821fca11852ea07215cfd4c10ea8e1f3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

821fca11852ea07215cfd4c10ea8e1f3_JaffaCakes118
Size

244KB
MD5

821fca11852ea07215cfd4c10ea8e1f3
SHA1

164153e996f87ed5c24d47debfe89325442f68d9
SHA256

30f68aac96c68ec009522271be9f4acc2c967d69b4e3196a32aff2d8248a2281
SHA512

5ca4209d39a637031d9e4eb5a03ea924628dab8aa130426facbb3a88420d147371e15b2fbd2bd530081257493a0a96824383c0c006ef2aa6b17ca7bca6ff0a55
SSDEEP

6144:oux5e2pw1QKTp+WPfUrVPm1z3CAOFnCO5JMQv:Bw5Tp+AcroFOFn15x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
821fca11852ea07215cfd4c10ea8e1f3_JaffaCakes118

Files

821fca11852ea07215cfd4c10ea8e1f3_JaffaCakes118
.exe windows:4 windows x86 arch:x86

43568f72805cd97148dd09568dfa0b91

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

accept
bind
listen
gethostname
gethostbyname
gethostbyaddr
inet_addr
send
closesocket
WSACleanup
WSAStartup
socket
htons
setsockopt
shutdown
htonl
getpeername
getsockname
recv
ioctlsocket
connect

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
LockResource
LoadResource
SizeofResource
FindResourceA
CreateMutexA
SystemTimeToFileTime
GetVersionExA
OpenProcess
ExitProcess
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
Sleep
Module32Next
Module32First
CreateToolhelp32Snapshot
Process32Next
TerminateProcess
GetPriorityClass
Process32First
SetProcessShutdownParameters
GlobalDeleteAtom
GlobalAddAtomA
GetCurrentThreadId
GetComputerNameA
GetCurrentProcessId
GetVersion
GetLastError
CreateProcessA
CreateThread
OutputDebugStringA
GetStdHandle
WriteConsoleA
WriteFile
CloseHandle
MoveFileExA
CreateFileA
SetFilePointer
SetEndOfFile
AllocConsole
GetLogicalDriveStringsA
GetDriveTypeA
CreateDirectoryA
FindFirstFileA
FindNextFileA
FindClose
GetStartupInfoA
GetModuleHandleA
GetSystemTime

user32

MessageBeep
SetActiveWindow
SetTimer
SetDlgItemTextA
FlashWindow
GetWindowThreadProcessId
GetForegroundWindow
keybd_event
GetKeyboardState
IntersectRect
mouse_event
GetSystemMetrics
GetThreadDesktop
GetWindowRect
GetClassNameA
WindowFromPoint
GetCursorPos
GetWindowLongA
UnionRect
SetRectEmpty
RegisterWindowMessageA
DispatchMessageA
GetMessageA
PeekMessageA
PostMessageA
DestroyWindow
ChangeClipboardChain
SetWindowTextA
EndDialog
GetDlgItemTextA
DialogBoxParamA
MessageBoxA
wsprintfA
ReleaseDC
GetDC
SetForegroundWindow
IsRectEmpty
EmptyClipboard
TranslateMessage
PostThreadMessageA
OpenInputDesktop
SetThreadDesktop
GetProcessWindowStation
GetUserObjectInformationA
ExitWindowsEx
GetDlgItem
EnableWindow
GetDlgItemInt
SetDlgItemInt
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
LoadStringA
EnableMenuItem
DestroyMenu
LoadIconA
LoadMenuA
VkKeyScanA
GetAsyncKeyState
MapVirtualKeyA
DefWindowProcA
SendMessageA
GetClipboardOwner
GetClipboardData
PostQuitMessage
EnumWindows
GetPropA
IsWindowVisible
SetPropA
RemovePropA
OpenClipboard
KillTimer
SetClipboardData
CloseClipboard
GetIconInfo
DrawIconEx
LoadCursorA
RegisterClassExA
CreateWindowExA
SetClipboardViewer
OpenDesktopA
EnumDesktopWindows
CloseDesktop
SystemParametersInfoA
FindWindowA
SetWindowLongA

gdi32

GetRegionData
CreateRectRgn
CreateRectRgnIndirect
GdiFlush
SelectObject
BitBlt
CreateDIBSection
GetStockObject
CreatePalette
SelectPalette
RealizePalette
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
GetDIBits
DeleteDC
DeleteObject
CombineRgn
GetSystemPaletteEntries

advapi32

RegSetValueExA
OpenServiceA
ControlService
QueryServiceStatus
DeleteService
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegCreateKeyA
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
OpenProcessToken
ImpersonateLoggedOnUser
RevertToSelf
RegEnumValueA
RegEnumKeyExA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
SetServiceStatus
RegOpenKeyA
GetUserNameA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey

shell32

Shell_NotifyIconA

packet

PacketOpenAdapter
PacketSetHwFilter
PacketSetBuff
PacketSetReadTimeout
PacketAllocatePacket
PacketInitPacket
PacketReceivePacket
PacketGetStats
PacketFreePacket
PacketCloseAdapter
PacketGetAdapterNames

vnchooks

SetKeyboardFilterHook
SetHook
UnSetHook
?PutReturn@@YAHXZ
?Start_HZV_Keyloger@@YAHXZ
SetMouseFilterHook

omnithread_rt

?join@omni_thread@@QAEXPAPAX@Z
??1omni_thread@@MAE@XZ
?start@omni_thread@@QAEXXZ
?unlock@omni_mutex@@QAEXXZ
?lock@omni_mutex@@QAEXXZ
??1omni_mutex@@QAE@XZ
??0omni_mutex@@QAE@XZ
??0omni_thread@@IAE@PAXW4priority_t@0@@Z
?wait@omni_condition@@QAEXXZ
?start_undetached@omni_thread@@IAEXXZ
?create@omni_thread@@SAPAV1@P6AXPAX@Z0W4priority_t@1@@Z
?create@omni_thread@@SAPAV1@P6APAXPAX@Z0W4priority_t@1@@Z
?sleep@omni_thread@@SAXKK@Z
??1omni_condition@@QAE@XZ
??0omni_condition@@QAE@PAVomni_mutex@@@Z
?set_priority@omni_thread@@QAEXW4priority_t@1@@Z
?signal@omni_condition@@QAEXXZ
??0init_t@omni_thread@@QAE@XZ

msvcirt

??6ostream@@QAEAAV0@I@Z
?endl@@YAAAVostream@@AAV1@@Z
?close@ofstream@@QAEXXZ
??0ifstream@@QAE@PBDHH@Z
??1ifstream@@UAE@XZ
??_Dofstream@@QAEXXZ
??1ofstream@@UAE@XZ
??0ofstream@@QAE@PBDHH@Z
?openprot@filebuf@@2HB
??0ofstream@@QAE@XZ
??1ios@@UAE@XZ
??6ostream@@QAEAAV0@PBD@Z
?write@ostream@@QAEAAV1@PBDH@Z
?open@ofstream@@QAEXPBDHH@Z
??_Dfstream@@QAEXXZ
??_Difstream@@QAEXXZ
??1fstream@@UAE@XZ
?getline@istream@@QAEAAV1@PADHD@Z
?open@fstream@@QAEXPBDHH@Z
?close@fstream@@QAEXXZ
??0fstream@@QAE@PBDHH@Z
??6ostream@@QAEAAV0@H@Z
?dec@@YAAAVios@@AAV1@@Z
??0ifstream@@QAE@XZ
?close@ifstream@@QAEXXZ
?read@istream@@QAEAAV1@PADH@Z
?open@ifstream@@QAEXPBDHH@Z
??0fstream@@QAE@XZ
??6ostream@@QAEAAV0@E@Z
??6ostream@@QAEAAV0@G@Z
?cerr@@3Vostream_withassign@@A

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@UAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPADII@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z

msvcrt

strlen
__CxxFrameHandler
_EH_prolog
strcat
strcmp
sprintf
clock
remove
free
??2@YAPAXI@Z
strcpy
ctime
time
gmtime
memcpy
localtime
memset
_getch
_kbhit
printf
asctime
malloc
rand
srand
memcmp
memmove
sscanf
tolower
abs
exit
fprintf
_iob
strncat
strncpy
_errno
strncmp
__dllonexit
_onexit
_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_strdup
vsprintf

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

43568f72805cd97148dd09568dfa0b91

Headers

File Characteristics

Imports

wsock32

kernel32

user32

gdi32

advapi32

shell32

packet

vnchooks

omnithread_rt

msvcirt

msvcp60

msvcrt

Sections

.text Size: 112KB - Virtual size: 110KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 24KB - Virtual size: 50KB

.rsrc Size: 84KB - Virtual size: 83KB

.text
Size: 112KB - Virtual size: 110KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 24KB - Virtual size: 50KB

.rsrc
Size: 84KB - Virtual size: 83KB