3e007f7db312243d9a49310384d83155_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3e007f7db312243d9a49310384d83155_JaffaCakes118
Size

388KB
MD5

3e007f7db312243d9a49310384d83155
SHA1

806991c324a836b953d03854f2269ffd3b343717
SHA256

cca05421de5346b24fb4987e3e2ff5e4d26f21094df88cb23f0706174521607b
SHA512

898ef8d6d91a73f511b5b7ae20aa515062fe8f4be7c7299f15580822173ebe6b61686b0589d806469124548d7e652ce7a2a58544e5ebe474b40027e7240c9396
SSDEEP

12288:y1lJylZ21PoxM35vo2lHaTSrgIRv2KlCDL66Smv:y1vylZAPoxM3TH2SEIRln6Smv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3e007f7db312243d9a49310384d83155_JaffaCakes118

Files

3e007f7db312243d9a49310384d83155_JaffaCakes118
.exe windows:4 windows x86 arch:x86

d93af546fe8f9d2ae9a7d60156238865

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

useravatar

?ReleaseAvatarManager@@YAXPAVIAvatarManager@@@Z
?CreateAvatarManager@@YAPAVIAvatarManager@@XZ

mfc42

ord4710
ord941
ord4129
ord5683
ord755
ord470
ord2405
ord2414
ord2754
ord640
ord323
ord5875
ord1641
ord1168
ord2078
ord823
ord6453
ord4476
ord4133
ord4297
ord5788
ord472
ord2764
ord923
ord4278
ord3693
ord3626
ord3663
ord3619
ord3571
ord1640
ord5785
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord4424
ord3574
ord567
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord3998
ord4615
ord4612
ord4610
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord6215
ord2092
ord4159
ord6117
ord2621
ord1134
ord1199
ord1247
ord2818
ord4376
ord2725
ord1175
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord4614
ord4613
ord1945
ord4273
ord4589
ord4899
ord5076
ord4341
ord4349
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord5240
ord3748
ord1726
ord4432
ord560
ord813
ord5260
ord2535
ord6907
ord686
ord384
ord2096
ord5981
ord6142
ord6007
ord6880
ord5450
ord2642
ord5440
ord6383
ord2864
ord2379
ord1146
ord2862
ord1138
ord4275
ord3742
ord656
ord818
ord5572
ord2089
ord4480
ord1105
ord4299
ord2086
ord3610
ord4400
ord3630
ord682
ord2243
ord2380
ord2859
ord2580
ord3721
ord795
ord613
ord5787
ord283
ord289
ord3754
ord3753
ord3573
ord4402
ord3640
ord809
ord500
ord556
ord4243
ord6696
ord4538
ord5860
ord1088
ord2122
ord6358
ord1576
ord3293
ord6178
ord3286
ord6242
ord2116
ord6197
ord4694
ord5148
ord3572
ord6172
ord5789
ord2574
ord1988
ord1997
ord6392
ord798
ord5194
ord533
ord5808
ord1075
ord5204
ord3229
ord690
ord1228
ord389
ord1842
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord674
ord366
ord4242
ord1768
ord4457
ord5030
ord5252
ord796
ord554
ord529
ord807
ord2135
ord6877
ord2582
ord693
ord3910
ord6199
ord3874
ord3370
ord859
ord1979
ord2393
ord5442
ord268
ord3318
ord665
ord5186
ord354
ord1567
ord5810
ord5481
ord2031
ord4411
ord4447
ord4335
ord4863
ord4975
ord5796
ord5478
ord1971
ord966
ord3570
ord605
ord278
ord2077
ord4919
ord5480
ord5809
ord940
ord6442
ord1233
ord2860
ord1949
ord4034
ord6762
ord6189
ord3706
ord3996
ord6334
ord858
ord3301
ord926
ord924
ord922
ord4224
ord537
ord2915
ord535
ord4234
ord2302
ord2370
ord2301
ord2299
ord825
ord324
ord540
ord860
ord641
ord609
ord616
ord800
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4853
ord5265
ord6394
ord939

msvcrt

_setmbcp
_itoa
__CxxFrameHandler
strlen
atoi
_purecall
_except_handler3
_controlfp
fclose
fputs
fopen
_mbscmp
memset
memcpy
strcpy
strstr
sprintf
fgets
_ftol
atol
_ismbcdigit
strcat
memcmp
_beginthreadex
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__set_app_type
__p__fmode
__p__commode

kernel32

GetModuleFileNameA
FindFirstFileA
FindNextFileA
FindClose
GlobalFree
OpenProcess
TerminateProcess
GetModuleHandleA
GetStartupInfoA
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryA
CreateMutexA
CloseHandle
CreateProcessA
GetPrivateProfileStringA
GetPrivateProfileIntA
MulDiv
GetTickCount
lstrlenA
GetTempPathA
WriteFile
CreateFileA
GlobalUnlock
GlobalLock
ResumeThread
GlobalAlloc
LockResource
FreeResource
SizeofResource
LoadResource
FindResourceA
WaitForSingleObject
ResetEvent
OutputDebugStringA
CreateEventA
GetCurrentProcessId
GetSystemTime
SetEvent

user32

GetMessagePos
SetWindowLongA
SetWindowPos
IsWindowVisible
DrawFocusRect
FillRect
IsWindow
GetSystemMetrics
ReleaseDC
ScreenToClient
SetRect
PtInRect
GetSysColorBrush
ReleaseCapture
GetCapture
InvalidateRect
CopyRect
SetCapture
GetDC
GetSysColor
KillTimer
LoadIconA
LoadCursorA
GetParent
GetWindowRect
SetWindowRgn
LoadImageA
GetClientRect
GetCursorPos
EnableWindow
SendMessageA
MessageBoxA
PostMessageA
SetTimer
SetCursor

gdi32

DeleteObject
GetCurrentObject
SelectObject
DeleteDC
Rectangle
Polygon
GetDeviceCaps
GetViewportOrgEx
BitBlt
CreateCompatibleDC
GetObjectA
CreateCompatibleBitmap
CreateFontA
CreateRectRgn
CreateSolidBrush

advapi32

RegRestoreKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegSaveKeyA
RegCreateKeyExA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

FlatSB_EnableScrollBar
InitializeFlatSB
ImageList_Draw
ImageList_ReplaceIcon
_TrackMouseEvent

ole32

CreateStreamOnHGlobal
CoInitialize

olepro32

ord251

wsock32

bind
htons
socket
WSAStartup

msimg32

AlphaBlend

Sections

.text
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.nrdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

aujahzk
Size: 4KB - Virtual size: 72KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d93af546fe8f9d2ae9a7d60156238865

Headers

File Characteristics

Imports

useravatar

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

wsock32

msimg32

Sections

.text Size: 160KB - Virtual size: 156KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 12KB - Virtual size: 9KB

.rsrc Size: 52KB - Virtual size: 50KB

.nrdata Size: 124KB - Virtual size: 124KB

aujahzk Size: 4KB - Virtual size: 72KB

.text
Size: 160KB - Virtual size: 156KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 12KB - Virtual size: 9KB

.rsrc
Size: 52KB - Virtual size: 50KB

.nrdata
Size: 124KB - Virtual size: 124KB

aujahzk
Size: 4KB - Virtual size: 72KB