267d9b214e73b1b0df8fdefc8ec44e4b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

267d9b214e73b1b0df8fdefc8ec44e4b_JaffaCakes118
Size

469KB
MD5

267d9b214e73b1b0df8fdefc8ec44e4b
SHA1

8b0c6e62170f9b353b38e9ad097e87f5f24b63bb
SHA256

9ff8777e7388ddfafae9e18ab5b22a37b1fff7d4d036c57e6ddd931985c44302
SHA512

99d8a22805ce7a5a97aad6b56f098e00e4920f87689000d8f418f16b0f89959d8a492cb8b81cf9bdeaeca1f2a893ef794a067299f03838c4433b0290ad71c31e
SSDEEP

12288:iZJBQbaUhnEDcwQ7XUNUd04QD2hwNzln1hMP6:i0agnao04C2hczV1hMP6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
267d9b214e73b1b0df8fdefc8ec44e4b_JaffaCakes118

Files

267d9b214e73b1b0df8fdefc8ec44e4b_JaffaCakes118
.exe windows:4 windows x86 arch:x86

695febfc9329106223b2ca8f0340fe6e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\work\Rnd\SEC\source\release\Reminder.pdb

Imports

mfc80

ord297
ord784
ord2322
ord5491
ord865
ord577
ord1482
ord3397
ord6754
ord6752
ord1084
ord3210
ord1123
ord1934
ord3161
ord1280
ord1279
ord5637
ord280
ord589
ord330
ord602
ord1564
ord347
ord1930
ord1263
ord265
ord6018
ord293
ord300
ord651
ord416
ord783
ord2131
ord774
ord2130
ord2469
ord629
ord384
ord287
ord3835
ord4735
ord356
ord3441
ord1968
ord709
ord501
ord4648
ord4394
ord4692
ord4118
ord3401
ord2719
ord1966
ord2367
ord3287
ord3163
ord2368
ord3204
ord5658
ord1903
ord4115
ord6065
ord3989
ord1425
ord5731
ord5641
ord5640
ord6067
ord4125
ord3317
ord2991
ord5214
ord4240
ord1402
ord5915
ord6725
ord1591
ord2095
ord741
ord3164
ord4232
ord1545
ord2086
ord587
ord3229
ord4237
ord1570
ord2091
ord4099
ord1484
ord1933
ord6266
ord1397
ord657
ord3171
ord4234
ord1547
ord2089
ord4098
ord1483
ord1931
ord591
ord3195
ord620
ord3307
ord1587
ord731
ord3178
ord1550
ord599
ord3249
ord1575
ord1576
ord671
ord3326
ord2985
ord752
ord3319
ord4242
ord2097
ord743
ord3230
ord2958
ord4238
ord2092
ord658
ord3328
ord2987
ord754
ord3215
ord1559
ord1638
ord643
ord3315
ord1589
ord1647
ord739
ord3312
ord1588
ord1646
ord736
ord3292
ord1581
ord1643
ord715
ord3214
ord4236
ord1558
ord1637
ord2090
ord642
ord3324
ord2983
ord4243
ord1594
ord1650
ord2098
ord748
ord3157
ord1543
ord1635
ord583
ord3304
ord730
ord3298
ord3172
ord1548
ord1636
ord266
ord3227
ord1568
ord1639
ord656
ord3228
ord1569
ord1640
ord2370
ord3934
ord3761
ord1395
ord2794
ord5613
ord2164
ord747
ord559
ord3174
ord6037
ord4035
ord2264
ord2346
ord3244
ord2094
ord4100
ord1955
ord3255
ord1181
ord5320
ord6286
ord758
ord567
ord2075
ord2234
ord1580
ord1929
ord2233
ord5642
ord5727
ord5331
ord6297
ord781
ord1916
ord2328
ord299
ord6703
ord1265
ord777
ord2327
ord4032
ord282
ord6704
ord1264
ord4036
ord4037
ord2321
ord1262
ord4033
ord4034
ord2319
ord1260
ord2263
ord1486
ord3423
ord2160
ord6120
ord1377
ord5833
ord5710
ord6172
ord6178
ord3684
ord908
ord3596
ord2371
ord1979
ord6017
ord1283
ord4078
ord3952
ord3454
ord1554
ord3348
ord2074
ord3474
ord2802
ord3563
ord1586
ord5991
ord4761
ord4109
ord2272
ord911
ord4081
ord5994
ord2451
ord3406
ord3488
ord3430
ord4001
ord4123
ord502
ord5647
ord5059
ord2654
ord3551
ord3139
ord3571
ord3583
ord4085
ord3676
ord3587
ord3799
ord1598
ord2876
ord3680
ord3302
ord1571
ord5634
ord326
ord2882
ord2873
ord5746
ord2495
ord3651
ord4104
ord5871
ord3473
ord3574
ord3437
ord259
ord1971
ord2938
ord1092
ord423
ord3233
ord660
ord4063
ord866
ord5466
ord762
ord304
ord1187
ord1191
ord1185
ord2168
ord3801
ord757
ord6276
ord566
ord4326
ord2063
ord2018
ord2594
ord5583
ord3806
ord3683
ord1010
ord6118
ord4541
ord5102
ord6219
ord5382
ord2902
ord3832
ord1920
ord2931
ord876
ord5224
ord5226
ord3948
ord310
ord4568
ord5230
ord5213
ord5566
ord2838
ord4481
ord578
ord4261
ord3333
ord2468
ord1054
ord3830
ord5403
ord4038
ord4014
ord6278
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord3641
ord2392
ord2415
ord760
ord2403
ord2385
ord2387
ord2405
ord572
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord5182
ord1964
ord4212
ord1656
ord4890
ord1599
ord2020
ord5200
ord1671
ord2537
ord1670
ord2731
ord1551
ord2835
ord4307
ord2714
ord6724
ord2862
ord5912
ord2540
ord1620
ord2646
ord1617
ord2533
ord3946
ord3718
ord1401
ord3719
ord4244
ord3709
ord4353
ord5152
ord2644
ord1908
ord3949
ord5073
ord4486
ord6090
ord6275
ord4262
ord4185
ord5203
ord2372
ord3182
ord3403
ord1655
ord4722
ord4580
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord605
ord2410
ord354
ord592
ord764
ord1207

msvcr80

free
_wcsdup
_setmbcp
memmove_s
_time64
malloc
calloc
_CxxThrowException
__CxxFrameHandler3
_invalid_parameter_noinfo
_except_handler3
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_recalloc
??0exception@std@@QAE@XZ
memcpy_s
memset
??0exception@std@@QAE@ABV01@@Z
memcpy
atol
_mbscmp
__RTDynamicCast
_mbsnbcpy
sprintf
_vscwprintf
vswprintf_s
_vscprintf
vsprintf_s
_mbsicmp
_mbslen
strtol
atoi
strtoul
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_invoke_watson
_controlfp_s

kernel32

GetCurrentDirectoryA
lstrcmpiA
GetLastError
CreateMutexA
CreateThread
TerminateThread
GetExitCodeThread
MultiByteToWideChar
InterlockedExchange
lstrlenA
lstrlenW
WideCharToMultiByte
Sleep
CloseHandle
InterlockedIncrement
LoadLibraryA
GetModuleHandleA
GetProcAddress
SetLastError
CreateFileA
InterlockedDecrement
lstrcpynA
ReadFile
GetFileSize
SetFilePointer
lstrcatA
MulDiv
InterlockedCompareExchange
lstrcmpA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WriteProcessMemory
GetCurrentProcess
VirtualProtect
GetCurrentThreadId
FindResourceW
FindResourceExW
GetVersionExA
GetLocaleInfoA
lstrcpyA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetModuleFileNameA
GetSystemTimeAsFileTime
GetACP
GetThreadLocale
RaiseException
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetCurrentProcessId

user32

IsRectEmpty
UnhookWindowsHookEx
PostMessageA
ReleaseCapture
GetParent
SetCapture
SetCursor
CopyRect
ClientToScreen
LoadImageW
LoadImageA
LoadCursorW
LoadCursorA
LoadIconW
LoadIconA
LoadBitmapW
LoadStringW
LoadStringA
SetWindowsHookExA
CallNextHookEx
SystemParametersInfoA
UpdateWindow
SetRectEmpty
GetMenuItemRect
UnionRect
TrackPopupMenuEx
TrackPopupMenu
FillRect
FrameRect
DrawTextA
SetRect
SetMenuItemBitmaps
GetMenuItemInfoA
GetMenuDefaultItem
OffsetRect
InflateRect
GetMenuItemCount
GetMenuState
IsMenu
InsertMenuItemA
MapWindowPoints
SetFocus
IsWindowEnabled
LoadMenuA
GetWindowTextA
CallWindowProcA
DestroyMenu
GetDlgCtrlID
GetSystemMetrics
RedrawWindow
ShowWindow
GetCursorPos
GetWindow
GetClassNameA
GetSubMenu
SetTimer
KillTimer
SetScrollPos
SetMenuItemInfoA
EnableScrollBar
ValidateRect
DestroyCursor
GetComboBoxInfo
UnregisterClassA
EnableWindow
IsZoomed
IsIconic
GetMenuItemID
SetMenuDefaultItem
EnableMenuItem
AppendMenuA
CreatePopupMenu
WindowFromPoint
BeginPaint
EndPaint
GetAsyncKeyState
GetKeyState
DrawFocusRect
GetCapture
GetWindowRect
GetWindowDC
SetWindowLongA
FindWindowExA
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
GetClientRect
SetWindowRgn
LoadBitmapA
PtInRect
GetSystemMenu
DrawStateA
GetWindowLongA
DestroyIcon
IsWindow
SendMessageA
SetParent
GetSysColor
CopyImage
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
GetDesktopWindow
IsWindowVisible

gdi32

PatBlt
CreateRectRgnIndirect
GetTextMetricsA
GetTextColor
GetBkColor
GetBkMode
TextOutA
SetPixel
SetBkMode
SetStretchBltMode
DPtoLP
CreateBitmap
GetMapMode
SetMapMode
GetDeviceCaps
CreateSolidBrush
SetBkColor
SetTextColor
GetBitmapBits
SetBitmapBits
GetPixel
CreateBrushIndirect
MoveToEx
LineTo
GetDIBits
DeleteDC
CreateEllipticRgn
GetTextExtentPoint32A
Rectangle
SelectObject
CreateFontIndirectA
ExtCreatePen
CreatePen
GetStockObject
CreateRectRgn
CombineRgn
DeleteObject
CreateDIBitmap
StretchBlt
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
CreateFontA

msimg32

AlphaBlend

shell32

ShellExecuteA

comctl32

_TrackMouseEvent
ImageList_GetImageInfo
ImageList_DrawEx
ImageList_Draw
ImageList_GetIconSize
InitCommonControlsEx
ImageList_GetImageCount

shlwapi

PathAppendA
PathRemoveFileSpecA

ole32

CoCreateInstance
OleRun
CoUninitialize
CoInitialize

oleaut32

SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetVartype
VariantChangeType
VariantClear
VariantCopy
VariantInit
SysFreeString
SysStringLen
SysAllocStringByteLen
SysAllocString

msvcp80

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 349KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 537B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

695febfc9329106223b2ca8f0340fe6e

Headers

File Characteristics

PDB Paths

Imports

mfc80

msvcr80

kernel32

user32

gdi32

msimg32

shell32

comctl32

shlwapi

ole32

oleaut32

msvcp80

imagehlp

Sections

.text Size: 349KB - Virtual size: 348KB

.rdata Size: 94KB - Virtual size: 94KB

.data Size: 4KB - Virtual size: 7KB

.tls Size: 1024B - Virtual size: 537B

.rsrc Size: 19KB - Virtual size: 19KB

.text
Size: 349KB - Virtual size: 348KB

.rdata
Size: 94KB - Virtual size: 94KB

.data
Size: 4KB - Virtual size: 7KB

.tls
Size: 1024B - Virtual size: 537B

.rsrc
Size: 19KB - Virtual size: 19KB