2e91b692ec7b3a1161ef1f827e3545da_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2e91b692ec7b3a1161ef1f827e3545da_JaffaCakes118
Size

682KB
MD5

2e91b692ec7b3a1161ef1f827e3545da
SHA1

2a315a426b4e4683ed6c49cb5bd156acad5958e3
SHA256

dadbf7944157239f964dc2bdb1bb79943514f844320b6ed64cae0c747dd076ed
SHA512

b78ffd622fca1e1fba33579118b2fe3801e31124ac331236b4dd8d15bd874525b73d20e82c9f82279f0a4a2b0206fabb12628cfc23f43fa28746833eb5e9f685
SSDEEP

6144:ndhOfjZXluQA/qNgSr5oK4cYw76VCQaNQJmuCKqzIubb1l/:7YjTVxNgSFDwwjNQJ0zIi5Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2e91b692ec7b3a1161ef1f827e3545da_JaffaCakes118

Files

2e91b692ec7b3a1161ef1f827e3545da_JaffaCakes118
.exe windows:5 windows x86 arch:x86

406988ddd9956ad5b2d02e701d0e83d8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dialer.pdb

Imports

mfc42u

ord561
ord2717
ord5285
ord6279
ord6278
ord4124
ord4272
ord2756
ord2362
ord1761
ord4704
ord6371
ord3810
ord2885
ord1105
ord6195
ord3087
ord2294
ord617
ord5297
ord6350
ord6348
ord2028
ord986
ord520
ord4154
ord6113
ord2613
ord5208
ord296
ord940
ord942
ord4426
ord3621
ord2406
ord3568
ord1634
ord4583
ord4582
ord4893
ord4364
ord4886
ord4335
ord4343
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord5236
ord3743
ord1719
ord5256
ord1264
ord4717
ord1840
ord4238
ord6451
ord2855
ord2574
ord4396
ord3365
ord3635
ord693
ord2857
ord686
ord384
ord6168
ord5871
ord5785
ord755
ord2966
ord470
ord3288
ord2089
ord2400
ord5619
ord3297
ord283
ord2854
ord1933
ord810
ord4266
ord3393
ord3728
ord3084
ord2755
ord4215
ord2576
ord3649
ord2430
ord2858
ord1637
ord5616
ord3991
ord6266
ord2092
ord997
ord6567
ord915
ord1863
ord4186
ord5592
ord400
ord702
ord5630
ord1808
ord795
ord956
ord3614
ord3133
ord3397
ord3716
ord773
ord501
ord326
ord2563
ord1083
ord5596
ord5783
ord5869
ord3562
ord602
ord2634
ord535
ord1795
ord4225
ord6150
ord2522
ord4358
ord4051
ord5467
ord4116
ord2381
ord5230
ord6365
ord5275
ord5244
ord2436
ord298
ord620
ord4448
ord6331
ord1930
ord4263
ord3290
ord4360
ord1703
ord2615
ord5058
ord554
ord807
ord4800
ord6060
ord3490
ord6105
ord291
ord6437
ord5880
ord2916
ord2538
ord2293
ord3579
ord543
ord803
ord802
ord542
ord3517
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord2637
ord3281
ord6896
ord3566
ord3687
ord459
ord5781
ord640
ord6153
ord323
ord816
ord562
ord5787
ord5617
ord6330
ord2606
ord1085
ord537
ord4273
ord6125
ord4078
ord879
ord882
ord609
ord656
ord2567
ord4390
ord3569
ord3605
ord3798
ord4442
ord4665
ord4670
ord4584
ord1834
ord4237
ord3332
ord6205
ord3865
ord5248
ord3806
ord5024
ord4493
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5233
ord5278
ord2641
ord1658
ord4430
ord4421
ord796
ord674
ord529
ord366
ord4407
ord5996
ord2109
ord6325
ord4451
ord1941
ord1173
ord5801
ord613
ord289
ord4688
ord998
ord5638
ord3867
ord2350
ord3993
ord1937
ord4268
ord5070
ord560
ord813
ord3000
ord4158
ord5881
ord6142
ord4279
ord2112
ord1791
ord3348
ord614
ord1191
ord290
ord3688
ord4128
ord4292
ord5784
ord941
ord2746
ord3494
ord2507
ord355
ord3516
ord652
ord715
ord4420
ord4617
ord6171
ord6076
ord3193
ord3449
ord4381
ord3733
ord4616
ord5710
ord5303
ord4074
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord2391
ord4852
ord1569
ord4947
ord5649
ord3167
ord5573
ord1739
ord5736
ord5239
ord2534
ord2502
ord6332
ord3060
ord3053
ord4690
ord1203
ord5930
ord2078
ord2910
ord5568
ord1144
ord354
ord1172
ord538
ord925
ord922
ord5210
ord1165
ord6396
ord2732
ord2793
ord1594
ord1196
ord5593
ord4817
ord641
ord3998
ord2478
ord4233
ord1817
ord5852
ord2776
ord858
ord3658
ord1081
ord3291
ord540
ord4155
ord800
ord3909
ord3282
ord2859
ord823
ord825
ord2115
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5727
ord2504
ord2546
ord4480
ord1143
ord2371
ord4294
ord4270
ord818
ord567
ord3737
ord4692
ord4847
ord4229
ord324
ord3592
ord4419
ord5276
ord1767
ord6048
ord2506
ord4992
ord4370
ord5261
ord3191
ord3442
ord815
ord743
ord4269
ord4604
ord4606
ord3313
ord870
ord996
ord3805
ord919
ord937
ord935
ord5977
ord2879
ord5601
ord273
ord1961
ord603
ord4414
ord3871
ord6565
ord6376
ord6374
ord6193
ord6375
ord3792
ord6211
ord5180
ord6381
ord2806
ord2810
ord1971
ord665
ord6398
ord1220
ord338
ord1633
ord415
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord1708
ord861

msvcrt

_onexit
?terminate@@YAXXZ
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__CxxFrameHandler
wcscmp
_controlfp
wcscpy
_c_exit
iswctype
_wcsnicmp
_itow
_ltow
memmove
wcstoul
_wtol
_wtoi
_wcsicmp
towupper
_snwprintf
wcschr
_ftol
free
_wcsdup
_purecall
wcsncpy
swprintf
wcslen

atl

ord18
ord32
ord16
ord21
ord23
ord17
ord20
ord11
ord10

advapi32

RegQueryValueExA
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegSetValueW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExA
GetUserNameW

kernel32

GetModuleHandleA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetTempPathW
GetTempFileNameW
CreateDirectoryW
FindResourceW
LoadResource
LockResource
lstrcmpiW
GetCurrentThreadId
GetModuleHandleW
FormatMessageW
LoadLibraryA
GetCurrentProcess
ExpandEnvironmentStringsW
ResetEvent
WaitForMultipleObjects
LoadLibraryW
GetProcAddress
FreeLibrary
lstrcpynW
IsBadWritePtr
Sleep
GlobalHandle
CreateFileW
WriteFile
GlobalAlloc
GlobalUnlock
GlobalReAlloc
GlobalFree
GlobalLock
lstrcpyW
lstrcatW
lstrlenW
GetLastError
GetPrivateProfileStringW
CreateThread
SetEvent
InterlockedDecrement
DeleteFileW
GetTickCount
WaitForSingleObject
TerminateThread
CloseHandle
CreateEventW
InterlockedIncrement
GetWindowsDirectoryW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
HeapFree
GetProcessHeap
FreeConsole
OutputDebugStringW
SetConsoleScreenBufferSize
GetStdHandle
AllocConsole
GetPrivateProfileIntW
HeapAlloc
WritePrivateProfileStringW
HeapSize
HeapReAlloc
GetStartupInfoW

gdi32

CreateFontIndirectW
GetTextExtentPoint32W
CreateSolidBrush
GetObjectW
DeleteObject
PatBlt
SelectObject
SetBkColor
ExtTextOutW
StretchBlt
GetDIBColorTable
CreatePen
RealizePalette
SelectPalette
GetStockObject
CreatePalette
SetBkMode
SetTextColor
GetDIBits
CreateDCW
CreateCompatibleDC
DeleteDC
GetDeviceCaps
CreateCompatibleBitmap
CreateHalftonePalette
BitBlt
GetSystemPaletteEntries
Rectangle
CreatePolygonRgn
PtInRegion
SetPixel
GetPixel
ExtFloodFill
CreateBitmap
SetMapMode
GetMapMode
DPtoLP
GetTextExtentPointW
CreateDIBitmap

user32

SetActiveWindow
SetForegroundWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetActiveWindow
SystemParametersInfoW
GetSystemMetrics
SetFocus
GetFocus
GetClientRect
GetDesktopWindow
FindWindowW
GetLastActivePopup
LoadCursorW
LoadIconW
SetWindowPos
GetDlgItem
WinHelpW
RegisterClassExW
DefWindowProcW
SetClassLongW
GetSysColor
CopyRect
FillRect
DrawFocusRect
DrawTextW
GetParent
SetMenuItemInfoW
GetMenuState
GetMenuItemInfoW
GetMenuItemCount
ReleaseDC
GetDC
GetSubMenu
LoadMenuW
ValidateRect
KillTimer
IsIconic
GetDlgCtrlID
CreatePopupMenu
AppendMenuW
CheckMenuRadioItem
GetDCEx
SetCapture
SetCursor
ReleaseCapture
ShowWindow
IntersectRect
GetWindow
SetRectEmpty
LoadImageW
CheckMenuItem
EnableMenuItem
GetMenuStringW
LoadBitmapW
DeleteMenu
GetMenuItemID
InsertMenuW
ModifyMenuW
RemoveMenu
GetMenu
TrackPopupMenuEx
MapWindowPoints
DestroyMenu
TrackPopupMenu
SetMenuDefaultItem
MessageBoxW
MessageBeep
RegisterWindowMessageW
CallWindowProcW
InvertRect
DestroyWindow
SetTimer
RedrawWindow
IsWindowVisible
SetWindowLongW
GetWindowRect
EqualRect
OffsetRect
SetRect
PtInRect
IsRectEmpty
IsWindow
PostMessageW
GetCursorPos
SendMessageW
EnableWindow
InvalidateRect
UpdateWindow
CharPrevW
wvsprintfW
GetClassInfoW
RegisterClassW
CreateWindowExW
BeginPaint
EndPaint
ScreenToClient
ClientToScreen
GetWindowLongW
CharNextW

comctl32

ImageList_AddMasked
ImageList_LoadImageW
ImageList_Destroy
CreateToolbarEx
ImageList_Draw
ImageList_SetOverlayImage
ImageList_DrawEx
InitCommonControlsEx
ImageList_GetImageCount

netapi32

NetApiBufferFree
DsGetDcNameW

ole32

CoTaskMemFree
CoInitialize
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysStringLen
SysFreeString
LoadRegTypeLi
SetErrorInfo
SysAllocString

shell32

SHAppBarMessage
Shell_NotifyIconW
SHGetSpecialFolderPathW
ShellExecuteW

msvfw32

DrawDibOpen
DrawDibDraw
DrawDibClose

winmm

sndPlaySoundW

wldap32

ord145
ord13
ord133
ord147
ord135
ord191
ord73
ord208
ord26
ord36
ord140
ord27
ord41
ord224
ord206
ord14

Exports

Exports

TracePrintf
_BScrollGetWindowHandle@4
_BScrollInit@44
_BScrollStart@4
_BScrollStop@4
_BScrollTerm@4
_BScrollWndProc@16
_CreateDIBPalette@8
_GfxBitmapBackfill@12
_GfxBitmapDisplay@20
_GfxBitmapDrawTransparent@24
_GfxBitmapScroll@20
_GfxDeviceIsMono@4
_GfxHideHourglass@4
_GfxLoadBitmapEx@12
_GfxShowHourglass@4
_GfxTextExtentTruncate@12
_MemAllocEx@20
_MemFreeEx@16
_MemInit@8
_MemReAllocEx@24
_MemSize@8
_MemTerm@4
_StrAtoI@4
_StrAtoL@4
_StrChrCat@8
_StrChrCatLeft@8
_StrClean@12
_StrCpyXChr@12
_StrDup@4
_StrDupFree@4
_StrGetLastChr@4
_StrGetRow@16
_StrGetRowColumnCount@12
_StrInsert@8
_StrItoA@12
_StrLtoA@12
_StrSetLastChr@8
_StrSetN@12
_StrTrimChr@8
_StrTrimChrLeading@8
_StrTrimQuotes@4
_StrTrimWhite@4
_StrTrimWhiteLeading@4
_TraceGetLevel@4
_TraceInit@8
_TraceOutput@12
_TraceSetLevel@8
_TraceTerm@4

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 303KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PACK
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

406988ddd9956ad5b2d02e701d0e83d8

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mfc42u

msvcrt

atl

advapi32

kernel32

gdi32

user32

comctl32

netapi32

ole32

oleaut32

shell32

msvfw32

winmm

wldap32

Exports

Exports

Sections

.text Size: 229KB - Virtual size: 228KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 303KB - Virtual size: 303KB

PACK Size: 144KB - Virtual size: 380KB

.text
Size: 229KB - Virtual size: 228KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 303KB - Virtual size: 303KB

PACK
Size: 144KB - Virtual size: 380KB