719f41629e81d1ce1ddf96573c5b6d57_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

719f41629e81d1ce1ddf96573c5b6d57_JaffaCakes118
Size

1.0MB
MD5

719f41629e81d1ce1ddf96573c5b6d57
SHA1

40268b8ff0a5661a0d1c3d86ae4e83f62bbf8e36
SHA256

7610bb596b7f97d06704e40529a8128c9fb9f36a0cd7e710eaf0488833dfb7b8
SHA512

0a7747748a4ed614d81bed90eae824b7f546fc028e43b0c4c2455104cf18f9f05f512bb591bbafab8ce22bddbf02913043cf26c3808fe50a9e54ba935a12fac7
SSDEEP

12288:k+iKiMxjbS4DloKKHoo1ny11P7kW6yBxdg0zZAzsFDi6k8eh:k+LPxjbS8aHny1t7NDBxPUsFDi6kJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
719f41629e81d1ce1ddf96573c5b6d57_JaffaCakes118

Files

719f41629e81d1ce1ddf96573c5b6d57_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2dac300e727ba2b709b79c34930d5923

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidCreate
UuidToStringA

winmm

mciSendCommandA
mciGetErrorStringA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

learn32

ord15
ord18
ord20
ord22
ord21
ord155
ord151
ord440
ord158
ord160
ord142
ord145
ord140
ord388
ord434
ord432
ord348
ord345
ord340
ord330
ord332
ord147
ord42
ord136
ord119
ord87
ord144
ord215
ord203
ord196
ord164
ord90
ord148
ord133
ord115
ord95
ord84
ord82
ord78
ord76
ord29
ord41
ord342
ord344
ord110
ord125
ord92
ord208
ord210
ord212
ord211

wininet

InternetCanonicalizeUrlA

pctree32

ord60
ord168
ord56
ord163
ord164
ord98
ord170
ord55
ord53
ord195
ord74
ord100
ord51
ord171
ord75
ord63
ord192
ord54
ord101
ord52
ord161
ord169
ord193
ord194
ord185
ord148
ord127
ord126
ord128
ord186
ord150
ord129
ord208
ord130
ord187
ord59
ord99
ord81
ord64
ord102
ord32
ord103
ord105
ord72
ord40
ord34
ord13
ord21
ord189
ord188
ord178
ord179
ord73
ord46
ord15
ord116
ord115
ord114
ord113
ord111
ord108
ord109
ord106
ord152
ord151
ord39
ord38
ord166
ord167
ord97
ord96
ord110
ord107
ord95
ord94
ord177
ord176
ord175
ord174
ord173
ord172
ord155
ord86
ord196
ord118
ord117
ord157
ord158
ord153
ord154
ord120
ord119
ord93
ord92
ord91
ord90
ord47
ord80
ord83
ord191
ord8
ord131
ord133
ord82
ord57
ord58
ord26
ord84
ord61
ord104
ord36
ord88
ord33
ord202
ord31
ord18
ord9
ord134
ord184
ord135
ord142
ord136
ord137
ord138
ord165
ord139
ord140
ord141
ord143
ord144
ord145
ord146
ord147
ord224
ord214
ord203
ord17
ord14
ord160
ord159
ord42
ord22
ord50
ord16
ord48
ord49
ord23
ord112
ord37
ord199
ord200
ord201
ord197
ord122
ord124
ord123
ord180
ord121
ord35
ord65
ord62
ord162
ord66
ord68
ord67
ord69
ord77
ord78
ord79
ord71
ord70
ord190
ord24
ord10
ord181
ord182
ord25

mfc42

ord4238
ord4278
ord3876
ord5601
ord2340
ord2358
ord542
ord4476
ord4613
ord4614
ord6458
ord4589
ord3078
ord482
ord3067
ord2535
ord4890
ord4508
ord4464
ord560
ord813
ord4432
ord5260
ord1726
ord3748
ord5240
ord4108
ord4961
ord4964
ord4524
ord4529
ord4526
ord4543
ord4545
ord4531
ord4349
ord4341
ord5076
ord1945
ord4273
ord4259
ord771
ord497
ord496
ord4431
ord2054
ord4439
ord5288
ord2528
ord1690
ord4715
ord1908
ord6377
ord6379
ord2380
ord6605
ord5926
ord825
ord823
ord1871
ord6571
ord5460
ord800
ord860
ord540
ord858
ord535
ord537
ord924
ord879
ord882
ord2801
ord2740
ord922
ord1168
ord1175
ord1200
ord654
ord341
ord6140
ord2379
ord5265
ord4853
ord4998
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2124
ord5277
ord2982
ord3147
ord3259
ord4465
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4627
ord641
ord807
ord795
ord3619
ord3626
ord2414
ord3663
ord2302
ord2688
ord4683
ord4234
ord4376
ord4710
ord5280
ord2446
ord3136
ord3262
ord4425
ord3597
ord324
ord2859
ord296
ord617
ord6283
ord2393
ord389
ord2817
ord4129
ord665
ord5645
ord3790
ord6385
ord1979
ord5355
ord5356
ord353
ord5207
ord5572
ord939
ord4160
ord2915
ord2818
ord5710
ord2764
ord4202
ord941
ord1669
ord2652
ord2763
ord4277
ord5583
ord3522
ord5857
ord940
ord2614
ord6403
ord6569
ord2765
ord656
ord6883
ord5863
ord2044
ord2107
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord4622
ord4424
ord817
ord565
ord2152
ord1233
ord1146
ord2726
ord4226
ord6215
ord6055
ord1776
ord5290
ord3742
ord818
ord567
ord765
ord4275
ord2645
ord5683
ord6197
ord5875
ord6170
ord755
ord2754
ord6172
ord470
ord500
ord5860
ord6141
ord5859
ord713
ord414
ord4083
ord1909
ord4204
ord801
ord715
ord5597
ord541
ord415
ord6143
ord5604
ord3573
ord1641
ord3706
ord5186
ord354
ord1081
ord5620
ord6380
ord5981
ord2086
ord603
ord1969
ord273
ord5651
ord3127
ord3616
ord350
ord3126
ord3613
ord2864
ord926
ord5605
ord2775
ord859
ord3223
ord3221
ord1093
ord2593
ord506
ord777
ord3817
ord1105
ord326
ord3521
ord2761
ord283
ord3610
ord3402
ord6199
ord1816
ord4268
ord3295
ord6154
ord2530
ord4366
ord4056
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord3730
ord554
ord3721
ord6880
ord5655
ord2116
ord5882
ord5883
ord2120
ord4299
ord4147
ord955
ord1140
ord3564
ord6335
ord2438
ord6270
ord4220
ord2584
ord3654
ord1644
ord6402
ord3870
ord6453
ord4003
ord4021
ord4020
ord720
ord3300
ord420
ord6467
ord533
ord798
ord5442
ord268
ord1567
ord3692
ord5787
ord5791
ord609
ord2575
ord4396
ord3574
ord2642
ord4123
ord3092
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord692
ord5856
ord826
ord3744
ord2629
ord1199
ord764
ord3028
ord824
ord2301
ord2292
ord2365
ord6334
ord3698
ord5608
ord1997
ord5466
ord5194
ord2289
ord2370
ord5953
ord5873
ord5789
ord6241
ord2860
ord2089
ord3098
ord1265
ord3976
ord996
ord5098
ord4619
ord1825
ord1576
ord2486
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4953
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord772
ord652
ord3237
ord1206
ord2623
ord338
ord1223
ord4823
ord4858
ord2399
ord1262
ord6329
ord4420
ord3318
ord5606
ord819
ord568
ord6142
ord1601
ord3289
ord3874
ord2841
ord5450
ord6394
ord5834
ord5440
ord6383
ord2448
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord2649
ord1665
ord4436
ord5252
ord4427
ord796
ord674
ord529
ord366
ord6067
ord3482
ord6000
ord2117
ord6195
ord4457
ord4413
ord6069
ord4590
ord4907
ord5282
ord5199
ord5054
ord5805
ord4145
ord4337
ord640
ord781
ord2405
ord3005
ord2111
ord323
ord3571
ord1640
ord5785
ord6223
ord6222
ord3708
ord1949
ord6242
ord5053
ord2515
ord5067
ord4635
ord4607
ord4716
ord4750
ord4608
ord5016
ord4375
ord4852
ord4834

msvcrt

malloc
free
sscanf
_stricmp
_strnicmp
memcmp
strcmp
_strupr
__setusermatherr
_strcmpi
_setmbcp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__p__pgmptr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
_onexit
__dllonexit
tolower
memmove
_ismbslead
_ismbstrail
isalpha
_mbsrchr
strncpy
strcpy
div
atof
_unlink
strcat
_itoa
sprintf
memcpy
vsprintf
_purecall
__CxxFrameHandler
_ltoa
_mbscmp
ceil
abs
_ftol
atol
strlen
_mbsicmp
atoi
strtok
memset
isdigit
toupper

kernel32

InterlockedIncrement
FreeResource
LockResource
LoadResource
FindResourceA
WritePrivateProfileStringA
lstrcpynA
GetProcAddress
LoadLibraryA
GetVolumeInformationA
GetDiskFreeSpaceA
GetWindowsDirectoryA
GetUserDefaultLCID
MulDiv
MultiByteToWideChar
GetDriveTypeA
SetCurrentDirectoryA
RemoveDirectoryA
CreateEventA
ResetEvent
CreateDirectoryA
CopyFileA
SetFileAttributesA
CreateFileA
GetFileTime
SetFileTime
GetCurrentProcess
SetProcessWorkingSetSize
lstrcmpiA
ExitThread
SetEvent
SetThreadPriority
lstrlenA
FindFirstFileA
CompareFileTime
FindNextFileA
FindClose
GetFileAttributesA
GetPrivateProfileStringA
lstrcatA
GetPrivateProfileIntA
GetLastError
FormatMessageA
LocalFree
DeleteFileA
ReleaseMutex
GetTickCount
Sleep
WaitForSingleObject
CloseHandle
CreateMutexA
lstrcpyA
FreeLibrary
GetStartupInfoA
GetModuleHandleA
GetCPInfo
GetCurrentDirectoryA
GetDateFormatA
GetVersion
CreateProcessA
GlobalLock
GlobalUnlock
GetVersionExA
GetSystemDirectoryA
GetModuleFileNameA

user32

DefWindowProcA
GetDlgItem
DestroyWindow
GetWindowDC
UpdateWindow
CreateCursor
DestroyCursor
SetCursorPos
IsCharAlphaA
UnionRect
DrawTextA
InflateRect
LoadBitmapA
SetCapture
SetFocus
ReleaseCapture
CreateWindowExA
GetActiveWindow
SetRect
IsZoomed
CopyRect
AppendMenuA
wsprintfA
PostQuitMessage
RegisterClassA
SetForegroundWindow
KillTimer
DispatchMessageA
CreatePopupMenu
GetFocus
IsIconic
WinHelpA
GetParent
SetWindowPos
GetWindow
ShowWindow
MessageBoxA
GetDesktopWindow
IsRectEmpty
MoveWindow
SetActiveWindow
TranslateMessage
PeekMessageA
SetTimer
GetWindowRect
OffsetRect
FrameRect
FillRect
EqualRect
PtInRect
SetCursor
FindWindowA
RedrawWindow
ScreenToClient
GetCursorPos
SetClassLongA
InvalidateRect
ReleaseDC
GetClientRect
BringWindowToTop
GetSysColor
IsWindowVisible
LoadIconA
SetRectEmpty
LoadCursorA
GetSystemMetrics
IsWindow
PostMessageA
GetDC
SendMessageA
EnableWindow
MessageBeep
IntersectRect

gdi32

GetStockObject
StretchDIBits
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
RealizePalette
SetSystemPaletteUse
GetObjectA
CreatePalette
SetPaletteEntries
ResizePalette
Rectangle
GetTextMetricsA
ExtTextOutA
GetDIBits
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
CreateFontA
TextOutA
DeleteDC
SetBkColor
SetTextColor
SelectObject
CreateDIBSection
GetDeviceCaps
CreateFontIndirectA
FrameRgn
CreateRectRgnIndirect
CreateHatchBrush
DeleteObject
SelectPalette
GetTextExtentPoint32A

comdlg32

CommDlgExtendedError

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumKeyExA

shell32

ShellExecuteA
SHChangeNotify
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc

ole32

CoDisconnectObject
CoCreateInstance
CoLockObjectExternal

oleaut32

RevokeActiveObject
GetActiveObject
RegisterActiveObject
SysFreeString
SysAllocString
SysAllocStringLen
VariantInit
VariantClear

msvcirt

??6ostream@@QAEAAV0@K@Z
??6ostream@@QAEAAV0@H@Z
??0ostrstream@@QAE@XZ
?ends@@YAAAVostream@@AAV1@@Z
??6ostream@@QAEAAV0@G@Z
??6ostream@@QAEAAV0@P6AAAV0@AAV0@@Z@Z
?str@ostrstream@@QAEPADXZ
??_Dostrstream@@QAEXXZ
??6ostream@@QAEAAV0@J@Z
??6ostream@@QAEAAV0@PBD@Z

Exports

Exports

??4l4linkSt@@QAEAAU0@ABU0@@Z

Sections

.text
Size: 592KB - Virtual size: 590KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2dac300e727ba2b709b79c34930d5923

Headers

File Characteristics

Imports

rpcrt4

winmm

version

learn32

wininet

pctree32

mfc42

msvcrt

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

ole32

oleaut32

msvcirt

Exports

Exports

Sections

.text Size: 592KB - Virtual size: 590KB

.rdata Size: 112KB - Virtual size: 108KB

.data Size: 28KB - Virtual size: 60KB

.idata Size: 20KB - Virtual size: 16KB

.rsrc Size: 244KB - Virtual size: 242KB

.reloc Size: 72KB - Virtual size: 72KB

.text
Size: 592KB - Virtual size: 590KB

.rdata
Size: 112KB - Virtual size: 108KB

.data
Size: 28KB - Virtual size: 60KB

.idata
Size: 20KB - Virtual size: 16KB

.rsrc
Size: 244KB - Virtual size: 242KB

.reloc
Size: 72KB - Virtual size: 72KB