70e5562987dfd6e0e1869d66c397cc51_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

70e5562987dfd6e0e1869d66c397cc51_JaffaCakes118
Size

548KB
MD5

70e5562987dfd6e0e1869d66c397cc51
SHA1

f9386642313c76faa7090128fad7c97a90611ea3
SHA256

bbce5976a1c11b6e4a70d48148d4140020ee798a2fdb53b67ffbd1cf487f3f27
SHA512

0d04d6b619eafdfba0ae24cef0b02994825c419426568fe990385c791ca2677d9d50e1046e36a7dfa89a2345e8cbf0267b08cf8f35de829a78107d54258a8a29
SSDEEP

12288:xVquPn7nD+6VZ2fSjQY9v/4MUCMRgnstN4/xO+CGxZtK865eYj:AfSjFUF+CGX65V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
70e5562987dfd6e0e1869d66c397cc51_JaffaCakes118

Files

70e5562987dfd6e0e1869d66c397cc51_JaffaCakes118
.exe windows:4 windows x86 arch:x86

8cf0b3af23616491ac241626f43efef7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetStartupInfoA
HeapFree
GetCommandLineA
ExitProcess
HeapReAlloc
RaiseException
GetACP
TerminateProcess
SetStdHandle
RtlUnwind
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
HeapSize
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetOEMCP
SetErrorMode
LockFile
GetFileType
GetCPInfo
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
UnmapViewOfFile
SetEvent
CloseHandle
CreateFileMappingA
CreateEventA
OpenEventA
GetFileAttributesA
GlobalFree
FindResourceA
LoadResource
LockResource
lstrcmpA
GetLocalTime
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
GetProcessVersion
TlsGetValue
LocalReAlloc
TlsSetValue
TlsFree
GlobalHandle
TlsAlloc
GlobalFlags
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFileTime
GetFileSize
GetCurrentThread
GetPrivateProfileIntA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
UnlockFile
FlushFileBuffers
GetEnvironmentStringsW
GetCurrentProcess
GlobalMemoryStatus
lstrlenA
DuplicateHandle
LocalAlloc
SetHandleCount
GetLastError
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcmpiA
LocalLock
LocalUnlock
GetCurrentThreadId
SetLastError
MulDiv
GetModuleHandleA
MultiByteToWideChar
LocalFree
GetStdHandle
InterlockedIncrement
WideCharToMultiByte
Sleep
InterlockedDecrement
GlobalReAlloc
GlobalAlloc
GlobalUnlock
WriteFile
GlobalLock
CreateFileA
SetFilePointer
ReadFile
SetEndOfFile
GetPrivateProfileSectionNamesA
GetSystemDefaultLCID
GetPrivateProfileSectionA
lstrcpynA
GetVersionExA
SizeofResource
WaitForSingleObject
lstrcpyA
ResetEvent
GetStringTypeA
MapViewOfFile
GetStringTypeW
LCMapStringW
GetWindowsDirectoryA
_lclose
_lwrite
GetModuleFileNameA
OpenFile
GetTempPathA
GetCurrentDirectoryA
GetProcAddress
LoadLibraryA
EnumDateFormatsA
GetTickCount
GetDiskFreeSpaceA
GetDriveTypeA
DeleteFileA
SetCurrentDirectoryA

user32

TranslateAcceleratorA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
SetRectEmpty
SetMenuItemBitmaps
ModifyMenuA
ReleaseCapture
SetCursor
DestroyMenu
LoadMenuA
SetMenu
ReuseDDElParam
LoadAcceleratorsA
UnpackDDElParam
PostQuitMessage
ShowOwnedPopups
WaitMessage
KillTimer
SetTimer
LoadStringA
PtInRect
LoadCursorA
GetSysColorBrush
BringWindowToTop
WinHelpA
GetClassInfoA
GetCapture
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
DefWindowProcA
GetClassLongA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
IsWindow
CharUpperA
MessageBeep
SetActiveWindow
IsClipboardFormatAvailable
SetRect
GetTabbedTextExtentA
AdjustWindowRectEx
RegisterWindowMessageA
GetMessageA
RegisterClassA
GetActiveWindow
IsChild
CallNextHookEx
UpdateWindow
CheckMenuItem
GrayStringA
TabbedTextOutA
ClientToScreen
ShowWindow
MoveWindow
GetDlgCtrlID
IsDialogMessageA
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItemTextA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetPropA
RemovePropA
CallWindowProcA
GetWindowLongA
SetWindowLongA
SetPropA
DestroyWindow
CreateWindowExA
SetFocus
IntersectRect
wsprintfA
GetSysColor
FrameRect
InflateRect
PeekMessageA
BeginPaint
EndPaint
DrawFocusRect
GetClassNameA
InvalidateRect
GetDesktopWindow
OffsetRect
MessageBoxA
GetSystemMetrics
EqualRect
LoadIconA
PostMessageA
FillRect
EnableWindow
GetDC
ReleaseDC
DrawTextA
GetDlgItem
GetWindowRect
SetWindowPos
GetWindow
SendMessageA
DeferWindowPos
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
EnableMenuItem
ValidateRect
GetFocus
IsWindowVisible
GetTopWindow
DispatchMessageA
TranslateMessage
GetKeyState
GetParent
GetClientRect
MapWindowPoints
RedrawWindow
SetWindowsHookExA
GetCursorPos
IsWindowEnabled
ScreenToClient
CreateDialogIndirectParamA
CharNextA
UnregisterClassA

gdi32

GetStockObject
SelectPalette
GetDeviceCaps
RealizePalette
CreateSolidBrush
SetBkMode
DeleteObject
CreatePalette
CreateDIBitmap
SetTextColor
DeleteDC
StretchBlt
StretchDIBits
GetObjectA
CreateBitmap
CreateCompatibleDC
DPtoLP
BitBlt
GetMapMode
CreateFontIndirectA
StartDocA
GetTextMetricsA
SetBkColor
RestoreDC
SetMapMode
OffsetViewportOrgEx
SetViewportExtEx
SetViewportOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetClipBox
SetWindowExtEx
IntersectClipRect
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetCharWidthA
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
CreateDCA
SaveDC
SelectObject

comdlg32

GetSaveFileNameA
PrintDlgA
FindTextA
ReplaceTextA
CommDlgExtendedError
GetOpenFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegDeleteKeyA
RegCloseKey
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA

shell32

DragFinish
ShellExecuteA
DragQueryFileA

comctl32

ord17

ole32

CoCreateGuid

wsock32

closesocket
gethostbyname
htons
send
WSAAsyncSelect
inet_ntoa
socket
htonl
recv
ioctlsocket
bind
WSASetLastError
WSAStartup
WSACleanup
WSAGetLastError
accept
connect
recvfrom
sendto
shutdown

cp30fwm

??1GFCrc32@@UAE@XZ
??0GFSerial@@QAE@PAVGFComLink@@@Z
??0GFComWin32@@QAE@HIIH@Z
?Ring@GFLineStatus@@QAEHXZ
??0GFCrc32@@QAE@XZ
?GetCommError@GFSerial@@QAEHAAG@Z
?RXFlush@GFSerial@@QAEHI@Z
?TXFlush@GFSerial@@QAEXXZ
?GetBuffer@GFSerial@@QAEJPAEII@Z
?PutBuffer@GFSerial@@QAEIPAEI@Z
?Carrier@GFLineStatus@@QAEHXZ
??0GFModem@@QAE@XZ
?Cts@GFLineStatus@@QAEHXZ
?Status@GFLineStatus@@QAEXXZ
?DataLength@GFDataFormat@@QAEHH@Z
?StopBits@GFDataFormat@@QAEHH@Z
?GetLineStatus@GFSerial@@QAEPAVGFLineStatus@@XZ
?SetHandShake@GFLineStatus@@QAEHHH@Z
?GetDataFormat@GFSerial@@QAEPAVGFDataFormat@@XZ
?BaudRate@GFDataFormat@@QAEJJ@Z

scwr32n

ord12
ord13
ord10

Sections

.text
Size: 352KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 32KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.grdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8cf0b3af23616491ac241626f43efef7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

wsock32

cp30fwm

scwr32n

Sections

.text Size: 352KB - Virtual size: 348KB

.rdata Size: 64KB - Virtual size: 62KB

.data Size: 32KB - Virtual size: 51KB

.rsrc Size: 16KB - Virtual size: 15KB

.grdata Size: 80KB - Virtual size: 80KB

.text
Size: 352KB - Virtual size: 348KB

.rdata
Size: 64KB - Virtual size: 62KB

.data
Size: 32KB - Virtual size: 51KB

.rsrc
Size: 16KB - Virtual size: 15KB

.grdata
Size: 80KB - Virtual size: 80KB