46cdbdc3b929bfe4aab11036e0d45ae2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

46cdbdc3b929bfe4aab11036e0d45ae2_JaffaCakes118
Size

648KB
MD5

46cdbdc3b929bfe4aab11036e0d45ae2
SHA1

e4ad0791b1b5ef0020d59e8d5d629f37ff23c445
SHA256

c94b79631caae2ad68201e5d275bc7d09c7f56b8d6c7ede12af5c200199ecdcb
SHA512

f4a7943db161a29599d663dff8b699c33aa78418ff8ce30f3aed632aaf1cd4680ab05e56ab59a138baaf7bb7744e83e7d7d79c89f8a1b02d90b1a04885047389
SSDEEP

12288:ydKWGr3gZMmYNHQy8nX1wPms0hVwsHC0RSHsDrHkU3h:ydKkZMmFI0husHxDQU3h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
46cdbdc3b929bfe4aab11036e0d45ae2_JaffaCakes118

Files

46cdbdc3b929bfe4aab11036e0d45ae2_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fe187675efd7096e16b1025575e13e4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5160
ord4976
ord4377
ord491
ord489
ord5232
ord1567
ord2393
ord6197
ord5718
ord3797
ord2147
ord1180
ord268
ord1568
ord5268
ord1146
ord4258
ord1908
ord6055
ord1776
ord4439
ord2054
ord4431
ord771
ord496
ord497
ord4259
ord2379
ord1154
ord4299
ord6880
ord5949
ord4715
ord2646
ord3475
ord5288
ord1690
ord1175
ord1799
ord614
ord2623
ord290
ord3002
ord539
ord2818
ord4226
ord2486
ord4003
ord665
ord353
ord1601
ord5572
ord2915
ord941
ord5850
ord4129
ord4202
ord5290
ord3398
ord3733
ord3663
ord686
ord810
ord501
ord384
ord5162
ord773
ord2841
ord3571
ord3626
ord2862
ord2414
ord1641
ord2096
ord6241
ord6008
ord4000
ord2107
ord1083
ord3287
ord5600
ord3303
ord3914
ord535
ord939
ord5450
ord5440
ord6383
ord6394
ord3097
ord6199
ord4055
ord1779
ord3402
ord3698
ord765
ord5830
ord3727
ord802
ord2614
ord542
ord2302
ord3699
ord2362
ord2737
ord6334
ord6028
ord5981
ord3874
ord2820
ord1783
ord922
ord4204
ord5710
ord2575
ord4396
ord3574
ord609
ord1008
ord2860
ord2078
ord3089
ord6453
ord2882
ord1907
ord6242
ord326
ord812
ord1816
ord4083
ord5862
ord559
ord2765
ord5609
ord5601
ord1085
ord2645
ord2370
ord860
ord5933
ord2817
ord1200
ord2864
ord6215
ord4160
ord5953
ord537
ord926
ord768
ord4835
ord5287
ord4854
ord4358
ord4948
ord4742
ord4905
ord5161
ord3810
ord2814
ord2725
ord823
ord3953
ord3521
ord6402
ord3522
ord540
ord858
ord800
ord1199
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord2528
ord6467
ord561
ord3738
ord4424
ord4622
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord815
ord5802
ord4710
ord3092
ord2642
ord3098
ord1168
ord6403
ord4853
ord4234
ord641
ord825
ord324
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4376
ord567
ord1197
ord1243
ord342
ord1182
ord1116
ord1176
ord1575
ord1577
ord5265

msvcrt

_wcsicmp
_strlwr
_CxxThrowException
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
fwrite
_ftol
strncpy
strstr
strrchr
atoi
fopen
fputs
fclose
sscanf
_mbsnbcat
_mbsnbcmp
_splitpath
_makepath
_mbschr
wcsncpy
_vsnwprintf
_wcsdup
swscanf
_snprintf
wcscpy
wcscat
wcslen
wcsncmp
wcschr
memmove
malloc
__CxxFrameHandler
_mbsrchr
_strdup
time
localtime
strftime
_mbsstr
strtok
_mbsicmp
_mbscmp
_purecall
strchr
_vsnprintf
free
sprintf
rand
_mbsnbcpy
_tzset

kernel32

GetCurrentProcess
FlushInstructionCache
OutputDebugStringA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
GetProcAddress
FindResourceExA
LoadResource
LockResource
MulDiv
WideCharToMultiByte
WriteFile
VirtualProtect
LoadLibraryExA
SetFileTime
UnmapViewOfFile
CloseHandle
GetFileSize
CreateFileMappingA
MapViewOfFile
GetPrivateProfileIntA
GetFileAttributesA
GetModuleHandleA
FreeLibrary
GetLastError
DeleteFileA
MoveFileA
GetModuleFileNameA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateDirectoryA
SetCurrentDirectoryA
LocalFileTimeToFileTime
SystemTimeToFileTime
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
Sleep
SetLastError
GetTickCount
FindResourceA
LoadLibraryA
CreateThread
TerminateThread
WaitForSingleObject
GetVersion
InterlockedDecrement
MultiByteToWideChar
lstrlenA
WinExec
GetShortPathNameA
GetWindowsDirectoryA
GetSystemDirectoryA
RemoveDirectoryA
FindNextFileA
OpenProcess
GetVersionExA
ReadFile
GetVolumeInformationA
LocalFree
InterlockedExchange
ResumeThread
SuspendThread
GlobalUnlock
GlobalLock
GlobalAlloc
GetLocalTime
GetTempFileNameA
GetTempPathA
SizeofResource
CopyFileA
GetFileTime
LocalAlloc
CreateFileA
lstrlenW

user32

DefDlgProcA
GetWindowThreadProcessId
IsDialogMessageA
FindWindowA
CharToOemA
SendMessageTimeoutA
GetAsyncKeyState
IsWindow
SetWindowContextHelpId
IsWindowEnabled
GetActiveWindow
SetActiveWindow
DialogBoxParamA
MessageBoxA
GetClassNameA
UpdateWindow
CreateIconFromResourceEx
SendDlgItemMessageA
DestroyIcon
GetWindowRect
MapWindowPoints
MoveWindow
GetWindow
GetWindowContextHelpId
GetDlgCtrlID
SetWindowTextA
GetWindowTextA
RegisterClassA
CreateWindowExA
CallWindowProcA
SetWindowLongA
BeginPaint
EndPaint
GetDlgItem
EndDialog
DrawFocusRect
SetDlgItemTextA
GetIconInfo
GetDlgItemTextA
SetRectEmpty
SetCursor
GetSysColor
SetClipboardData
EmptyClipboard
OpenClipboard
EnableWindow
LoadStringA
LoadCursorA
DrawTextA
ReleaseDC
GetDC
SetTimer
SetWindowPos
ExitWindowsEx
LoadBitmapA
DestroyWindow
CreateDialogIndirectParamA
ShowWindow
GetDesktopWindow
wsprintfA
TranslateMessage
DispatchMessageA
GetMessageA
DefWindowProcA
InvalidateRect
FillRect
GetSysColorBrush
GetClientRect
SendMessageA
ScreenToClient
GetCursorPos
GetParent
GetWindowLongA
SetFocus
IsDlgButtonChecked
CheckDlgButton
IsIconic
IsRectEmpty
OffsetRect
PostMessageA
LoadImageA
CloseClipboard

gdi32

CreateCompatibleDC
CreateDIBSection
BitBlt
StretchBlt
DeleteDC
SetROP2
SetTextColor
GetStockObject
GetObjectA
GetDeviceCaps
EnumFontFamiliesExA
CreateFontIndirectA
SelectObject
SetBkMode
GetTextMetricsA
DeleteObject
GetTextExtentPointA

advapi32

RegDeleteKeyA
RegCreateKeyExA
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
DuplicateTokenEx
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
RegEnumKeyA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
RegDeleteValueA
CreateServiceA
RegCloseKey
RegSetValueExA
RegCreateKeyA
RegOpenKeyA
RegQueryValueExA
OpenSCManagerA
RegEnumValueA
StartServiceA

shell32

ShellExecuteA
ShellExecuteExA

comctl32

ImageList_AddMasked
InitCommonControlsEx

ole32

StringFromCLSID
CoCreateGuid
CoInitialize
OleRun
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree

oleaut32

SysFreeString
SetErrorInfo
GetErrorInfo
SysAllocString
SystemTimeToVariantTime
VariantInit
VariantCopy
VariantClear
VariantChangeType
SysStringLen
CreateErrorInfo

wininet

InternetReadFile
InternetSetFilePointer
HttpQueryInfoA
HttpAddRequestHeadersA
InternetSetOptionA
InternetCloseHandle
FtpOpenFileA
FtpSetCurrentDirectoryA
InternetConnectA
InternetGetLastResponseInfoA
InternetQueryOptionA
InternetGetConnectedState
InternetSetStatusCallback
InternetOpenA
HttpOpenRequestA
InternetDial
HttpSendRequestA

setupapi

SetupDefaultQueueCallbackA
SetupCloseFileQueue
SetupOpenFileQueue
SetupQueueDeleteA
SetupInitDefaultQueueCallback
SetupQueueCopyA
SetupPromptReboot
SetupCommitFileQueueA

zlib

ord75
ord62
ord61
ord72
ord68
ord67
ord39
ord26
ord66
ord65
ord64

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

ActivateShortKey
GetUpdateInterface

Sections

.text
Size: 228KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe187675efd7096e16b1025575e13e4c

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

wininet

setupapi

zlib

version

Exports

Exports

Sections

.text Size: 228KB - Virtual size: 226KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 28KB - Virtual size: 37KB

.rsrc Size: 320KB - Virtual size: 318KB

.reloc Size: 24KB - Virtual size: 23KB

.text
Size: 228KB - Virtual size: 226KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 28KB - Virtual size: 37KB

.rsrc
Size: 320KB - Virtual size: 318KB

.reloc
Size: 24KB - Virtual size: 23KB