325f37951d138712188b2378b0e541ba_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

325f37951d138712188b2378b0e541ba_JaffaCakes118
Size

244KB
MD5

325f37951d138712188b2378b0e541ba
SHA1

ab66615f702dc9e3bf508e45b96a4177ce986381
SHA256

9ad1af6dbf2850e651a291bb07bbe8da0a94572ffc14d6679ea85f10c4ed5cfb
SHA512

0a8df4babaf814815204dd08964a4ec828b527389bc20de437b7d951b4fdce2d8e9b46962786e34bbd1420a6139a95c885e5e63f9c2cbed9d9334e27e42621b7
SSDEEP

3072:qJJyIwUlCuSVGdaYs8wgb4aAiTHdZEl7JKOYtvt3RJaeGahHMOP+8/RvZRgFZRgo:VVGagb0iTHdGSxRuaWOm8/RN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
325f37951d138712188b2378b0e541ba_JaffaCakes118

Files

325f37951d138712188b2378b0e541ba_JaffaCakes118
.exe windows:4 windows x86 arch:x86

fc3e10221547bffac10b6810c22dc71e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

i:\Fact_2008_q2\fact\ReleaseUnicode\fact.pdb

Imports

wininet

InternetQueryOptionW
InternetReadFile
HttpQueryInfoW
InternetConnectW
HttpSendRequestW
HttpOpenRequestW
InternetAttemptConnect
InternetSetOptionW
InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetAutodial

mfc71u

ord283
ord5398
ord2460
ord774
ord589
ord330
ord2362
ord4119
ord2366
ord1894
ord2086
ord1582
ord5911
ord1393
ord4234
ord5210
ord3311
ord3395
ord5609
ord3756
ord6115
ord899
ord776
ord3678
ord3198
ord3155
ord2985
ord1472
ord2361
ord3590
ord1190
ord6116
ord2651
ord1091
ord3417
ord3281
ord4117
ord2077
ord1536
ord4226
ord4026
ord587
ord326
ord4109
ord3995
ord5637
ord2648
ord5414
ord5636
ord741
ord1299
ord2167
ord6063
ord3280
ord1545
ord3189
ord620
ord4611
ord4838
ord4184
ord4207
ord4730
ord5207
ord4714
ord1719
ord3126
ord1785
ord2160
ord3755
ord5829
ord4312
ord2155
ord5066
ord5472
ord3064
ord4861
ord6086
ord2151
ord1922
ord1474
ord4092
ord2080
ord1538
ord4228
ord3165
ord591
ord5064
ord4791
ord629
ord5083
ord384
ord6013
ord5640
ord3662
ord3547
ord1318
ord2027
ord1573
ord5208
ord4274
ord1512
ord4266
ord526
ord721
ord4577
ord977
ord1047
ord2422
ord4313
ord3661
ord3546
ord718
ord5065
ord6232
ord515
ord3435
ord1021
ord1106
ord280
ord287
ord3824
ord5113
ord870
ord566
ord572
ord757
ord760
ord3327
ord4255
ord4475
ord2984
ord2832
ord5562
ord5209
ord5226
ord4562
ord3942
ord5222
ord5220
ord2925
ord1911
ord3826
ord5378
ord6215
ord5096
ord1007
ord3800
ord5579
ord2009
ord2054
ord4320
ord6274
ord3795
ord6272
ord4008
ord4032
ord2239
ord265
ord266
ord5118
ord334
ord593
ord3249
ord5119
ord5199
ord293
ord2321
ord1118
ord577
ord4314
ord5727
ord4574
ord605
ord354
ord3176
ord4256
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1590
ord1646
ord1647
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2397
ord2409
ord2386
ord2402
ord2407
ord2390
ord2392
ord2394
ord2388
ord2404
ord2384
ord931
ord927
ord929
ord925
ord920
ord5229
ord5231
ord5956
ord1591
ord4276
ord4716
ord3397
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1392
ord3940
ord1608
ord1611
ord5908
ord1542
ord1661
ord1662
ord2011
ord4884
ord4729
ord4206
ord5178
ord1271
ord3157
ord1925
ord3204
ord1079
ord762
ord764
ord3635
ord3158
ord1198

msvcr71

fputc
fflush
fputws
ftell
fread
wcstok
wcsncmp
vswprintf
_wctime
_read
_lseek
_filelength
_close
_wsopen
_errno
strtoul
realloc
_wmakepath
_wcsdup
fopen
fseek
_c_exit
_exit
_XcptFilter
_cexit
_wcmdln
_amsg_exit
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
exit
time
_except_handler3
printf
swscanf
wcscmp
wcschr
wcscat
_wcsupr
wcsstr
malloc
calloc
free
iswalnum
iswspace
_wcsicmp
wcscpy
wcsrchr
clock
srand
rand
memcpy
mbstowcs
strcmp
strlen
_purecall
_snprintf
strncat
strncpy
_wsplitpath
fwrite
_wfopen
wcstombs
_wrename
_waccess
_wtoi
wcslen
wcsncat
_itow
fclose
memset
wcsncpy
_CxxThrowException
_snwprintf
__CxxFrameHandler
__p__commode
__p__fmode
__set_app_type
__security_error_handler
??1type_info@@UAE@XZ
__dllonexit
_onexit
?terminate@@YAXXZ
_controlfp

kernel32

GetTimeFormatW
ReleaseMutex
CreateFileW
LoadLibraryExW
CreateEventW
GetModuleHandleW
GetSystemTimeAsFileTime
lstrlenA
WaitForSingleObject
lstrcmpiW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
WriteFile
FindResourceW
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
ExitProcess
GetTickCount
GetCurrentThreadId
lstrlenW
lstrcpynW
GetDateFormatW
GetFileAttributesW
GetCurrentThread
GetCurrentProcess
LocalAlloc
GetStartupInfoW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExW
GetLastError
GetLocalTime
MultiByteToWideChar
GetLocaleInfoW
WritePrivateProfileStringW
GetPrivateProfileStringW
DeleteFileW
OutputDebugStringW
FreeLibrary
CopyFileW
SetEvent
ResetEvent
GetTempPathW
GetFullPathNameW
LoadLibraryW
CloseHandle
Sleep
QueryPerformanceCounter
GetExitCodeProcess
CreateProcessW
CreateDirectoryW
GetModuleFileNameW
GetSystemTime
GetCurrentProcessId
CreateThread
WideCharToMultiByte
GetProcAddress
LoadLibraryA
GetVersionExA
LocalFree

user32

SetTimer
GetClassNameW
GetClassLongW
SetClassLongW
IsChild
OffsetRect
GetDesktopWindow
GetWindowDC
GetForegroundWindow
LoadStringW
ReleaseCapture
SetCapture
UpdateWindow
PtInRect
GetSystemMetrics
DrawIconEx
DestroyIcon
ScreenToClient
FillRect
InflateRect
CopyRect
DrawStateW
GetActiveWindow
GetLastActivePopup
MessageBoxW
GetDC
ReleaseDC
SetWindowLongW
SetCursor
LoadCursorW
InvalidateRect
GetWindowRect
LoadIconW
LoadImageW
SendMessageW
GetParent
PostMessageW
TranslateAcceleratorW
EnableWindow
GetClientRect

gdi32

RealizePalette
SetPixel
GetPixel
RoundRect
CreatePen
GetTextExtentPoint32W
GetDIBits
GetStockObject
CreateFontIndirectW
CreatePalette
GetObjectW
CreateSolidBrush
StretchDIBits
SetDIBitsToDevice

comdlg32

GetOpenFileNameW

advapi32

RegOpenKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegCloseKey
ImpersonateSelf
OpenThreadToken
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
OpenProcessToken
AllocateAndInitializeSid

shell32

ShellExecuteW

comctl32

_TrackMouseEvent

msvcp71

?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AVconst_iterator@12@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AVconst_iterator@12@XZ
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIABV12@I@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z

oleaut32

SysFreeString

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fc3e10221547bffac10b6810c22dc71e

Headers

File Characteristics

PDB Paths

Imports

wininet

mfc71u

msvcr71

kernel32

user32

gdi32

comdlg32

advapi32

shell32

comctl32

msvcp71

oleaut32

Sections

.text Size: 116KB - Virtual size: 116KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 12KB - Virtual size: 17KB

.rsrc Size: 68KB - Virtual size: 68KB

.text
Size: 116KB - Virtual size: 116KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 12KB - Virtual size: 17KB

.rsrc
Size: 68KB - Virtual size: 68KB