24e126db01d242b1765dd21481efd012_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

24e126db01d242b1765dd21481efd012_JaffaCakes118
Size

307KB
MD5

24e126db01d242b1765dd21481efd012
SHA1

902e9c9f06b19e056674cdb188b991fc8abcc755
SHA256

c834784a5936b7e810fdb98a8c014d56881a5e2e34ebafa55e0b251896a146a7
SHA512

0550ee2652672cdaabbc8db8d34c1ff6333c61998275ac352fb27b12742995548e33afaaf015ca384b46a87534d29cf19a84060af56142dccc55c710d97c6c86
SSDEEP

3072:DqVe3UsewvPLVlHhxVk6iCSI8Zcjrc9TmZgVwSgtyMSnCAEM+L8v+dDW0mXqAZG+:PUSP9PgDOhStRiWlTudnXBOXe37DW+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
24e126db01d242b1765dd21481efd012_JaffaCakes118

Files

24e126db01d242b1765dd21481efd012_JaffaCakes118
.exe windows:5 windows x86 arch:x86

8d1405ecd6884fd3a5fa7774a73f1247

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

mfc90u

ord3232
ord4553
ord5450
ord5447
ord2860
ord2079
ord2445
ord5354
ord4985
ord758
ord1041
ord5930
ord554
ord3631
ord2655
ord6159
ord6271
ord4169
ord6668
ord6664
ord5808
ord3109
ord3715
ord2264
ord6485
ord4351
ord3932
ord1224
ord3653
ord4701
ord5153
ord1718
ord1880
ord1888
ord5035
ord1876
ord2121
ord6618
ord6616
ord2110
ord2089
ord1447
ord984
ord2205
ord2240
ord2241
ord3064
ord6519
ord6622
ord6624
ord6225
ord4763
ord4720
ord5655
ord5615
ord4730
ord3380
ord4175
ord1681
ord4007
ord670
ord415
ord3819
ord2726
ord6205
ord6829
ord3421
ord2763
ord265
ord6226
ord3537
ord6311
ord1696
ord4727
ord4042
ord793
ord588
ord3948
ord3165
ord4866
ord4865
ord5224
ord4622
ord5214
ord5418
ord4590
ord4599
ord5020
ord5210
ord4807
ord4823
ord4820
ord4802
ord4805
ord4800
ord5297
ord5294
ord4378
ord5601
ord3681
ord1441
ord5624
ord4693
ord2271
ord3155
ord2592
ord3061
ord4773
ord4527
ord6353
ord1486
ord2372
ord1383
ord4268
ord3741
ord2479
ord4518
ord6170
ord266
ord782
ord580
ord1254
ord3515
ord2243
ord339
ord5387
ord4398
ord2360
ord1503
ord3423
ord3422
ord6831
ord6830
ord4127
ord5182
ord744
ord524
ord2069
ord2901
ord2596
ord1108
ord2904
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord5338
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord3115
ord4905
ord3670
ord3676
ord3677
ord2345
ord2447
ord1182
ord6482
ord1098
ord4211
ord1186
ord794
ord589
ord4043
ord391
ord1152
ord5939
ord1599
ord899
ord4405
ord1144
ord5851
ord2694
ord1603
ord6727
ord571
ord1064
ord2597
ord582
ord784
ord3500
ord813
ord1250
ord6355
ord4631
ord4131
ord778
ord595
ord797
ord3654
ord4681
ord3286
ord6376
ord5664
ord6800
ord4660
ord1493
ord6411
ord3355
ord1719
ord2283
ord5632
ord5167
ord5324
ord1810
ord1809
ord3353
ord6408
ord1754
ord1751
ord4345
ord1492
ord4664
ord2074
ord5512
ord4603
ord5653
ord3743
ord5154
ord4702
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord6804
ord3682
ord5404
ord3226
ord1442
ord5625
ord2139
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord3112
ord4728
ord2966
ord3140
ord2774
ord2893
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4910
ord4682
ord6347
ord4266
ord2593
ord1063
ord1088
ord1137
ord2469
ord3229
ord6379
ord3230
ord6381
ord980
ord5803
ord3287
ord2651
ord2650
ord4429
ord4344
ord5598
ord2369
ord1380
ord4697
ord6375
ord3225
ord4685
ord2251
ord6160
ord6091
ord1353
ord636
ord367
ord1354
ord613
ord337
ord2536
ord4442
ord6579
ord3145
ord6065
ord2595
ord1688
ord4262
ord4543
ord6604
ord5602
ord1675
ord1938
ord729
ord639
ord3543
ord2106
ord2537
ord1183
ord3486
ord686
ord436
ord3794
ord935
ord5979
ord1607
ord3220
ord285
ord938
ord933
ord286
ord799
ord1248
ord1043
ord811
ord296
ord783
ord581
ord5887
ord1044
ord600
ord280
ord801
ord2971
ord1272

msvcr90

_wcsicmp
_wsplitpath_s
_wmakepath_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
_controlfp_s
_invoke_watson
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
__p__fmode
_CxxThrowException
memset
__CxxFrameHandler3
memcpy
_wmakepath
_wsplitpath
_purecall
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABV01@@Z
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
exit
swprintf_s
wcsrchr
wcscat_s
memcpy_s
malloc
_resetstkoflw
free
calloc
_recalloc
_wtoi
_wcsnicmp
memmove_s
wcstoul
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ

kernel32

GetLocaleInfoW
OpenProcess
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
RaiseException
GetCurrentThreadId
IsDebuggerPresent
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
LocalAlloc
LoadLibraryA
GetProcessHeap
HeapFree
GetUserDefaultUILanguage
GetFileSizeEx
CreateFileW
CreateDirectoryW
GetFileAttributesW
WaitForMultipleObjects
DeleteFileW
GetTickCount
WaitForSingleObject
ResumeThread
CloseHandle
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
SetEvent
ResetEvent
LeaveCriticalSection
EnterCriticalSection
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
Sleep
WriteFile
ReadFile
SetEndOfFile
SetFilePointerEx
GetDiskFreeSpaceW
FindFirstFileW
MultiByteToWideChar
GetVersionExA
lstrlenW
InterlockedExchange
CreateMutexW
FreeLibrary
GetModuleFileNameW
FindClose
FindNextFileW
GetVolumeInformationW

user32

GetPropW
ShowWindow
IsIconic
GetLastActivePopup
EnumWindows
RegisterWindowMessageW
GetSystemMenu
LoadImageW
DrawIcon
SetPropW
RemovePropW
IsZoomed
GetMenuItemCount
GetMenuItemID
GetSubMenu
LoadBitmapW
GetCapture
ReleaseCapture
PeekMessageW
ClientToScreen
LoadStringW
LoadIconW
TranslateAcceleratorW
GetAsyncKeyState
GetParent
GetFocus
SystemParametersInfoA
CopyRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
InflateRect
EqualRect
SetMenuDefaultItem
GetCursorPos
GetWindowThreadProcessId
SetForegroundWindow
FindWindowW
PostMessageW
IsWindow
GetDesktopWindow
IsWindowVisible
GetSystemMetrics
PtInRect
GetWindowLongW
SetWindowLongW
EnableWindow
UpdateWindow
KillTimer
SetTimer
GetClientRect
SendMessageW
SystemParametersInfoW
GetWindowRect
LoadAcceleratorsW
InvalidateRect
AppendMenuW

gdi32

CreateFontIndirectW
StretchBlt
SetStretchBltMode
GetObjectW
SetDIBColorTable
SelectObject
DeleteDC
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateDIBSection

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

ord4
ord2
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderPathW
Shell_NotifyIconW

comctl32

ord17

ole32

OleRun
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize

oleaut32

GetErrorInfo
SysFreeString
VariantClear
SysAllocString

msvcp90

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

gdiplus

GdipCreateBitmapFromFile
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipGetImagePalette
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipCreateBitmapFromScan0
GdipCloneImage
GdipAlloc
GdipFree
GdipDisposeImage
GdipGetImageGraphicsContext
GdipDeleteGraphics
GdipDrawImageI
GdiplusShutdown
GdiplusStartup

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

scvoafh
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8d1405ecd6884fd3a5fa7774a73f1247

Headers

DLL Characteristics

File Characteristics

Imports

version

mfc90u

msvcr90

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp90

gdiplus

Sections

.text Size: 150KB - Virtual size: 150KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 95KB - Virtual size: 96KB

scvoafh Size: - Virtual size: 4KB

.text
Size: 150KB - Virtual size: 150KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 95KB - Virtual size: 96KB

scvoafh
Size: - Virtual size: 4KB