862099e90942e024dcccaa34c7eccbe5_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

862099e90942e024dcccaa34c7eccbe5_JaffaCakes118
Size

292KB
MD5

862099e90942e024dcccaa34c7eccbe5
SHA1

9cabe3d0969c701b23546facd4c2615e9369dc36
SHA256

c036734a5e1eed56c23bee99522a55af1959487a72d2e8dc2e3a706470a50e1a
SHA512

43d3021f53246e50032f16887a6107a427dfaaacbc0b872f782b58c59e7352636ca8befb1d3a1309dea5ed6bf82f3b1c3c861b1a4eec1d2fe8a1520e5c125fdd
SSDEEP

6144:GKkhyzzoPvR2pS3b7SdRw8DT0ukSQvatKynrpgtw:GDhyvo30sQooLsy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
862099e90942e024dcccaa34c7eccbe5_JaffaCakes118

Files

862099e90942e024dcccaa34c7eccbe5_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e1478eb682b0108606732c3a0baee1c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathRenameExtensionA
PathIsDirectoryA
PathAddBackslashA
PathFindExtensionA
PathRemoveBackslashA
PathRemoveFileSpecA
SHEnumValueA
PathRemoveExtensionA
PathCompactPathExA
PathStripPathA
PathFileExistsA

ws2_32

ntohs
htons
ntohl
htonl

rpcrt4

UuidToStringA
RpcStringFreeA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

mfc42

ord4275
ord6111
ord668
ord1980
ord2781
ord2770
ord356
ord2915
ord924
ord5710
ord860
ord5572
ord3181
ord939
ord925
ord3178
ord4058
ord6569
ord5601
ord1199
ord922
ord4129
ord535
ord6283
ord6282
ord1200
ord4160
ord1147
ord2818
ord4204
ord6199
ord6215
ord4299
ord2864
ord2086
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord3402
ord3721
ord692
ord795
ord541
ord801
ord2302
ord2859
ord2860
ord1907
ord5161
ord5162
ord5160
ord4905
ord790
ord4948
ord4358
ord4377
ord5287
ord4835
ord768
ord489
ord4258
ord4854
ord6467
ord5953
ord3097
ord5981
ord936
ord932
ord5933
ord4742
ord4694
ord4278
ord6883
ord6143
ord923
ord859
ord5856
ord4277
ord2764
ord6648
ord2784
ord940
ord2919
ord2614
ord926
ord536
ord2763
ord6874
ord6877
ord861
ord1601
ord2652
ord1669
ord1168
ord1146
ord1154
ord3663
ord665
ord354
ord5450
ord6394
ord5440
ord6383
ord771
ord2528
ord1008
ord496
ord3408
ord3227
ord3054
ord3425
ord3880
ord834
ord2065
ord4274
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord567
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord3953
ord2725
ord1131
ord2301
ord928
ord5934
ord3716
ord4424
ord5290
ord1776
ord6055
ord858
ord1105
ord1138
ord540
ord537
ord941
ord800
ord823
ord4376
ord2514
ord4853
ord470
ord755
ord4710
ord3092
ord2642
ord4234
ord641
ord825
ord324
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord4998
ord5265
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord4976
ord3922

kernel32

GetSystemTime
TerminateThread
GetExitCodeThread
SetFileAttributesA
GetLastError
DuplicateHandle
GetCurrentProcess
GetFileAttributesA
ResumeThread
CreateFileA
FindFirstChangeNotificationA
GetLogicalDriveStringsA
FindCloseChangeNotification
Sleep
FindNextChangeNotification
WaitForMultipleObjects
WaitForSingleObject
ResetEvent
SetEvent
CloseHandle
CreateEventA
GetLocalTime
DeleteFileA
GetTempPathA
RemoveDirectoryA
CreateDirectoryA
CopyFileA
MoveFileA
FindClose
FindFirstFileA
FindNextFileA
GetShortPathNameA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
GetModuleHandleA
lstrlenW
LeaveCriticalSection
EnterCriticalSection
GetFileSize
GlobalFree
WideCharToMultiByte
GlobalAlloc
ReadFile
SetFilePointer
OutputDebugStringA
WriteFile
FileTimeToSystemTime
SystemTimeToFileTime
FormatMessageA
GetDiskFreeSpaceExA
CompareStringA
GetTickCount
LocalFree
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
HeapDestroy
lstrcpyA
lstrlenA
lstrcatA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
SetLastError
GetUserDefaultLCID
HeapAlloc
GetProcessHeap
HeapFree
LocalAlloc
MultiByteToWideChar
DeviceIoControl
GetCurrentThreadId
GetDriveTypeA

user32

IsWindow
RedrawWindow
GetDesktopWindow
PeekMessageA
PostMessageA
wsprintfA
EnableWindow
DrawIcon
SendMessageA
LoadIconA
GetParent
GetDC
GetWindowTextA
GetSystemMetrics
MessageBoxA
CharNextA
SetTimer
GetWindowRect

gdi32

GetTextExtentPoint32A

advapi32

RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegEnumValueA

shell32

SHGetSpecialFolderLocation
SHGetFileInfoA

comctl32

ImageList_Create
ImageList_ReplaceIcon

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
OleRun

oleaut32

LoadRegTypeLi
SysStringLen
VariantInit
SysAllocStringByteLen
SysAllocStringLen
SysAllocString
LoadTypeLi
RegisterTypeLi
VarUI4FromStr
GetErrorInfo
SetErrorInfo
VariantChangeType
CreateErrorInfo
VariantClear
SysFreeString

msvcp60

??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??_7out_of_range@std@@6B@

Sections

.text
Size: 165KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 332KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1478eb682b0108606732c3a0baee1c7

Headers

File Characteristics

Imports

shlwapi

ws2_32

rpcrt4

version

mfc42

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp60

Sections

.text Size: 165KB - Virtual size: 284KB

.rdata Size: 4KB - Virtual size: 4KB

.bss Size: - Virtual size: 332KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 110KB - Virtual size: 110KB

.reloc Size: 4KB - Virtual size: 260B

.text
Size: 165KB - Virtual size: 284KB

.rdata
Size: 4KB - Virtual size: 4KB

.bss
Size: - Virtual size: 332KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 110KB - Virtual size: 110KB

.reloc
Size: 4KB - Virtual size: 260B