20f528fb9ac1e2bc07b92d12549c7e52_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

20f528fb9ac1e2bc07b92d12549c7e52_JaffaCakes118
Size

500KB
MD5

20f528fb9ac1e2bc07b92d12549c7e52
SHA1

409d9b308f18693cf6e5a62fa9af5744713368f2
SHA256

c5445d661ec3351640ce978c569254f5945a636fb7dfebe6603d56049aaf23f7
SHA512

c54d43896f30aedf4ce54fc182e8c76bfd274c1e016bcb2ca99a593451a367b3942fdf16b5bc76c6846491e81fd3c7d4b97d3f403d8f489970af03cc7ef85174
SSDEEP

6144:5x2w0m2o00xeXwVICPeOJBsxC5hSV/ZCDlX7uNA1bwGeNzA3v+badFR:5xz0m2d8eXmIWBvhIiqNMAAPj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
20f528fb9ac1e2bc07b92d12549c7e52_JaffaCakes118

Files

20f528fb9ac1e2bc07b92d12549c7e52_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ae278f8289b647333382394bc9febe1f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection3W

mfc42u

ord6398
ord3561
ord5279
ord5856
ord2862
ord535
ord4073
ord4390
ord5237
ord2377
ord5286
ord4435
ord5257
ord2438
ord3569
ord567
ord609
ord4270
ord3658
ord3621
ord3871
ord540
ord5871
ord2746
ord2406
ord283
ord2854
ord2574
ord4396
ord3635
ord693
ord4238
ord4688
ord5977
ord2859
ord5142
ord3701
ord4118
ord3296
ord6754
ord3288
ord6871
ord6688
ord1634
ord5261
ord4370
ord4992
ord2506
ord6048
ord1767
ord5276
ord4419
ord3592
ord2403
ord2015
ord4213
ord2570
ord4392
ord3397
ord3577
ord616
ord641
ord861
ord324
ord2291
ord2294
ord4229
ord4272
ord4273
ord6654
ord3517
ord6195
ord4704
ord801
ord4847
ord6399
ord858
ord940
ord927
ord5604
ord5857
ord3312
ord541
ord665
ord2606
ord2385
ord1971
ord6381
ord3503
ord5180
ord354
ord922
ord4124
ord5679
ord942
ord703
ord860
ord537
ord925
ord812
ord559
ord6278
ord4199
ord6896
ord6898
ord3993
ord2810
ord3714
ord793
ord2286
ord2355
ord2290
ord2362
ord2354
ord6330
ord6451
ord6331
ord2520
ord6867
ord3092
ord2637
ord5949
ord3093
ord5947
ord3090
ord2755
ord6640
ord1899
ord5155
ord5156
ord5154
ord4899
ord4736
ord4970
ord4942
ord4371
ord4848
ord5283
ord4829
ord768
ord489
ord2289
ord2293
ord4253
ord6732
ord6498
ord2350
ord4352
ord3566
ord6003
ord3991
ord6776
ord2857
ord1143
ord2088
ord384
ord2634
ord3087
ord3281
ord6211
ord6193
ord2567
ord1900
ord1683
ord5284
ord4433
ord2046
ord4425
ord771
ord1008
ord496
ord4254
ord2371
ord2629
ord2876
ord2877
ord818
ord2538
ord3792
ord291
ord5845
ord4709
ord6150
ord2522
ord4358
ord4051
ord5467
ord4116
ord2381
ord5230
ord6365
ord5275
ord5244
ord2436
ord3578
ord4282
ord4448
ord4491
ord3084
ord1934
ord4583
ord4582
ord4893
ord4364
ord4886
ord4526
ord5070
ord4335
ord4343
ord4717
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord5236
ord3743
ord1719
ord5255
ord4426
ord303
ord813
ord4267
ord6004
ord3995
ord4458
ord4501
ord4215
ord2576
ord3649
ord2430
ord6266
ord2858
ord1637
ord3282
ord6597
ord3291
ord5602
ord795
ord6385
ord5438
ord3313
ord3494
ord2507
ord355
ord6920
ord924
ord926
ord3298
ord3909
ord3605
ord3716
ord656
ord4279
ord6024
ord5798
ord2912
ord2795
ord958
ord4407
ord4172
ord6006
ord5769
ord2593
ord3175
ord3178
ord3171
ord3502
ord3609
ord4606
ord4604
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord5298
ord4692
ord5710
ord3733
ord815
ord561
ord617
ord6191
ord5208
ord296
ord986
ord411
ord4154
ord6113
ord2613
ord1131
ord1197
ord1202
ord1196
ord2717
ord3756
ord2910
ord4078
ord3442
ord3191
ord1817
ord4233
ord4690
ord3053
ord3060
ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4947
ord4852
ord2391
ord4381
ord3449
ord3193
ord6076
ord6171
ord4617
ord4420
ord338
ord652
ord4817
ord4414
ord1937
ord4268
ord560
ord5256
ord1165
ord6868
ord6874
ord6139
ord1841
ord2575
ord4397
ord5249
ord3366
ord3636
ord736
ord439
ord4239
ord2631
ord5491
ord4502
ord6138
ord729
ord2496
ord1699
ord430
ord5771
ord3022
ord1569
ord2070
ord2081
ord3490
ord5848
ord1851
ord4241
ord3864
ord2119
ord2383
ord5096
ord5099
ord4462
ord3345
ord975
ord2875
ord4148
ord2375
ord807
ord796
ord554
ord529
ord402
ord4141
ord2486
ord2619
ord2618
ord6065
ord5996
ord2109
ord6142
ord5879
ord6617
ord4451
ord5251
ord4219
ord3865
ord5728
ord1996
ord1191
ord6205
ord1821
ord5280
ord4211
ord1794
ord4331
ord4422
ord4431
ord956
ord1137
ord298
ord620
ord4225
ord5480
ord1230
ord2992
ord5867
ord816
ord562
ord2673
ord3215
ord5651
ord4071
ord6374
ord2505
ord293
ord3365
ord2108
ord2248
ord2281
ord5858
ord1172
ord1173
ord3297
ord6670
ord654
ord5854
ord341
ord5599
ord2970
ord4294
ord2855
ord2072
ord3808
ord6771
ord6865
ord2057
ord2058
ord1826
ord5061
ord4629
ord4601
ord4710
ord4744
ord4602
ord5010
ord4369
ord4846
ord4828
ord4224
ord352
ord2836
ord2099
ord5446
ord5436
ord6379
ord6390
ord1787
ord3882
ord2825
ord4217
ord5463
ord1574
ord2913
ord1981
ord2797
ord960
ord6310
ord4174
ord5441
ord6008
ord2595
ord3647
ord403
ord6260
ord6228
ord6226
ord6144
ord2560
ord6264
ord6267
ord3220
ord3252
ord3907
ord2536

msvcrt

_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_controlfp
gmtime
mbstowcs
_wcsupr
qsort
wcsncmp
_ftol
_wfopen
fread
fseek
fgetws
wcsrchr
_memicmp
_strlwr
_stricmp
_strupr
_strnicmp
_atoi64
__CxxFrameHandler
free
atoi
sprintf
strchr
strrchr
strstr
memchr
strncpy
calloc
strtoul
wcschr
swprintf
wcscmp
malloc
towlower
strncmp
sscanf
strpbrk
isxdigit
_wcsnicmp
_wtoi
_wcsicmp
rand
wcslen
srand
time
wcsstr
wcscpy
fclose
fgets

kernel32

FileTimeToLocalFileTime
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SystemTimeToFileTime
lstrcpynW
GetCurrentDirectoryW
GetFileAttributesW
ResumeThread
CreateFileW
GetWindowsDirectoryW
FindFirstFileW
WaitForSingleObject
GetSystemTime
SetEndOfFile
SetFileTime
CloseHandle
CreateDirectoryW
SetFilePointer
SetLastError
GetTickCount
GetSystemTimeAsFileTime
GetComputerNameA
GetModuleHandleW
GetStartupInfoW
FindNextFileW
Sleep
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetTempPathW
FormatMessageW
GetTimeFormatW
GetDateFormatW
GetLocalTime
CompareStringW
FileTimeToSystemTime
CompareFileTime
GetFileTime
GetLastError
GetModuleFileNameW
GetSystemDefaultLCID
LoadLibraryW
CreateMutexW
ReleaseMutex
lstrlenW
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
GetThreadPriority
FindClose
MultiByteToWideChar

user32

CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SetPropW
DrawMenuBar
GetMenu
GetMenuState
TranslateMDISysAccel
SetFocus
SetWindowPos
SetRectEmpty
DrawEdge
FillRect
ReleaseDC
GetDCEx
RedrawWindow
ReleaseCapture
GetSystemMenu
LoadIconW
GetClassNameW
GetDC
GetWindowLongW
ClientToScreen
WindowFromPoint
LoadCursorW
SetCursor
SetCapture
TranslateMessage
IsChild
PtInRect
GetCursorPos
LoadMenuW
SetMenuDefaultItem
GetParent
GetDlgCtrlID
InvalidateRect
IsWindowVisible
GetAsyncKeyState
LoadBitmapW
SetParent
PostMessageW
SendMessageW
GetClientRect
GetWindowRect
GetSysColorBrush
GetFocus
EnableWindow
OffsetRect
DestroyIcon
LoadStringW
PeekMessageW
GetDesktopWindow
IsWindow
GetPropW
GetLastActivePopup
IsIconic
ShowWindow
CopyRect
DrawFrameControl
FrameRect
DrawFocusRect
GetSysColor
GetWindow
GetSubMenu
GetMenuItemInfoW
ModifyMenuW
AppendMenuW
DeleteMenu
GetMenuItemCount
SetForegroundWindow
UpdateWindow
KillTimer
SetTimer
DispatchMessageW
EnableMenuItem

gdi32

GetTextMetricsW
SelectObject
PatBlt
GetStockObject
GetObjectW
CreateFontIndirectW
CreateSolidBrush
DeleteObject
CreateRectRgnIndirect
CombineRgn
GetTextExtentPoint32W
FillRgn

advapi32

RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
GetUserNameW
RegDeleteKeyW

shell32

SHGetSpecialFolderLocation
DragQueryFileW
SHFileOperationW
SHGetDataFromIDListW
SHGetDesktopFolder
SHGetMalloc
SHGetFileInfoW
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

comctl32

ord17
ImageList_GetIcon
ImageList_AddMasked

ole32

ReleaseStgMedium
CoInitialize
CoUninitialize
CoCreateGuid

wsock32

ntohs
htons
gethostbyname
WSACancelAsyncRequest
WSAAsyncGetHostByName
inet_addr
htonl
ioctlsocket
getservbyname
gethostbyaddr
recv
inet_ntoa
socket
getsockname
listen
bind
ntohl
WSAStartup
WSACleanup
sendto
setsockopt
accept
send
connect
WSAGetLastError
closesocket
getservbyport

winmm

PlaySoundW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 332KB - Virtual size: 329KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ae278f8289b647333382394bc9febe1f

Headers

File Characteristics

Imports

mpr

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

wsock32

winmm

version

Sections

.text Size: 332KB - Virtual size: 329KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 12KB - Virtual size: 148KB

.rsrc Size: 84KB - Virtual size: 104KB

.text
Size: 332KB - Virtual size: 329KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 12KB - Virtual size: 148KB

.rsrc
Size: 84KB - Virtual size: 104KB