1a0e31088003d3d1e1f9ad4766f1c941_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1a0e31088003d3d1e1f9ad4766f1c941_JaffaCakes118
Size

969KB
MD5

1a0e31088003d3d1e1f9ad4766f1c941
SHA1

872f6389062beaed6ee7780ef8b0cb53bf12c37b
SHA256

db875d8f6cae6d9b4c32ca952ff58c046c079f561bbaf6c067ba4262f2ad0933
SHA512

2030c554d138b599442816ba0b016622b6f94070e7614e141506f0e69f2b75cb67b13d946f80cc929da81a93e4d2622271e77a6c7fa386a982728304bb078569
SSDEEP

24576:ccwPfeBH/JDnPsx8IUZtSjj2S8c3IJ1jqXgnCEpMrsK2mDTIXb5:/sgxPPZtSjj2SN3IJ1jqXgnCEpMrsK2/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1a0e31088003d3d1e1f9ad4766f1c941_JaffaCakes118

Files

1a0e31088003d3d1e1f9ad4766f1c941_JaffaCakes118
.exe windows:4 windows x86 arch:x86

3de885a526a6c5b7c561f5a456374bca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidLocale
LoadLibraryA
GetFileAttributesA
CloseHandle
OpenProcess
ReleaseMutex
GetPrivateProfileStringA
CreateProcessA
lstrlenA
ReadFile
WriteFile
ConnectNamedPipe
Sleep
CreateNamedPipeA
WriteProcessMemory
lstrlenW
CreateMutexA
LocalFree
GetStartupInfoA
GetLastError
GetCurrentThreadId
FindResourceA
LoadResource
GlobalLock
SizeofResource
GlobalUnlock
GetModuleFileNameA
GetUserDefaultLangID
LocalAlloc
GetVersionExA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetExitCodeProcess
WaitForSingleObject
GetCurrentDirectoryA
TerminateProcess
CreateDirectoryA
FormatMessageA
InterlockedIncrement
InterlockedDecrement
GetDiskFreeSpaceExA
DeleteFileA
GetSystemInfo
GetProcAddress
GetModuleHandleA
GetVersion
GetPrivateProfileIntA
WritePrivateProfileStringA
MultiByteToWideChar
TerminateThread
OpenThread
SetLastError
SetEvent
ResetEvent
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
CancelIo
DeviceIoControl
CreateEventA
CreateFileA
GetModuleFileNameW
VirtualQuery
FindClose
FindFirstFileW
CreateFileW
GetCurrentDirectoryW
GetFullPathNameW
WideCharToMultiByte
WaitForMultipleObjects
GetTickCount
LockResource
SetCommState
GetCommState
ClearCommError
SetCommTimeouts
PurgeComm
GetOverlappedResult
lstrcatA
lstrcpyA
SetCommMask
GetCommMask
GetCommTimeouts
VirtualAllocEx

advapi32

RegDeleteValueA
GetUserNameA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegDeleteKeyA
RegCreateKeyExA
RegEnumKeyA
RegQueryInfoKeyA
RegEnumValueA
ConvertSidToStringSidA
LookupAccountNameA

gdi32

DeleteEnhMetaFile
SetEnhMetaFileBits

iphlpapi

GetAdaptersInfo

mfc42

ord6199
ord4160
ord1146
ord1168
ord4710
ord537
ord535
ord823
ord4129
ord5683
ord860
ord5856
ord3721
ord795
ord4284
ord3337
ord2915
ord3811
ord665
ord353
ord1187
ord2818
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord1134
ord2379
ord3663
ord801
ord541
ord2086
ord1175
ord755
ord470
ord6215
ord1105
ord4278
ord2764
ord2820
ord5572
ord2919
ord2614
ord6143
ord4202
ord690
ord1988
ord2393
ord5356
ord5207
ord389
ord922
ord941
ord6648
ord6883
ord1138
ord5583
ord1768
ord2645
ord5651
ord3616
ord3127
ord1997
ord4277
ord6407
ord5778
ord6283
ord5465
ord5194
ord5710
ord350
ord533
ord6877
ord6663
ord5440
ord6383
ord5450
ord6394
ord551
ord940
ord1871
ord2827
ord538
ord4083
ord6662
ord4204
ord1979
ord5186
ord354
ord6385
ord5442
ord3318
ord923
ord668
ord2770
ord356
ord1259
ord2740
ord2801
ord879
ord882
ord2044
ord2107
ord2841
ord2448
ord5834
ord5355
ord3180
ord1567
ord268
ord2763
ord6779
ord1949
ord2152
ord1233
ord2864
ord4220
ord2584
ord3654
ord2863
ord2438
ord1644
ord4275
ord6930
ord6928
ord4034
ord6874
ord539
ord3584
ord543
ord803
ord521
ord6307
ord3126
ord3613
ord663
ord348
ord6876
ord3903
ord1158
ord413
ord711
ord4171
ord5861
ord5466
ord2917
ord2808
ord964
ord6317
ord4182
ord6392
ord5448
ord6010
ord2606
ord3183
ord3176
ord3511
ord3724
ord958
ord861
ord5208
ord6282
ord6222
ord536
ord3742
ord6442
ord6453
ord3874
ord1576
ord5829
ord3726
ord2065
ord610
ord5857
ord287
ord2233
ord4167
ord6139
ord926
ord939
ord3092
ord924
ord4234
ord2302
ord818
ord825
ord2135
ord324
ord567
ord540
ord858
ord641
ord800
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord4424
ord3402
ord5290
ord1776
ord6055
ord269
ord826
ord600
ord1578
ord6467
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord798
ord3790

msvcp60

?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

msvcrt

_onexit
__dllonexit
??1type_info@@UAE@XZ
rand
_itoa
memchr
wcslen
_swab
strstr
_mbsstr
_stricmp
_open_osfhandle
_fdopen
__doserrno
malloc
free
strlen
strcmp
strerror
memcpy
memcmp
_except_handler3
sscanf
_mbstok
strcpy
memset
_mbsnbcpy
strncpy
printf
exit
_mkdir
sprintf
_mbscmp
memmove
atoi
_CxxThrowException
fopen
fprintf
vfprintf
fclose
_mbsicmp
__CxxFrameHandler
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
_setmbcp
_strlwr
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
strtol
_controlfp

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateInstance
OleRun
CoCreateGuid
CoTaskMemAlloc

oleaut32

SysAllocString
VariantClear
SysFreeString
VariantCopy
CreateErrorInfo
VariantChangeType
SetErrorInfo
GetErrorInfo
VariantInit

psapi

GetModuleBaseNameA
EnumProcesses
EnumProcessModules

secur32

GetUserNameExA

setupapi

SetupDiEnumDeviceInterfaces
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiDestroyDeviceInfoList
CM_Get_Device_IDA
CM_Locate_DevNodeA
CM_Get_Parent
CM_Get_DevNode_Registry_PropertyA
SetupDiEnumDeviceInfo
CM_Get_DevNode_Status
CM_Get_Sibling
CM_Get_Child
SetupDiOpenDevRegKey
SetupDiGetDeviceRegistryPropertyA
SetupDiOpenDeviceInterfaceA

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
SHCreateDirectoryExA
SHFileOperationA
ShellExecuteA
SHGetFolderPathA

shlwapi

PathFileExistsA
UrlEscapeA

urlmon

URLDownloadToFileA

user32

GetSubMenu
KillTimer
RegisterWindowMessageA
SendMessageA
IsWindow
LoadIconA
EnableWindow
IsIconic
UnhookWindowsHookEx
SetDlgItemTextA
GetSystemMetrics
RegisterShellHookWindow
SetWindowsHookExA
UnregisterDeviceNotification
GetMessageA
CallNextHookEx
CheckMenuItem
RemoveMenu
DrawMenuBar
MessageBoxIndirectA
PostThreadMessageA
GetCursorPos
SetForegroundWindow
TrackPopupMenu
LoadMenuA
GetClientRect
SetMenuDefaultItem
wsprintfA
PeekMessageA
DispatchMessageA
TranslateMessage
RegisterDeviceNotificationA
FindWindowExA
GetWindowThreadProcessId
GetWindowTextA
SetTimer
DrawIcon
PostMessageA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetSetOptionA
InternetGetConnectedState
InternetOpenA
DeleteUrlCacheEntry
InternetOpenUrlA
InternetCloseHandle

winmm

timeGetTime

wsock32

ntohs
inet_addr
gethostbyname
ntohl
select
setsockopt
bind
WSACleanup
closesocket
recv
send
socket
WSAGetLastError
ioctlsocket
htons
connect
WSAStartup

Sections

.text
Size: 648KB - Virtual size: 644KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 168KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARE
Size: - Virtual size: 24B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3de885a526a6c5b7c561f5a456374bca

Headers

File Characteristics

Imports

kernel32

advapi32

gdi32

iphlpapi

mfc42

msvcp60

msvcrt

ole32

oleaut32

psapi

secur32

setupapi

shell32

shlwapi

urlmon

user32

version

wininet

winmm

wsock32

Sections

.text Size: 648KB - Virtual size: 644KB

.rdata Size: 92KB - Virtual size: 89KB

.data Size: 168KB - Virtual size: 182KB

.SHARE Size: - Virtual size: 24B

.rsrc Size: 52KB - Virtual size: 54KB

.text
Size: 648KB - Virtual size: 644KB

.rdata
Size: 92KB - Virtual size: 89KB

.data
Size: 168KB - Virtual size: 182KB

.SHARE
Size: - Virtual size: 24B

.rsrc
Size: 52KB - Virtual size: 54KB