1c222ae591a0f9d4ad7703f82ce16cbe_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1c222ae591a0f9d4ad7703f82ce16cbe_JaffaCakes118
Size

316KB
MD5

1c222ae591a0f9d4ad7703f82ce16cbe
SHA1

7f63f4f36631263c3ebf807c3d1a419a632f9ce0
SHA256

f6995e9c7fff74b8df5ab52b9953140ad94c092ea681e8586e5cfbc0de1e2842
SHA512

be9eccbcafef7cceb9b1dbaffb1488cf02e7814424f6922643417a14fb770bd911b8a0c6238199f741f17db2ddf8efa8fed4e777d5e0c1a7d0384bd8a777017a
SSDEEP

6144:f+XlXXjbYK30Jnc8KB4hPWF14ZNyATezPN48o:f+Vv30Jc8KBq5NJKN4F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c222ae591a0f9d4ad7703f82ce16cbe_JaffaCakes118

Files

1c222ae591a0f9d4ad7703f82ce16cbe_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e4aeeb15bf92e89683c3bb38af41ef14

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

onxlib65

ord1213
ord1212
ord1215
ord507
ord3301
ord3300
ord1201
ord680
ord2406
ord500
ord502
ord643
ord642
ord1214
??BCOString@@QBEPBDXZ
??0COString@@QAE@XZ
??4COString@@QAEABV0@PBD@Z
??1COString@@UAE@XZ
ord1870
ord563
ord3700
ord3701
ord2296
ord547
ord2417
IsColorSubset
ord2262
ord3451
ord3450
ord2219
ord2295
ord2293
ord2294
ord3452
ord3453
ord1861
ord561
ord521
ord3610
ord541
ord515
ord550
ord543
ord517
ord540
ord514
ord544
ord518
ord512
ord3605
ord511
ord539
ord651
ord513
ord508
ord509
ord503
ord538
ord667
ord548
ord534
ord510
ord549
ord530
ord533
ord552
ord906
ord1002
ord1003
ord400
ord901
ord902
ord900
ord537
ord2407
ord1225
ord2401
ord1866
ord1862
ord1864
ord1860
ord2411
ord2413
ord2415
ord2416
ord2412

wsock32

WSAStartup
closesocket
shutdown
socket
setsockopt
getsockopt
WSAGetLastError
recv
select
WSACleanup
send
connect
htons
ioctlsocket
gethostbyname

mfc71

ord2415
ord2403
ord566
ord2392
ord2396
ord2398
ord2400
ord2390
ord5233
ord5235
ord765
ord315
ord1037
ord1206
ord1208
ord1098
ord371
ord1120
ord1201
ord1175
ord1177
ord1209
ord1084
ord1092
ord1167
ord581
ord907
ord4564
ord5969
ord1892
ord6067
ord3312
ord3641
ord5182
ord4212
ord4735
ord4890
ord4580
ord2020
ord1671
ord1670
ord1551
ord5912
ord1620
ord1617
ord3946
ord1401
ord4244
ord5152
ord1908
ord5073
ord6275
ord4185
ord5203
ord3403
ord4722
ord4282
ord1600
ord5960
ord923
ord928
ord932
ord930
ord934
ord2410
ord2394
ord2413
ord2408
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4262
ord3182
ord354
ord764
ord605
ord762
ord876
ord2086
ord1545
ord5915
ord1402
ord4232
ord5214
ord2991
ord4261
ord3164
ord572
ord587
ord578
ord310
ord265
ord314
ord4035
ord784
ord2321
ord1122
ord266
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord3948
ord4568
ord5230
ord5213
ord5566
ord2838
ord2990
ord4481
ord3333
ord1588
ord1115
ord2322
ord911
ord2248
ord1069
ord757
ord5563
ord739
ord591
ord760
ord1979
ord1290
ord2375
ord1794
ord736
ord297
ord304
ord1397
ord6266
ord1933
ord1484
ord4099
ord2091
ord1570
ord4237
ord3229
ord657
ord2164
ord5529
ord2657
ord3406
ord4104
ord6236
ord1931
ord1483
ord4098
ord2089
ord1547
ord4234
ord3171
ord1647
ord1589
ord3315
ord1873
ord1885
ord1790
ord1782
ord1882
ord2899
ord2272
ord3934
ord5807
ord1646

msvcr71

_mbsnicmp
_mbsnbicmp
strncmp
strncpy
atof
strtol
strstr
strchr
_splitpath
setlocale
_except_handler3
atol
_atoi64
_ismbcdigit
_beginthreadex
memset
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
??1type_info@@UAE@XZ
__security_error_handler
_strnicmp
_stricmp
_mbsicmp
free
fread
fclose
calloc
fopen
malloc
_purecall
_read
_write
_open
_close
sscanf
atoi
__CxxFrameHandler
_get_osfhandle
_open_osfhandle
sprintf
_mbschr
_mbsnbcpy
_mbscmp
_mbsnbcmp

kernel32

CreateEventA
CloseHandle
ReadFile
DeviceIoControl
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
ExitProcess
LocalAlloc
LocalFree
TerminateThread
GetCurrentThread
GetThreadPriority
SetThreadPriority
ResumeThread
WaitForMultipleObjects
Sleep
FreeLibrary
LoadLibraryA
GetProcAddress
GetComputerNameA
GetModuleFileNameA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObject
GetVersionExA
GetSystemDirectoryA
CreateFileA
ResetEvent
WriteFile
GetOverlappedResult
GetLastError

user32

EnableWindow
SendMessageA

winspool.drv

EnumPrintersA
EndDocPrinter
StartDocPrinterA
ClosePrinter
OpenPrinterA
WritePrinter

advapi32

RegQueryValueExA
StartServiceA
CloseServiceHandle
QueryServiceStatus
GetUserNameA
RegQueryValueA
RegSetValueA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
OpenSCManagerA
CreateServiceA
OpenServiceA

Exports

Exports

printer_funcs

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e4aeeb15bf92e89683c3bb38af41ef14

Headers

File Characteristics

Imports

onxlib65

wsock32

mfc71

msvcr71

kernel32

user32

winspool.drv

advapi32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 114KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 84KB - Virtual size: 86KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 10KB

.text Size: 76KB - Virtual size: 76KB

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 84KB - Virtual size: 86KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 10KB

.text
Size: 76KB - Virtual size: 76KB