63295401125966b59bde3c60add36eed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

63295401125966b59bde3c60add36eed_JaffaCakes118
Size

436KB
MD5

63295401125966b59bde3c60add36eed
SHA1

01f150ce4bc22fc83c1cbc62ea5b95b0312d46e4
SHA256

6750c5421caf0d20eb357132ed3ca0755b737fff5b02b2e28d0ea6f336181b1a
SHA512

b243acc6b73b8d27ffa06e68ac74c6faa41ac142f54b5d8ab356a6bf1d702f8c7162c95bdd2ae57461b2866f791f6c66cb3b3b59470d4ef7c4f9afd9a5323a32
SSDEEP

6144:dT7Z49/E5sEne5ZI3rTKZhqLuC5lmWoi4meLWgYpa6AIaAgA+7lMjqHqwATgZUzu:d/Znr2Z4CFXIRgA+RMmKz6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
63295401125966b59bde3c60add36eed_JaffaCakes118

Files

63295401125966b59bde3c60add36eed_JaffaCakes118
.exe windows:5 windows x86 arch:x86

404774c2208d28800ca2720460901ee0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetUserDefaultLCID
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
SetLastError
lstrcmpiA
lstrlenA
GetLastError
GetModuleHandleA
GetProcAddress
InterlockedExchange
Sleep
SetCurrentDirectoryA
GetCurrentThreadId
lstrcpyA
CreateProcessA
WriteFile
CreateFileA
SetMailslotInfo
GetMailslotInfo
EnterCriticalSection
LeaveCriticalSection
LocalFileTimeToFileTime
FileTimeToSystemTime
GetFullPathNameW
CreateDirectoryW
GetStringTypeA
DeviceIoControl
RemoveDirectoryW
FormatMessageW
LocalFree
WideCharToMultiByte
RemoveDirectoryA
MultiByteToWideChar
GetVolumeInformationA
SystemTimeToFileTime
SetFileTime
ReleaseMutex
CreateMutexA
OpenFileMappingA
GetVersionExA
UnmapViewOfFile
GetSystemInfo
GetFileSize
CreateFileMappingA
MapViewOfFile
SetFilePointer
SetEndOfFile
WritePrivateProfileStringA
WaitForSingleObject
OutputDebugStringA
GetCurrentProcessId
GetTempPathA
GetTempFileNameA
InitializeCriticalSectionAndSpinCount
GetStartupInfoA
CreateFileW
LCMapStringA
ReadFile
CreateMailslotA
CloseHandle
GetModuleFileNameA
LoadLibraryA

user32

CloseDesktop
LoadStringA
SendMessageA
GetMessageA
wsprintfA
EnableWindow
ShowWindow
SetWindowPos
DestroyWindow
SetThreadDesktop
CloseWindowStation
OpenDesktopA
SetProcessWindowStation
OpenWindowStationA
GetThreadDesktop
GetProcessWindowStation
GetDesktopWindow
CreateWindowExA

advapi32

UnlockServiceDatabase
RegQueryValueA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegEnumKeyExA
LockServiceDatabase
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
QueryServiceStatus
StartServiceA
ControlService
GetUserNameA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
StartServiceCtrlDispatcherA
CloseServiceHandle

msvcp60

??1?$basic_fstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?nothrow@std@@3Unothrow_t@1@B
??1ostrstream@std@@UAE@XZ
??1strstreambuf@std@@UAE@XZ
?_Init@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@XZ
?_Global@_Locimp@locale@std@@0PAV123@A
??1_Lockit@std@@QAE@XZ
?_Init@strstreambuf@std@@IAEXHPAD0H@Z
?overflow@strstreambuf@std@@MAEHH@Z
?pbackfail@strstreambuf@std@@MAEHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?underflow@strstreambuf@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPBDH@Z
?seekoff@strstreambuf@std@@MAE?AV?$fpos@H@2@JW4seekdir@ios_base@2@H@Z
?seekpos@strstreambuf@std@@MAE?AV?$fpos@H@2@V32@H@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PADH@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?freeze@strstreambuf@std@@QAEX_N@Z
??1strstream@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0bad_alloc@std@@QAE@PBD@Z
??1bad_alloc@std@@UAE@XZ
??0bad_alloc@std@@QAE@ABV01@@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??1locale@std@@QAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Initcvt@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?__Fiopen@std@@YAPAU_iobuf@@PBDH@Z
?clear@ios_base@std@@QAEXH_N@Z
??_7?$basic_ofstream@DU?$char_traits@D@std@@@std@@6B@
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
??0locale@std@@QAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
??_8?$basic_ofstream@DU?$char_traits@D@std@@@std@@7B@
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_D?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??_7?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHPADH@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??_8?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Xlen@std@@YAXXZ
?opfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE_NXZ

rpcrt4

RpcImpersonateClient
RpcRevertToSelf
UuidFromStringA
RpcStringFreeA
UuidToStringA

wx22_7_md

?SetMinute@wxDateTime@@QAEAAV1@G@Z
?SetHour@wxDateTime@@QAEAAV1@G@Z
?SetSecond@wxDateTime@@QAEAAV1@G@Z
?GetTm@wxDateTime@@QBE?AUTm@1@ABVTimeZone@1@@Z
??0TimeZone@wxDateTime@@QAE@W4TZ@1@@Z
?Read@wxFile@@QAEJPAXJ@Z
?SetMillisecond@wxDateTime@@QAEAAV1@G@Z
?UNow@wxDateTime@@SA?AV1@XZ
?wxMessageBox@@YAHABVwxString@@0JPAVwxWindow@@HH@Z
??0wxFile@@QAE@PBDW4OpenMode@0@@Z
??1wxString@@QAE@XZ
??1wxDir@@QAE@XZ
?wxMkdir@@YA_NABVwxString@@H@Z
?InitWith@wxString@@AAEXPBDII@Z
?Length@wxFile@@QBEJXZ
?GetNext@wxDir@@QBE_NPAVwxString@@@Z
?GetFirst@wxDir@@QBE_NPAVwxString@@ABV2@H@Z
?IsOpened@wxDir@@QBE_NXZ
??0wxDir@@QAE@ABVwxString@@@Z
??0wxString@@QAE@PBDI@Z
?wxCopyFile@@YA_NABVwxString@@0@Z
?wxFileExists@@YA_NABVwxString@@@Z
??1wxFile@@QAE@XZ
?Close@wxFile@@QAE_NXZ
?SetDay@wxDateTime@@QAEAAV1@G@Z
?SetMonth@wxDateTime@@QAEAAV1@W4Month@1@@Z
?SetYear@wxDateTime@@QAEAAV1@H@Z
?MakeTimezone@wxDateTime@@QAEAAV1@ABVTimeZone@1@_N@Z
?Set@wxDateTime@@QAEAAV1@GW4Month@1@HGGGG@Z
?wxEmptyString@@3PBDB

msvcrt

exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
malloc
_errno
?terminate@@YAXXZ
_controlfp
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
isprint
sprintf
_mbscmp
wcslen
wcscpy
swprintf
memchr
_unlink
?set_new_handler@@YAP6AXXZP6AXXZ@Z
_except_handler3
toupper
isalpha
tolower
isspace
fopen
fseek
ftell
fread
fclose
??9type_info@@QBEHABV0@@Z
?name@type_info@@QBEPBDXZ
??8type_info@@QBEHABV0@@Z
_purecall
_itoa
atoi
_vsnprintf
realloc
free
vsprintf
__p___argc
__p___argv
??1exception@@UAE@XZ
??0exception@@QAE@XZ
strncpy
_CxxThrowException
??0exception@@QAE@ABV0@@Z
memmove
??2@YAPAXI@Z
__CxxFrameHandler
_splitpath
_makepath
strstr
_strnicmp
_stricmp
atof
_callnewh

comctl32

InitCommonControlsEx

shfolder

SHGetFolderPathA

shell32

ShellExecuteExA
ShellExecuteA

ole32

CoCreateGuid

ws2_32

inet_ntoa
ntohs
inet_addr
gethostbyname
htons
bind
setsockopt
ioctlsocket
socket
WSACleanup
WSAStartup
shutdown
closesocket
recv
htonl
send
connect
accept
WSAGetLastError
listen

Sections

.text
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

404774c2208d28800ca2720460901ee0

Headers

File Characteristics

Imports

kernel32

user32

advapi32

msvcp60

rpcrt4

wx22_7_md

msvcrt

comctl32

shfolder

shell32

ole32

ws2_32

Sections

.text Size: 320KB - Virtual size: 318KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 28KB - Virtual size: 26KB

.text
Size: 320KB - Virtual size: 318KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 28KB - Virtual size: 26KB