21a7d9f213c90112d7483fd095375fdd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

21a7d9f213c90112d7483fd095375fdd_JaffaCakes118
Size

928KB
MD5

21a7d9f213c90112d7483fd095375fdd
SHA1

26975c7d8601e0273124912273448398bbf4a7e3
SHA256

bf0dc1e5c2afbe84a4de34e2b933025d519df6d300749c3f58ba0d71c599a633
SHA512

9223849c2d7a7dee144052cb5cd0eb76377bd18668e047f77a6a5160468791fa594624bfd63e482b659ea614e0a9906a7b289d6039c83ed9161525aec7d6bec0
SSDEEP

12288:aJsvvuhLH1RShQbbbXtxxv21xMltFVfUe6sENbj7hAQ9:aJsvvuhLH1RShQLtx8GTvfN6FZh39

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
21a7d9f213c90112d7483fd095375fdd_JaffaCakes118

Files

21a7d9f213c90112d7483fd095375fdd_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4080b359c383f47bc843ebbeec2bd592

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

setupapi

SetupIterateCabinetA

wininet

InternetSetCookieA
InternetGetCookieA

mfc42

ord5277
ord3402
ord4627
ord3574
ord567
ord324
ord2302
ord4234
ord3874
ord6334
ord5981
ord6199
ord4710
ord6282
ord6283
ord926
ord6883
ord940
ord801
ord541
ord3584
ord543
ord803
ord699
ord773
ord397
ord501
ord5593
ord3438
ord5590
ord3435
ord5600
ord3131
ord912
ord3938
ord2614
ord5607
ord909
ord4185
ord3935
ord1083
ord2784
ord5450
ord6394
ord5440
ord6383
ord2107
ord2841
ord1601
ord4188
ord539
ord3994
ord861
ord5631
ord1158
ord5861
ord6143
ord4204
ord2820
ord2124
ord3619
ord1641
ord3626
ord2414
ord755
ord5789
ord5875
ord470
ord665
ord1979
ord6385
ord5186
ord354
ord6930
ord5651
ord3613
ord5621
ord772
ord500
ord5860
ord5606
ord6467
ord1154
ord5628
ord5834
ord2448
ord2044
ord6876
ord6662
ord6779
ord2765
ord5442
ord3318
ord2827
ord1175
ord3337
ord3742
ord818
ord5594
ord4275
ord2379
ord4224
ord1187
ord2256
ord6453
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3401
ord3738
ord561
ord2725
ord1232
ord6442
ord2864
ord1146
ord551
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4396
ord1776
ord4078
ord6055
ord2575
ord3610
ord4407
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord5265
ord656
ord609
ord641
ord2086
ord6215
ord3741
ord3353
ord3954
ord6877
ord5289
ord1644
ord2455
ord2438
ord3654
ord2584
ord4220
ord3663
ord4699
ord4226
ord2726
ord1168
ord817
ord565
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5715
ord5307
ord4079
ord5303
ord5300
ord3346
ord2396
ord1948
ord823
ord6663
ord924
ord922
ord3790
ord2824
ord6153
ord2915
ord859
ord6928
ord939
ord4129
ord4278
ord2763
ord542
ord6569
ord802
ord2764
ord538
ord398
ord4189
ord913
ord700
ord941
ord2818
ord696
ord394
ord860
ord535
ord5683
ord4277
ord4202
ord858
ord537
ord825
ord540
ord800
ord3811
ord1576

msvcrt

__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
__p__pgmptr
wcstok
wcsstr
_wcsupr
_strupr
wcscpy
wcsrchr
wcscat
wcslen
_mbsnbcat
wcscmp
toupper
tolower
_mbsrchr
_strdate
_strtime
_iob
fprintf
fflush
vfprintf
isdigit
_rmdir
_splitpath
getc
putc
_strlwr
_mbsnbcpy
_mbsnbcmp
towupper
??0exception@@QAE@ABQBD@Z
atol
_beginthreadex
strncmp
_mbsnbicmp
strpbrk
_mbsupr
_adjust_fdiv
fseek
ftell
fread
fopen
fwrite
fclose
strrchr
div
?what@exception@@UBEPBDXZ
realloc
atof
malloc
free
wcstod
wcstol
memcmp
_mbslwr
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
memmove
strstr
_ftol
strcat
sscanf
strftime
strchr
_purecall
abs
strcmp
srand
rand
_itoa
localtime
mktime
_mbsicmp
strcpy
atoi
sprintf
strlen
_mbschr
_stricmp
time
_mbscmp
memset
strncpy
memcpy
__CxxFrameHandler
__p__commode
__p__fmode
__set_app_type
_mbsstr
_strnicmp
_setmbcp
_controlfp

kernel32

FormatMessageA
lstrlenW
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
CreateFileA
FindClose
FindNextFileA
FindFirstFileA
CreateDirectoryA
GetModuleFileNameA
ResetEvent
WaitForSingleObject
lstrlenA
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
TerminateThread
VirtualFreeEx
GetExitCodeThread
CreateRemoteThread
GetProcAddress
WriteProcessMemory
VirtualAllocEx
LocalFree
GetCurrentProcessId
GetWindowsDirectoryA
WaitForMultipleObjects
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
LoadLibraryA
FreeLibrary
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
CreateMutexA
ReleaseMutex
HeapAlloc
GetProcessHeap
HeapFree
RemoveDirectoryA
GetFileAttributesA
GetEnvironmentVariableA
GetVersionExA
GetShortPathNameA
MoveFileExA
lstrcmpA
GetLongPathNameA
FileTimeToSystemTime
TerminateProcess
GetSystemDirectoryA
HeapDestroy
GlobalUnlock
GlobalLock
GlobalAlloc
GetStartupInfoA
WideCharToMultiByte
InterlockedIncrement
MultiByteToWideChar
InterlockedExchange
Sleep
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
SetEvent
CopyFileA
DeleteFileA
GetLastError
CreateEventA
CloseHandle
OpenProcess
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
SetLastError
CreateProcessA
lstrcpyA
GetModuleHandleA
lstrcatA

user32

GetClassInfoA
GetDesktopWindow
GetWindowTextLengthA
GetSysColor
IsChild
GetFocus
EndPaint
FillRect
BeginPaint
RedrawWindow
ReleaseDC
GetDC
CreateAcceleratorTableA
ReleaseCapture
SetCapture
InvalidateRect
InvalidateRgn
SetWindowRgn
GetClientRect
MoveWindow
BringWindowToTop
CallWindowProcA
SetWindowPos
GetWindowRect
ScreenToClient
MapVirtualKeyA
FindWindowExA
PostQuitMessage
PostThreadMessageA
KillTimer
SendMessageA
EnableWindow
UpdateWindow
SetWindowTextA
IsDialogMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
CreatePopupMenu
AppendMenuA
SetMenuDefaultItem
GetCursorPos
SetForegroundWindow
TrackPopupMenu
PostMessageA
DefWindowProcA
DestroyWindow
LoadImageA
SetTimer
DestroyIcon
RegisterClassExA
CreateWindowExA
GetSysColorBrush
RegisterWindowMessageA
CharLowerA
LoadIconA
FindWindowA
EnumChildWindows
GetForegroundWindow
EnumWindows
PeekMessageA
SetFocus
GetWindowThreadProcessId
GetWindowTextA
IsWindow
IsWindowVisible
GetDlgItem
SetWindowLongA
SystemParametersInfoA
MapWindowPoints
GetWindowLongA
GetParent
GetWindow
GetClassInfoExA
GetMessageA
GetSystemMetrics
LoadCursorA
wsprintfA
GetClassNameA
ShowWindow

gdi32

GetDeviceCaps
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC
CreateSolidBrush
CreateRectRgn
TextOutA
GetStockObject
GetObjectA
CreateFontA
SelectObject

advapi32

RegSetValueExA
DuplicateTokenEx
SetTokenInformation
CreateProcessAsUserA
RegEnumKeyExA
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
OpenProcessToken
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
AddAccessAllowedAce

shell32

Shell_NotifyIconA
ExtractIconExA
ShellExecuteA

ole32

OleUninitialize
OleInitialize
CoUnmarshalInterface
CoCreateInstance
OleRun
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
CoUninitialize
CoTaskMemFree
StringFromCLSID
CoTaskMemAlloc
CoInitialize
CreateStreamOnHGlobal
CoMarshalInterface
OleLockRunning

olepro32

ord253

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysStringByteLen
VariantClear
VariantInit
SysAllocString
SafeArrayDestroy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
LoadRegTypeLi
DispCallFunc
VariantCopy
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo
SysStringLen

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ

Sections

.text
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4080b359c383f47bc843ebbeec2bd592

Headers

File Characteristics

Imports

version

setupapi

wininet

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

olepro32

oleaut32

msvcp60

Sections

.text Size: 484KB - Virtual size: 484KB

.rdata Size: 113KB - Virtual size: 113KB

.data Size: 137KB - Virtual size: 137KB

.rsrc Size: 178KB - Virtual size: 178KB

.text
Size: 484KB - Virtual size: 484KB

.rdata
Size: 113KB - Virtual size: 113KB

.data
Size: 137KB - Virtual size: 137KB

.rsrc
Size: 178KB - Virtual size: 178KB