77bb956f9c7d6b4c5989455b13eacd69_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

77bb956f9c7d6b4c5989455b13eacd69_JaffaCakes118
Size

72KB
MD5

77bb956f9c7d6b4c5989455b13eacd69
SHA1

c6bacb1ffdc005dedc495d1dcc97f0cba31f6f5d
SHA256

46106f332b72f2958368d4aa144d8972893a5cda370701f6dbdc2f7fbd95408c
SHA512

d7ceda73d37030cf2ae07950e10381c768653661c0c636135557474b687a719ff321020b2684a4e025188edd468e49d082ee565b6eb62ca9aa4d9635c23bcd5a
SSDEEP

1536:G14GxmnjBATUKLWFnMiFPnWM4WdbHHH0HXnz/7ggc8R0:gYjSTpW+6PnWMVHHH0HXnz/0G0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77bb956f9c7d6b4c5989455b13eacd69_JaffaCakes118

Files

77bb956f9c7d6b4c5989455b13eacd69_JaffaCakes118
.dll windows:4 windows x86 arch:x86

665136289f1ac2b63bcbf7027084edcd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord3193
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3353
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord6451
ord825
ord5751
ord4155
ord2990
ord3415
ord5024
ord3514
ord6344
ord5627
ord1003
ord3449
ord3787
ord3250
ord4697
ord3058
ord3065
ord6336
ord2510
ord5244
ord5577
ord3172
ord5653
ord4954
ord2401
ord4387
ord3454
ord3198
ord6081
ord6175
ord4623
ord4430
ord6329
ord800
ord4160
ord540
ord4589
ord4588
ord4899
ord4370
ord4892
ord4341
ord4723
ord4890
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord4108
ord6055
ord4078
ord1776
ord4407
ord2385
ord5163
ord6374
ord4353
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3748
ord5065
ord1726
ord5260
ord2446
ord2124
ord5277
ord4627
ord4432
ord6129
ord6128
ord1168
ord4162
ord2982
ord5789
ord289
ord4464
ord755
ord6172
ord5873
ord470
ord5768
ord3752
ord3754
ord2379
ord2864
ord5572
ord823
ord858
ord538
ord922
ord4129
ord4204
ord2915
ord537
ord4083
ord5710
ord4202
ord860
ord1567
ord268
ord3663
ord641
ord5265
ord4376
ord4853
ord4998
ord4710
ord2514
ord6052
ord1775
ord5241
ord3749
ord1727
ord5261
ord4425
ord4226
ord4003
ord4424
ord986
ord1253
ord342
ord1182
ord2729
ord6467
ord2727
ord2730
ord2652
ord1669
ord2233
ord2184
ord4606
ord5651
ord3127
ord3616
ord665
ord1979
ord5186
ord350
ord354
ord703
ord403
ord3495
ord2101
ord2723
ord2390
ord3059
ord5100
ord4467
ord4303
ord3351
ord5012
ord5472
ord3403
ord2879
ord2878
ord4152
ord4077
ord5237
ord2382
ord2649
ord1665
ord4436
ord5254
ord2445
ord4427
ord2884
ord5076
ord3444
ord988
ord5616
ord3107
ord2185
ord5730
ord2003
ord5939
ord4695
ord613
ord6130
ord2919

msvcrt

_onexit
towlower
_ltoa
strtol
free
malloc
_mbsicmp
_mbscmp
_mbsnbcpy
_purecall
_initterm
_adjust_fdiv
??1type_info@@UAE@XZ
__dllonexit
towupper
_mbctolower
_mbctoupper
_mbslen
_mbsnicmp
_mbsncmp
_wcsnicmp
wcsncmp
isspace
isdigit
memmove
_EH_prolog
__CxxFrameHandler

devshl

ord2235
?theUndoSlob@@3VCUndoSlob@@A
ord5413
ord3005
ord18
ord946
ord1879
ord1178
ord5414
ord5474
ord5358
ord2019
ord1678
ord3628
ord151
ord5143
ord5218
ord5298
ord5360
ord5246
ord1833
ord1794
ord1276
ord1263
ord1664
ord1667
ord1458
ord4671
ord2345
ord2347
ord2996
ord1877
ord1175
ord1555
ord2819
ord2820
ord2806
ord2845
ord2994
ord2592
ord2398
ord5351
ord5383
ord5405
ord5422
ord5334
ord998
ord5313
ord4014
ord1264
ord1211
ord4913
ord961
ord4669
ord2320
ord3190
ord1319
ord1398
ord1317
ord5170
ord594
ord5277
ord947
ord5073
ord3235
ord4293
ord3227
ord2782
ord2781
ord3830
ord3612
ord5604
ord5670
ord3551
ord5493
ord5561
ord3212
ord925
ord5447
ord1438
ord4692
ord3777
ord2693
ord2957
ord256
ord4246
ord5369
ord1023
?m_rgprd@CSlob@@2PAUPRD@@A
ord2772
ord3415
ord1348
ord2401
ord2312
ord1123
ord5270
ord562
ord5357
ord2818
ord5177
ord5179
ord2364
ord5107
ord3172
ord3458
ord2469
ord5607
ord2247
ord1136
ord2384
ord3042
ord2385
ord2388
ord4686
ord4228
ord4002
ord3895
ord1248
ord2946
ord220
ord555
ord2493
ord266
ord4846
ord221
ord4845
ord2021
IsShellDefFileVersion
ord3028
?classCPartTemplate@CPartTemplate@@2UCRuntimeClass@@B
?classCPartDoc@CPartDoc@@2UCRuntimeClass@@B
ord225
ord3081
ord223
ord559
?messageMap@CPartDoc@@1UAFX_MSGMAP@@B
ord3916
ord3919
ord3582
ord4588
ord1962
ord2040
ord469
ord133
ord2423
ord1339
ord1244
ord1944
ord1934
ord5341
ord5100
ord2212
ord1961
ord2239
ord4223
ord2514
ord3314
ord4151
ord4525
ord940
ord4688
ord4485
ord2683
ord224
ord560
?classCPartFrame@CPartFrame@@2UCRuntimeClass@@B
ord4528
ord3344
ord3116
?classCSlob@CSlob@@2UCRuntimeClass@@A
ord5599
ord255
ord5451
ord2433
ord2435
ord2434
ord4997
ord2036
ord4152
ord5477
?classCPartView@CPartView@@2UCRuntimeClass@@B
ord2392
ord2391
ord5267
ord2238
ord3516
ord561
ord3218
ord4583
ord1213
ord3579
ord2486
ord3026
ord226
ord4689
ord4656
ord3863
ord1792
ord4337
ord3605
ord5500
ord1861
ord1719
ord1712
ord2393
ord5264
ord2234
ord2976
ord1240
ord3928
ord4820
ord3514
ord2975
?messageMap@CPartView@@1UAFX_MSGMAP@@B
ord5364
ord4664
ord3750
ord4222
ord4238
ord3378
ord1714
ord3377
ord936
ord5378
ord3327
ord2992
ord1148
ord4991
ord5290
ord4330
ord2453
ord5168
ord3846

kernel32

DisableThreadLibraryCalls
GlobalAlloc
GlobalLock
GlobalUnlock
MultiByteToWideChar
IsDBCSLeadByte
lstrlenA

gdi32

ExtTextOutA
GetTextMetricsA
PatBlt

user32

PostMessageA
GetParent
MessageBoxA
EnableWindow
CreateCaret
IsIconic
OpenClipboard
EmptyClipboard
GetClipboardData
CloseClipboard
IsCharAlphaNumericW
SetClipboardData
LoadCursorA
RedrawWindow
IsCharAlphaNumericA
SetCursor
GetCursorPos
ScreenToClient
ReleaseCapture
KillTimer
GetKeyState
SetCapture
SetTimer
UpdateWindow
GetCapture
GetCaretPos
DrawTextA
GetClientRect
wsprintfA
GetSysColor
IsRectEmpty
InflateRect
InvalidateRect
SetCaretPos
ShowCaret
HideCaret
SendMessageA
RegisterClipboardFormatA
IsClipboardFormatAvailable

Exports

Exports

ExitPackage
InitPackage

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

665136289f1ac2b63bcbf7027084edcd

Headers

File Characteristics

Imports

mfc42

msvcrt

devshl

kernel32

gdi32

user32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 44KB - Virtual size: 42KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 8KB - Virtual size: 4KB