285885683c8cf7aae410822960201721_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

285885683c8cf7aae410822960201721_JaffaCakes118
Size

188KB
MD5

285885683c8cf7aae410822960201721
SHA1

70406201b76a61fc7ee52fc4dbbcafaff85a64d8
SHA256

c2cd41326c70c95c0e35f63f51cb0e5f4658fabe0492880d0a618906aa0dbcd1
SHA512

43ed5297964c23401c7ea5a3434a31e48489617a9f88e3e3db6e1febd1edaa73f68b941419e4a79e069796692beefc1468114e55bc2de16f01c0a49800cf90da
SSDEEP

3072:e7HyAnj1FhWtb8MM3NCu77ajZhYl1HBJt1JRXfU6RnAIpZjn:2IVuNCu7OjZyl1zJRM6RZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
285885683c8cf7aae410822960201721_JaffaCakes118

Files

285885683c8cf7aae410822960201721_JaffaCakes118
.exe windows:4 windows x86 arch:x86

45878fa93546e4ca3ac9b80a7041c296

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rasapi32

RasGetCountryInfoA
RasSetEntryPropertiesA
RasEnumDevicesA
RasSetEntryDialParamsA
RasEnumEntriesA
RasValidateEntryNameA
RasDeleteEntryA
RasEnumConnectionsA
RasGetConnectStatusA
RasGetEntryDialParamsA
RasDialA
RasHangUpA
RasGetEntryPropertiesA

rasdlg

RasDialDlgA

setupapi

SetupDiOpenClassRegKey
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstallParamsW
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW

commui

AboutDlg

mfc42

ord5277
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3402
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord4424
ord6743
ord6515
ord641
ord567
ord324
ord825
ord2301
ord2302
ord4234
ord6199
ord3092
ord4710
ord2642
ord2370
ord2587
ord4406
ord3394
ord3729
ord804
ord1146
ord1168
ord616
ord3317
ord4129
ord6334
ord6197
ord6379
ord2086
ord5981
ord6215
ord1768
ord6785
ord755
ord470
ord2818
ord1200
ord6669
ord4476
ord5875
ord348
ord663
ord4299
ord823
ord922
ord4160
ord941
ord4204
ord5710
ord2763
ord4278
ord926
ord5651
ord3127
ord3616
ord3663
ord665
ord1979
ord3318
ord5186
ord350
ord352
ord1105
ord2652
ord1669
ord801
ord6143
ord541
ord5440
ord6383
ord5450
ord6394
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord617
ord5301
ord5214
ord296
ord986
ord520
ord4159
ord6117
ord2621
ord1175
ord1134
ord6880
ord3626
ord2414
ord283
ord6453
ord2725
ord1567
ord5583
ord268
ord1825
ord4238
ord4696
ord3058
ord3065
ord2124
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord1849
ord4244
ord2583
ord4589
ord4588
ord4899
ord4370
ord4892
ord4532
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord4403
ord5240
ord3748
ord1726
ord5253
ord3371
ord4432
ord3641
ord686
ord384
ord303
ord813
ord2862
ord2096
ord3998
ord3571
ord1641
ord2408
ord4508
ord2379
ord6905
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord3619
ord796
ord674
ord6491
ord1576
ord366
ord620
ord6069
ord6067
ord2011
ord6000
ord2117
ord2863
ord4457
ord5252
ord1232
ord6565
ord3289
ord4284
ord6625
ord6619
ord2860
ord4224
ord4083
ord4413
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord2864
ord5861
ord939
ord1938
ord4268
ord3295
ord6154
ord2530
ord4056
ord5471
ord4121
ord2389
ord5086
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord554
ord807
ord3797
ord4366
ord1711
ord6605
ord1716
ord4454
ord4163
ord5158
ord4598
ord4806
ord6064
ord3495
ord4873
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord556
ord323
ord640
ord809
ord6877
ord2922
ord2920
ord2859
ord6358
ord1088
ord2122
ord4497
ord5785
ord1640
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord4853
ord4376
ord5265
ord537
ord858
ord924
ord1158
ord860
ord535
ord540
ord2915
ord5572
ord2764
ord800
ord6336
ord529

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
realloc
_strnicmp
sprintf
atof
atoi
_mbsicmp
exit
printf
malloc
free
sscanf
_mbscmp
__CxxFrameHandler
_setmbcp

kernel32

GetModuleHandleA
WaitForSingleObject
GetProcessHeap
HeapAlloc
GetStartupInfoA
LocalFree
LocalAlloc
WideCharToMultiByte
CopyFileA
GetPrivateProfileStringA
GetTickCount
GetVersionExA
GetVersion
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
OpenFile
lstrcatA
GetSystemDirectoryA
GetPrivateProfileIntA
ReadFile
WriteFile
SetCommState
GetCommState
SetCommTimeouts
CloseHandle
PurgeComm
SetupComm
SetCommMask
Sleep
CreateFileA
ResetEvent
SetEvent
GetProcAddress
LoadLibraryA
FreeLibrary
SetThreadPriority
GetModuleFileNameA
GetTempPathA
WritePrivateProfileStringA
WinExec
lstrcpyA
HeapFree
GetLastError

user32

GetSubMenu
LoadMenuA
CopyRect
ReleaseDC
GetDC
SetWindowLongA
PostMessageA
RegisterWindowMessageA
KillTimer
GetParent
SetMenu
GetClassInfoA
GetSystemMenu
AppendMenuA
GetClassNameA
SetTimer
FindWindowA
FillRect
GetWindowLongA
AdjustWindowRectEx
RedrawWindow
InvalidateRect
IsRectEmpty
GetClientRect
MapWindowPoints
LoadIconA
EnableWindow
SendMessageA
wsprintfA
LoadCursorA
SetCursor
GetWindow
IsWindowVisible
GetWindowRect
UpdateWindow
SetRectEmpty
GetCursor
IntersectRect
SetRect

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetStockObject
GetObjectA
CreateFontIndirectA
DeleteObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

comctl32

ImageList_Remove
ImageList_Replace
ImageList_GetImageCount
ImageList_SetImageCount

gdiplus

GdipDrawImageRectRectI
GdipFillRectangleI
GdipGetImageWidth
GdipGetImageHeight
GdiplusShutdown
GdiplusStartup
GdipCreatePen1
GdipCreateHBITMAPFromBitmap
GdipDeletePen
GdipCreateFromHDC
GdipDisposeImage
GdipCloneImage
GdipCloneBrush
GdipCreateSolidFill
GdipGetImageGraphicsContext
GdipDeleteBrush
GdipDeleteGraphics

anwlib1

al_GetLangCodepage
al_GetLangProfile
al_GetLangSkin
al_ShowLastError
al_CreateFont2
al_GetSettingColor
al_GetSettingRect
al_GetSettingInt
al_GetSettingString
al_SetFontInfo
al_GetModulePath

anwimage

??0CImage@@QAE@PAV0@@Z
??0CImage@@QAE@HHHK@Z
?FillColor@CImage@@QAEXAAVColor@Gdiplus@@@Z
?Draw@CImage@@QAEXAAV1@HHHH@Z
?Display@CImage@@QAEXAAVGraphics@Gdiplus@@HHHHH@Z
??1CImageArray@@UAE@XZ
??0CImageArray@@QAE@PBDHPAVCBorder@@@Z
?LoadFile@CImage@@QAE?AW4Status@Gdiplus@@PBD@Z
??0CImage@@QAE@PBD@Z
??1CImage@@UAE@XZ

anwcontrol

??0CStaticEx@@QAE@XZ
??1CStaticEx@@UAE@XZ
?SetTextFont@CStaticEx@@QAEXVCString@@HIE@Z
??0CRescaleButton@@QAE@XZ
??1CRescaleButton@@UAE@XZ

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

45878fa93546e4ca3ac9b80a7041c296

Headers

File Characteristics

Imports

rasapi32

rasdlg

setupapi

commui

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

gdiplus

anwlib1

anwimage

anwcontrol

version

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 48KB - Virtual size: 45KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 48KB - Virtual size: 45KB