282f271c389a5e94e60542d5a7bdeddf_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

282f271c389a5e94e60542d5a7bdeddf_JaffaCakes118
Size

232KB
MD5

282f271c389a5e94e60542d5a7bdeddf
SHA1

7b1a9b2bd0900e453ea77a9870dcb99cce7b176f
SHA256

48652d06af6cff156e4f3c1f3d6f558573ed2e6c35b6a0d2c5720cd50b0d1e79
SHA512

d1f0df3843ccdcac54c27e2003e171fc674db8c17eb666d6e09f08bf407d22f4127671adbbb16143c7d47d853c362554dfa011d53f93a95cef10baafb1bd4f38
SSDEEP

6144:h+sRL+M78NQI4PPpdietC+OMSOiX9cpWY:IsRLr8ydio7OMSOO9H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
282f271c389a5e94e60542d5a7bdeddf_JaffaCakes118

Files

282f271c389a5e94e60542d5a7bdeddf_JaffaCakes118
.exe windows:4 windows x86 arch:x86

c716ad1fecfd0eee516e2c382ce32e94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
MulDiv
GetUserDefaultLangID
GetVersion
GetTickCount
MultiByteToWideChar
lstrlenW
lstrlenA
WideCharToMultiByte
Sleep
Thread32Next
ResumeThread
SuspendThread
OpenThread
Thread32First
GetCurrentThreadId
SetPriorityClass
GetUserDefaultLCID
GetCommandLineA
InterlockedDecrement
GetLastError
CreateFileA
GetTempPathA
SetEvent
IsBadReadPtr
GetModuleHandleA
IsBadCodePtr
MapViewOfFile
GetSystemInfo
LocalFree
GetStartupInfoA
LoadLibraryA
GetProcAddress

user32

GetForegroundWindow
IsCharLowerA
GetSystemMetrics
PostMessageA
GetUserObjectInformationA
IsCharAlphaNumericA
RegisterClassA
IsCharUpperA
GetFocus
GetCursor
CharUpperA
CharLowerA
GetWindowRect
GetCapture
IsWindow
GetDesktopWindow

advapi32

RegQueryValueExA

ole32

CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun

oleaut32

VariantClear
GetErrorInfo
SysAllocString
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
SysFreeString
SysStringLen

msvcp60

?_Xran@std@@YAXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPADD@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Incref@facet@locale@std@@QAEXXZ
??1?$ctype@D@std@@UAE@XZ
??0_Lockit@std@@QAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
?_Iscloc@locale@std@@QBE_NXZ
??0?$ctype@D@std@@QAE@PBF_NI@Z
??1_Lockit@std@@QAE@XZ
??_7bad_cast@std@@6B@
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
?do_tolower@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_tolower@?$ctype@D@std@@MBEDD@Z
?do_toupper@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_toupper@?$ctype@D@std@@MBEDD@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??0locale@std@@QAE@PBDH@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1locale@std@@QAE@XZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ

msvcrt

strcpy
_strdup
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
atoi
sprintf
strncat
strcat
_strnicmp
_stricmp
strstr
strchr
strncpy
_itoa
free
memcmp
??0exception@@QAE@ABQBD@Z
strlen
__CxxFrameHandler
_except_handler3
rand
srand
memset
??2@YAPAXI@Z
memcpy
wcscmp
??0exception@@QAE@ABV0@@Z
_CxxThrowException
malloc
wcslen

ws2_32

getsockopt
connect
htons
setsockopt
socket
gethostbyname
WSAStartup
send
closesocket
WSACleanup
recv

Sections

.text
Size: 192KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c716ad1fecfd0eee516e2c382ce32e94

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp60

msvcrt

ws2_32

Sections

.text Size: 192KB - Virtual size: 188KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 4KB

.text
Size: 192KB - Virtual size: 188KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 4KB