240fa0dbf7fa1911d1c87804be156bfa_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

240fa0dbf7fa1911d1c87804be156bfa_JaffaCakes118
Size

1.4MB
MD5

240fa0dbf7fa1911d1c87804be156bfa
SHA1

69dc2ed8a7f04f00cac073cef471db9a2b0c410e
SHA256

17c5844b75bfad10cb4f760c3591c7632bf6121e07b6f0d41dab5dc596157f45
SHA512

45135da2e6455f99c6c3038e21541749c9a389c178c6634f6fb35728f375015d9c7f0c7787b19e2a31f066f40189c42cd2fd6ddbfb99ad621e267563e92a5023
SSDEEP

24576:EtUUnsUM8w676lDvybml7kyjKPa85wxWW+CUVFjcIrj3B2:TUedykjF+CujcY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
240fa0dbf7fa1911d1c87804be156bfa_JaffaCakes118

Files

240fa0dbf7fa1911d1c87804be156bfa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6636ae22648b7521c328a33b84aed4ed

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRemoveFileSpecW
PathFileExistsA
PathIsRelativeW
PathAppendW

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

inet_ntoa
gethostbyname
gethostname
htonl
htons
ntohl
ntohs
ioctlsocket
inet_addr
setsockopt
getsockopt
listen
WSAGetLastError

netapi32

Netbios

mfc42

ord2623
ord341
ord4003
ord2486
ord654
ord2688
ord2379
ord1114
ord3258
ord6453
ord1113
ord924
ord6140
ord5858
ord5603
ord3981
ord539
ord4160
ord2061
ord1601
ord1200
ord3402
ord2135
ord1949
ord4034
ord3789
ord6215
ord2086
ord2817
ord2814
ord832
ord6892
ord5710
ord922
ord940
ord6876
ord857
ord5834
ord861
ord1199
ord700
ord4189
ord913
ord398
ord699
ord3938
ord397
ord801
ord5861
ord541
ord5593
ord3438
ord5631
ord4188
ord1168
ord6467
ord6311
ord4171
ord568
ord819
ord5611
ord5863
ord3698
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord765
ord641
ord324
ord2302
ord4234
ord2863
ord4710
ord859
ord6648
ord6877
ord3185
ord1799
ord4622
ord614
ord290
ord4226
ord2727
ord2730
ord2729
ord2864
ord6145
ord6143
ord6781
ord5608
ord2065
ord1622
ord4673
ord1154
ord1223
ord1206
ord4274
ord912
ord5289
ord3401
ord6375
ord4486
ord2554
ord2512
ord6883
ord4698
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord5307
ord5714
ord818
ord1158
ord803
ord815
ord543
ord561
ord5500
ord5716
ord5717
ord2621
ord1247
ord1175
ord6354
ord4202
ord1233
ord1134
ord3953
ord1105
ord1218
ord6197
ord6380
ord1768
ord2725
ord1209
ord1205
ord4021
ord4020
ord1567
ord268
ord1265
ord2233
ord5953
ord2393
ord2763
ord2458
ord6289
ord3470
ord968
ord455
ord1572
ord3353
ord772
ord610
ord500
ord287
ord5606
ord5602
ord5860
ord5857
ord6142
ord6139
ord3986
ord3979
ord446
ord743
ord3127
ord3616
ord5651
ord3126
ord3613
ord350
ord3579
ord4204
ord6928
ord3643
ord696
ord394
ord6418
ord6307
ord909
ord4167
ord521
ord1263
ord5628
ord2820
ord548
ord4185
ord1166
ord2919
ord6442
ord5431
ord3348
ord4351
ord567
ord619
ord2625
ord297
ord2033
ord3780
ord2077
ord5809
ord2988
ord2029
ord1228
ord1639
ord1638
ord5810
ord5481
ord2031
ord4863
ord5796
ord5478
ord966
ord3570
ord605
ord278
ord4335
ord4411
ord4447
ord4919
ord4975
ord1971
ord1670
ord349
ord5480
ord2449
ord923
ord2784
ord3500
ord2152
ord4627
ord3742
ord4424
ord3825
ord4080
ord3079
ord2976
ord3831
ord3830
ord3262
ord3081
ord2985
ord3259
ord3136
ord4465
ord5277
ord3147
ord2982
ord5261
ord2124
ord2446
ord3749
ord1727
ord5065
ord2648
ord6376
ord2055
ord3798
ord4441
ord4837
ord6374
ord5290
ord4353
ord5241
ord5163
ord2385
ord4078
ord4407
ord1776
ord6663
ord6055
ord4275
ord2044
ord2818
ord3903
ord5186
ord6385
ord354
ord5442
ord665
ord3318
ord2448
ord5572
ord1979
ord2107
ord2614
ord4278
ord1187
ord538
ord2764
ord5450
ord2841
ord6394
ord3790
ord6383
ord5440
ord535
ord3663
ord6662
ord6929
ord6282
ord6283
ord2770
ord941
ord356
ord540
ord2781
ord4058
ord926
ord3178
ord860
ord1980
ord939
ord3181
ord5683
ord668
ord537
ord4129
ord4277
ord2915
ord823
ord858
ord800
ord3738
ord825
ord3584
ord5731
ord3922
ord2989
ord1576

msvcrt

_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
__setusermatherr
__p__commode
_adjust_fdiv
_onexit
__dllonexit
strstr
memcmp
_iob
??1type_info@@UAE@XZ
?terminate@@YAXXZ
fputc
_beginthreadex
_splitpath
sprintf
memset
strlen
memcpy
_mbslwr
isdigit
_except_handler3
wcsncpy
__p___argc
__p___argv
_CxxThrowException
exit
calloc
__p__fmode
_stricmp
realloc
_purecall
atof
atol
_mbsicmp
srand
rand
atoi
_ftol
_mbsnbcmp
_mbsstr
_mbsncmp
_mbschr
strtoul
memmove
_mbscmp
_lseek
_write
_read
_open
free
malloc
_close
strncpy
time
localtime
strftime
_mbsnbcat
__set_app_type
_snprintf
__CxxFrameHandler
_mbsnbcpy
qsort
strncmp
_wcsicmp
_setmbcp
_mbsrchr
_controlfp

kernel32

GetProcAddress
GetStartupInfoA
GetModuleHandleA
GlobalFree
SetThreadPriority
LocalFileTimeToFileTime
SetFileTime
DosDateTimeToFileTime
SetFileAttributesA
GetFileAttributesA
GetModuleFileNameA
SetFilePointer
WriteFile
CreateFileA
DeleteFileA
WritePrivateProfileStringA
CloseHandle
TerminateProcess
SetErrorMode
GetCurrentProcess
lstrlenA
GetVersionExA
SetUnhandledExceptionFilter
VirtualQuery
LoadLibraryA
ReadFile
DuplicateHandle
CreatePipe
FreeLibrary
CreateProcessA
GetFileSize
GetStdHandle
GetSystemDirectoryA
WaitForSingleObject
GetTickCount
GetDiskFreeSpaceExA
LeaveCriticalSection
GetLongPathNameA
FileTimeToSystemTime
GetFileTime
EnterCriticalSection
GetCurrentThreadId
WaitForMultipleObjects
CreateEventA
TerminateThread
GetExitCodeThread
ResetEvent
FlushInstructionCache
lstrcmpiA
SetEvent
WideCharToMultiByte
InitializeCriticalSection
lstrlenW
IsDBCSLeadByte
DeleteCriticalSection
GetPrivateProfileStringA
Sleep
SetPriorityClass
HeapDestroy
GetCommandLineA
ReleaseMutex
OpenMutexA
CreateMutexA
lstrcpynA
GetModuleFileNameW
lstrcatA
GetShortPathNameA
lstrcpyA
LoadResource
FindResourceA
SizeofResource
LoadLibraryExA
InterlockedIncrement
GetLastError
VirtualQueryEx
GetThreadSelectorEntry
InterlockedDecrement
GetCurrentThread
ReadProcessMemory
FindFirstFileA
RemoveDirectoryA
FindClose
GetTempPathA
GetFileAttributesExA
GetTempFileNameA
SetEndOfFile
HeapFree
GetProcessHeap
MultiByteToWideChar
CreateDirectoryA
HeapAlloc

user32

EnableMenuItem
MessageBeep
EnableWindow
IsWindow
UpdateWindow
GetDesktopWindow
FindWindowA
SendMessageTimeoutA
CharNextA
GetSystemMenu
SetTimer
CallWindowProcA
KillTimer
SetWindowLongA
GetClassInfoExA
LoadCursorA
wsprintfA
RegisterClassExA
SendMessageA
CreateWindowExA
DestroyWindow
DefWindowProcA
PostMessageA
SetWindowPos
GetWindowLongA

advapi32

RegEnumValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegQueryInfoKeyA
RegCreateKeyExA

shell32

ShellExecuteExA
SHChangeNotify
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoInitialize
CoRevokeClassObject
CoTaskMemFree
CoRegisterClassObject
CoUninitialize
StringFromCLSID
StgCreateDocfile
StgOpenStorage
CLSIDFromString
CoCreateGuid
CoFreeLibrary
CoCreateInstance
CoLoadLibrary
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

SysAllocStringLen
SafeArrayRedim
SysFreeString
SysAllocString
VariantClear
SafeArrayUnlock
SafeArrayDestroy
SafeArrayCopy
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
SafeArrayCreate
SafeArrayLock
VariantInit
SysStringLen
LoadRegTypeLi
DispCallFunc
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
SysStringByteLen

imagehlp

SymInitialize
StackWalk
SymFunctionTableAccess
SymSetOptions
SymLoadModule
SymGetModuleInfo
SymGetSymFromAddr

wininet

HttpQueryInfoA
HttpSendRequestExA
InternetErrorDlg
InternetQueryOptionA
InternetReadFileExA
InternetWriteFile
HttpEndRequestA
HttpOpenRequestA
InternetConnectA
InternetCloseHandle
InternetCrackUrlA
InternetSetStatusCallback
HttpSendRequestA
HttpAddRequestHeadersA
InternetOpenA
InternetSetOptionA
InternetSetCookieA

Sections

.text
Size: 1012KB - Virtual size: 1010KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6636ae22648b7521c328a33b84aed4ed

Headers

File Characteristics

Imports

shlwapi

version

ws2_32

netapi32

mfc42

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

imagehlp

wininet

Sections

.text Size: 1012KB - Virtual size: 1010KB

.rdata Size: 188KB - Virtual size: 185KB

.data Size: 56KB - Virtual size: 69KB

.rsrc Size: 120KB - Virtual size: 117KB

.text Size: 12KB - Virtual size: 9KB

.text
Size: 1012KB - Virtual size: 1010KB

.rdata
Size: 188KB - Virtual size: 185KB

.data
Size: 56KB - Virtual size: 69KB

.rsrc
Size: 120KB - Virtual size: 117KB

.text
Size: 12KB - Virtual size: 9KB