
ord4742
ord4905
ord5160
ord5162
ord5161
ord3610
ord4424
ord3402
ord4837
ord5290
ord1776
ord6055
ord1907
ord823
ord537
ord4129
ord4277
ord858
ord5220
ord825
ord296
ord540
ord617
ord800
ord3663
ord3259
ord4079

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
srand
rand
_stricmp
_mbsicmp
__CxxFrameHandler
_setmbcp
_ftol

kernel32

Module32First
CreateToolhelp32Snapshot
LocalFree
CreateThread
TerminateThread
WaitForSingleObject
SetFileAttributesA
GetProcAddress
LoadLibraryA
FreeLibrary
lstrlenA
GetModuleHandleA
GetStartupInfoA
Module32Next
CloseHandle
DeleteFileA
MultiByteToWideChar
GetWindowsDirectoryA
GetTickCount
Sleep

user32

GetDlgItem
EnumThreadWindows
GetWindowThreadProcessId
LockWindowUpdate
GetDesktopWindow
SetFocus
SetForegroundWindow
SetActiveWindow
DrawFocusRect
GetTopWindow
GetDlgCtrlID
RedrawWindow
PostThreadMessageA
CopyRect
GetWindowRect
SendMessageA
FindWindowA
MessageBoxA
IsWindowEnabled
GetWindowTextA
LoadIconA
RegisterWindowMessageA
EnableWindow
GetParent
ShowWindow
InflateRect
SetWindowLongA
GetClientRect
PostMessageA
GetKeyState
FindWindowExA

gdi32

GetStockObject

advapi32

RegSetKeySecurity
RegOpenKeyExA
IsValidAcl
SetEntriesInAclA
BuildExplicitAccessWithNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegEnumKeyExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA

comctl32

ImageList_ReplaceIcon

ole32

OleUninitialize
CoCreateInstance
OleInitialize

oleaut32

VariantClear
SysAllocString
SysFreeString
SysAllocStringLen
SysStringLen

Exports

Exports

??0CImTimeStamp@@QAE@ABV0@@Z
??4CImTimeStamp@@QAEAAV0@ABV0@@Z
??_7CImTimeStamp@@6B@
?GetMainWindow@CIncrediGlobals@@QAEPAUHWND__@@XZ
?GetNewTimeStamp@CImTimeStamp@@QAEKXZ
?GetTimeStamp@CImTimeStamp@@QAEKXZ
?IsKeyDown@@YA_NH@Z

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c9fb086606c0f25de400901c8c269e43

Headers

File Characteristics

Imports

wininet

imutils2

version

shlwapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 6KB

.shared Size: 4KB - Virtual size: 4B

.rsrc Size: 263KB - Virtual size: 263KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 6KB

.shared
Size: 4KB - Virtual size: 4B

.rsrc
Size: 263KB - Virtual size: 263KB