1b215dc40897e412f8076c126af229a4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1b215dc40897e412f8076c126af229a4_JaffaCakes118
Size

2.7MB
MD5

1b215dc40897e412f8076c126af229a4
SHA1

f5d499b76ccd6c71dab49ccf1b61d068648a74a0
SHA256

4bf3931c3ff16fe332223a54b9162c24d7471d35d9ce48b4ed777029b67d72f8
SHA512

2889bb2a36e4ba53277598afd86b5b97121a0fda284cbf0127346b1a612bc1501751234bd7b9e8684fb1c86673723fed9a08ca383f9d49d18c5a4dd9e7fc4b46
SSDEEP

6144:mGKK+yOAXCm8dLJFNCPqYc9SyjIZS4j8E16kzheNKIoAuoFFtvWCC+Olo:nK+OXm8lnNCuLjE1FFeMIonoFDvWaOm

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1b215dc40897e412f8076c126af229a4_JaffaCakes118

Files

1b215dc40897e412f8076c126af229a4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

14bfcf756778b0a3306574d426bf1db6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

avcodec-51

ord623
ord665
ord650
ord2303
ord600
ord646
ord2305
ord608
ord605
ord667
ord672
ord668
ord666
ord613
ord638
ord684
ord674
ord679
ord624
ord641
ord678
ord614
ord686
ord673
ord601
ord663
ord661
ord625
ord654
ord652
ord607
ord653
ord604
ord645
ord615
ord630
ord2306
ord631
ord662
ord690
ord688
ord687
ord629
ord636
ord599

avformat-51

ord139
ord27
ord250
ord81
ord55
ord28
ord43
ord17
ord33
ord42
ord18
ord314
ord52
ord62
ord46
ord48
ord328
ord61
ord20
ord19
ord32
ord326
ord22
ord38
ord40
ord57
ord323
ord313
ord25

avutil-49

ord60
ord56
ord30
ord29
ord50
ord14
ord62
ord61
ord27
ord52
ord42
ord21
ord53
ord41
ord23
ord24
ord26

mfc42

ord6186
ord5710
ord4123
ord2078
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord2514
ord2621
ord1134
ord3663
ord3626
ord641
ord2414
ord800
ord795
ord5440
ord6383
ord823
ord5450
ord6394
ord537
ord5572
ord2915
ord858
ord922
ord924
ord926
ord540
ord860
ord2614
ord1200
ord4278
ord5683
ord4129
ord535
ord5265
ord4376
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord3571
ord6055
ord1776
ord5290
ord3402
ord3721
ord1146
ord1168
ord567
ord2294
ord2362
ord2302
ord6197
ord1641
ord4299
ord6215
ord6199
ord656
ord4160
ord2863
ord2379
ord755
ord470
ord2818
ord6111
ord3996
ord5981
ord2642
ord3452
ord2515
ord355
ord6779
ord3874
ord941
ord640
ord1640
ord6605
ord323
ord6905
ord2864
ord2860
ord2859
ord6241
ord1829
ord3610
ord4275
ord2764
ord536
ord6930
ord6928
ord2289
ord2370
ord6334
ord3693
ord5781
ord2713
ord5788
ord5785
ord3706
ord1929
ord5875
ord3797
ord5789
ord613
ord1138
ord289
ord1105
ord2452
ord2405
ord6157
ord3716
ord790
ord556
ord809
ord6358
ord3546
ord1088
ord2122
ord3742
ord818
ord1233
ord3089
ord2575
ord4396
ord3574
ord609
ord4284
ord5053
ord6880
ord3619
ord2380
ord283
ord4133
ord4297
ord472
ord2567
ord3370
ord2582
ord4402
ord3640
ord693
ord4243
ord5759
ord6192
ord5756
ord1576
ord4330
ord6189
ord6021
ord6172
ord5873
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord2754
ord2971
ord2714
ord3092
ord6762
ord6696
ord6654
ord4023
ord6877
ord3573
ord2862
ord5148
ord4694
ord3293
ord6242
ord2116
ord1270
ord1232
ord6194
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord1153
ord2152
ord3873
ord686
ord2096
ord384
ord2408
ord4400
ord3630
ord682
ord3754
ord3753

msvcrt

_kbhit
_getch
__CxxFrameHandler
sprintf
atoi
__p___argv
strncpy
_chdir
clock
_ftol
memmove
_getdiskfree
_mbscmp
sscanf
_mbsnbcpy
_mbsstr
_setmbcp
fprintf
_iob
atof
strtol
strtod
strchr
abort
strncmp
_snprintf
localtime
time
fclose
perror
fread
ftell
fseek
fopen
fflush
_HUGE
_assert
printf
getchar
vfprintf
strstr
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_mkdir
toupper

kernel32

GetLastError
GetStartupInfoA
GetProcessTimes
lstrcpynA
lstrcatA
lstrlenA
WinExec
lstrcpyA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalReAlloc
GlobalFree
GetModuleHandleA
GetProcAddress
GetLocaleInfoA
Sleep
MultiByteToWideChar
GetVersionExA
GetCurrentProcess
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
WritePrivateProfileStringA
GetVolumeInformationA
GetPrivateProfileStringA
GetFileAttributesA

user32

RegisterClassExA
GetClassNameA
GetKeyState
ReleaseCapture
GetSysColorBrush
SetClipboardData
CloseClipboard
GetClipboardData
OpenClipboard
DestroyMenu
SetCapture
GetClassInfoA
DefWindowProcA
RegisterWindowMessageA
GrayStringA
DrawTextA
TabbedTextOutA
UpdateWindow
UnionRect
TranslateMessage
DispatchMessageA
PeekMessageA
LoadIconA
SetWindowRgn
LoadBitmapA
SendMessageA
AppendMenuA
GetSystemMenu
DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
PtInRect
GetWindowRect
CopyIcon
LoadCursorA
ExitWindowsEx
InvalidateRect
SetTimer
KillTimer
EnableWindow
SystemParametersInfoA
IsWindowVisible
GetParent
GetDC
SetRect
SetWindowLongA
ReleaseDC
SetCursor
ScreenToClient
ClientToScreen
IsRectEmpty
DestroyCursor
DestroyIcon
GetWindowLongA
GetNextDlgTabItem
GetActiveWindow
WindowFromPoint
PostMessageA
TrackPopupMenuEx
GetSubMenu
DrawFocusRect
InflateRect
CopyRect
OffsetRect
DrawStateA
FillRect
GetSysColor
CreateIconIndirect
GetIconInfo
LoadImageA
FrameRect
MessageBeep
GetMessagePos
IsWindow
GetFocus
DrawFrameControl

gdi32

CreateRoundRectRgn
CreateBrushIndirect
CreateRectRgn
Polygon
GetBkColor
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
CreateSolidBrush
CreatePen
RoundRect
GetCurrentObject
GetTextExtentPoint32A
GetPixel
SetPixel
CreateFontIndirectA
CreateBitmap
SetBkColor
SetTextColor
CreateCompatibleBitmap
GetStockObject
GetObjectA
StretchBlt
CreatePenIndirect
Rectangle
CreateDIBSection
ExtCreateRegion
CombineRgn
DeleteObject
DeleteDC
GetTextExtentPointA
CreateCompatibleDC
SelectObject
BitBlt

advapi32

RegCreateKeyA
RegQueryValueExA
RegOpenKeyExA
RegQueryValueA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegSetValueA
RegCloseKey

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
ShellExecuteExA
ShellExecuteA

comctl32

_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetBkColor
ImageList_GetBkColor
FlatSB_EnableScrollBar
InitializeFlatSB
ImageList_ReplaceIcon
ImageList_Remove

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocStringLen

msimg32

AlphaBlend

Sections

.text
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

btxruvt
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.erdata
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

14bfcf756778b0a3306574d426bf1db6

Headers

File Characteristics

Imports

avcodec-51

avformat-51

avutil-49

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msimg32

Sections

.text Size: 172KB - Virtual size: 168KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 16KB - Virtual size: 21KB

.rsrc Size: 2.5MB - Virtual size: 2.5MB

btxruvt Size: - Virtual size: 4KB

.erdata Size: 68KB - Virtual size: 68KB

.text
Size: 172KB - Virtual size: 168KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 16KB - Virtual size: 21KB

.rsrc
Size: 2.5MB - Virtual size: 2.5MB

btxruvt
Size: - Virtual size: 4KB

.erdata
Size: 68KB - Virtual size: 68KB