a270d96c40b149b2730fc9d3026b6c50_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a270d96c40b149b2730fc9d3026b6c50_JaffaCakes118
Size

273KB
MD5

a270d96c40b149b2730fc9d3026b6c50
SHA1

ebbc63237e49b4a24be92991bf2bc1fac3d2cda1
SHA256

9e1de1b04fadfdcac191f2bb81ca1e5f839292cab55fe625d58580deb1b1b231
SHA512

c200d2633d30531dda31ecba6e32c182651c384dd88f14f51db5683780a4a087f22f64c896b5a7b9a10892a9fe0017fc38b8c3d7059cbbb6c55145f7e29d2ca2
SSDEEP

3072:boVYXBMut1mneHnRhRHThLuI2PDU+fhM+bJmc/Flmx+brKUshaSRBo1N/gzpTxhe:8WaiRLHV+TN3FFqBozyh7Z9U6/y/N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a270d96c40b149b2730fc9d3026b6c50_JaffaCakes118

Files

a270d96c40b149b2730fc9d3026b6c50_JaffaCakes118
.exe windows:4 windows x86 arch:x86

6453abfbd5c5b3fb24ca958adb2058e7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

__dllonexit
_lock
_onexit
_unlock
?terminate@@YAXXZ
isspace
_amsg_exit
_initterm
_XcptFilter
_CxxThrowException
memset
memcpy
isxdigit
atof
_strdup
modf
isalnum
_isnan
ceil
_finite
strrchr
_clearfp
_controlfp
_strnicmp
_fpclass
_purecall
getenv
_stricmp
strncmp
setlocale
memmove
qsort
isalpha
toupper
atoi
isdigit
tolower
sscanf
free
malloc
strchr
_vsnprintf
__CxxFrameHandler
strstr
floor

gdi32

DeleteObject

kernel32

GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
UnmapViewOfFile
CloseHandle
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
UnhandledExceptionFilter
GetFullPathNameA
HeapCreate
OutputDebugStringA
LoadLibraryA
GetModuleHandleA
lstrcmpiA
GetEnvironmentVariableA
TlsFree
TlsGetValue
HeapDestroy
TlsSetValue
InterlockedExchange
TlsAlloc
Sleep
InterlockedCompareExchange
GetVersion
GetSystemInfo
GetProcAddress
VirtualAlloc
GetProcessHeap
HeapFree
HeapAlloc
VirtualFree
SetUnhandledExceptionFilter
VirtualAllocEx
FlushViewOfFile
SetHandleInformation
SetUserGeoID
DuplicateHandle
GetVolumePathNamesForVolumeNameW
SetConsoleCursorMode
GlobalSize
EscapeCommFunction
GetDriveTypeW
AddAtomW
OpenThread
GlobalUnlock
DuplicateConsoleHandle
GetConsoleAliasExesLengthA
WritePrivateProfileStringW
FindVolumeClose
FindFirstFileExA
CreateTapePartition
GetComputerNameA
_lcreat
CreateProcessInternalA
SetDefaultCommConfigA
SetThreadAffinityMask
PostQueuedCompletionStatus
GetCommTimeouts
SetVolumeMountPointA
GetConsoleKeyboardLayoutNameW
GetProcessAffinityMask
LZClose
QueryDosDeviceW
CreateConsoleScreenBuffer
SetHandleContext
SetLocaleInfoW
FillConsoleOutputCharacterA
ClearCommBreak
HeapSummary
GetVolumeInformationW
OpenProcess
GetComPlusPackageInstallStatus
EnumResourceLanguagesW
BuildCommDCBA
WaitNamedPipeW
GetDevicePowerState
GetUserDefaultLangID
FindVolumeMountPointClose
IsValidLanguageGroup
CopyFileW
GetCommMask
WriteConsoleW
SizeofResource
EnumTimeFormatsW
HeapUnlock
InitializeSListHead
LZCreateFileW
QueryDosDeviceA
GetLogicalDriveStringsW
SetVolumeLabelW
QueueUserAPC
GetPrivateProfileIntA
GetDateFormatA
SetProcessShutdownParameters
Module32Next
lstrlenW
FillConsoleOutputCharacterW
OpenFileMappingA
AssignProcessToJobObject
GetLastError
SetThreadIdealProcessor
SetLocalPrimaryComputerNameW
SetFileAttributesA
LocalFree
ReadConsoleOutputCharacterA
GetSystemPowerStatus
SetConsoleTitleW
FindNextVolumeMountPointW
EnumSystemCodePagesA
GetLocalTime
GetConsoleAliasA
GetTempPathA
SetConsoleCursorInfo
GetWindowsDirectoryA
SetThreadLocale
SetFilePointerEx
BaseDumpAppcompatCache
ReadDirectoryChangesW
RegisterWowBaseHandlers
lstrcpyn
GetModuleFileNameW
SetVolumeLabelA
FileTimeToDosDateTime
LoadModule
SetComputerNameW
FindClose
SetDefaultCommConfigW
GlobalMemoryStatus
GetSystemDefaultLangID
GlobalFlags
GetThreadPriority
CreateHardLinkA
Heap32Next
FreeEnvironmentStringsW
RtlCaptureContext
ShowConsoleCursor
VirtualProtectEx
GetConsoleCommandHistoryLengthW
RegisterWaitForSingleObjectEx
WriteProfileStringA
LocalSize
GetFullPathNameW
SetConsoleWindowInfo
SetConsoleOutputCP
EnumSystemLanguageGroupsA
ConsoleMenuControl
SetCurrentDirectoryW
GlobalFix
GetLongPathNameA
SetConsoleNumberOfCommandsA
CallNamedPipeA
OpenMutexW
GetDefaultCommConfigW
CreateMailslotA
WriteProfileSectionW
BuildCommDCBAndTimeoutsW
lstrcmpiW
LocalShrink
InterlockedDecrement
DeviceIoControl
CreateSemaphoreA
CreateThread
FindResourceW
PrivMoveFileIdentityW
Heap32First
IsDBCSLeadByteEx
GetCurrentActCtx
CloseProfileUserMapping
FindFirstFileW
GetEnvironmentVariableW
GetVolumeNameForVolumeMountPointW
DebugActiveProcess
CreateFileMappingA
GetConsoleTitleA
FoldStringW
FindResourceA
GetConsoleAliasExesLengthW
HeapWalk
lstrcmpi
SetLocaleInfoA
EnumCalendarInfoExW
GetOverlappedResult
DelayLoadFailureHook
FindActCtxSectionStringW
GetProfileStringW
CreateMemoryResourceNotification
ReadFileScatter
FormatMessageW
InitAtomTable
GetConsoleCommandHistoryLengthA
GetAtomNameA
GetCurrentDirectoryA
CreateFileW
FindResourceExA
VerLanguageNameA
AddAtomA
GetFileInformationByHandle
GetDiskFreeSpaceA
WTSGetActiveConsoleSessionId
GetStringTypeA
BaseCheckAppcompatCache
QueryDepthSList
DebugBreakProcess
RequestWakeupLatency
RegisterWaitForSingleObject
BaseFlushAppcompatCache
WriteFileEx
EnterCriticalSection
FindResourceExW
PurgeComm
lstrcmpW
Process32First
GlobalFree
FindFirstFileExW
Thread32First
CancelTimerQueueTimer
GetCPInfoExW
SetHandleCount
CreateMutexA
CreateProcessW
GetComputerNameExA
GetConsoleDisplayMode
CancelIo
GetDateFormatW
GetConsoleMode
PeekNamedPipe
LoadLibraryW
ResetEvent
SetCalendarInfoA
LocalUnlock
ResumeThread
VirtualProtect
RemoveLocalAlternateComputerNameA
Heap32ListFirst
PeekConsoleInputA
TerminateJobObject
InvalidateConsoleDIBits
GetConsoleWindow
GetVDMCurrentDirectories
GetConsoleAliasesLengthA
SetCommTimeouts
FreeLibraryAndExitThread
UpdateResourceA
ConvertThreadToFiber
WriteTapemark
GetPriorityClass
CopyLZFile
SetStdHandle
DeleteFileA
HeapSize
GetVolumePathNameW
GetConsoleInputExeNameA
GetPrivateProfileSectionW
GetConsoleAliasesLengthW
GetQueuedCompletionStatus
CompareStringA
SetFileValidData
DeleteAtom
QueueUserWorkItem
ClearCommError
WriteConsoleOutputCharacterA
ReplaceFile
OpenEventA
CreateProcessA
OpenWaitableTimerA
ReadConsoleInputExW
SetConsoleCP
SetThreadPriorityBoost
EnumCalendarInfoA
IsValidLocale
VerLanguageNameW
GetProfileIntW
EnumLanguageGroupLocalesA
SystemTimeToFileTime
GetProfileSectionW
GetNumaNodeProcessorMask
AllocateUserPhysicalPages
GetStringTypeW
BuildCommDCBAndTimeoutsA
FindNextVolumeA
GlobalGetAtomNameW
SetThreadPriority
SetTapePosition
FlushInstructionCache
CreateNamedPipeA
GetUserDefaultUILanguage
UnregisterWaitEx
SwitchToFiber
EnumerateLocalComputerNamesW
ResetWriteWatch
UnregisterWait
GetPrivateProfileStringW
IsBadStringPtrW
CreateDirectoryW
FlushFileBuffers
FatalAppExitA
GetCommModemStatus
ScrollConsoleScreenBufferW
GetTimeZoneInformation
LocalFileTimeToFileTime
CreateJobSet
GetModuleHandleExA
SetConsoleNlsMode
FreeUserPhysicalPages
GetModuleHandleExW
SetWaitableTimer
GetNamedPipeHandleStateA
GetVolumePathNameA
GlobalHandle
AddVectoredExceptionHandler
SetPriorityClass
FreeEnvironmentStringsA
GlobalWire
RemoveLocalAlternateComputerNameW
RegisterConsoleOS2
GetConsoleScreenBufferInfo
MapUserPhysicalPagesScatter
DebugActiveProcessStop
GetProcessHeaps
AllocConsole
GetVersionExA
ReadConsoleA
SetLastError
GetConsoleKeyboardLayoutNameA
GetComputerNameW
LoadResource
ExpandEnvironmentStringsA
IsBadHugeWritePtr
CommConfigDialogA
LoadLibraryExW
AddLocalAlternateComputerNameA
CreateActCtxW
EnumSystemLocalesA
FindFirstVolumeA
_lclose
lstrcpyW
GetComputerNameExW
GetTapeStatus
BuildCommDCBW
Process32FirstW
CreateSocketHandle
SetConsoleTitleA
GetCurrentConsoleFont
SetCurrentDirectoryA
SetSystemTime
LZRead
CreateRemoteThread
LZSeek
GlobalDeleteAtom
GetCommandLineA
GetConsoleAliasesW
RegisterWaitForInputIdle
SetCommMask
PrivCopyFileExW
WriteConsoleInputW
SetComputerNameExA
GetNumaAvailableMemoryNode
GetSystemTime
WriteConsoleOutputCharacterW
GetNumaHighestNodeNumber
WriteFile
ReadConsoleOutputA
LZOpenFileW
IsProcessorFeaturePresent
OpenFileMappingW
CreateTimerQueueTimer
GetTapePosition
CommConfigDialogW
GlobalUnfix
VirtualFreeEx
GetCommState
GetPrivateProfileStructA
BaseUpdateAppcompatCache
BackupRead
GetNativeSystemInfo
SetTermsrvAppInstallMode
LockResource
MapViewOfFile
SetupComm
WaitNamedPipeA
GetConsoleCommandHistoryA
CreateDirectoryExA
LoadLibraryExA
RegisterWowExec
FormatMessageA
SetComputerNameA
LCMapStringW
CopyFileA
GetShortPathNameA
IsBadReadPtr
lstrcmpA
GetPrivateProfileStructW
HeapCompact
ActivateActCtx
SetConsoleActiveScreenBuffer
GetCompressedFileSizeA
GetTimeFormatW
SetCriticalSectionSpinCount
lstrcmp
GlobalAlloc
GetStartupInfoA
GetSystemDirectoryA
CreateDirectoryA
CreateFileA
ReadFile

user32

GetActiveWindow
PtInRect
ArrangeIconicWindows
DefDlgProcA
GetKeyboardLayoutList
GetSystemMetrics
DrawMenuBarTemp
CheckDlgButton
DispatchMessageW
EditWndProc
CascadeWindows
AppendMenuW
MessageBeep
InitializeLpkHooks
CallMsgFilter
DeleteMenu
DlgDirListComboBoxW
GetAltTabInfoW
CreateIconFromResourceEx
ChangeMenuW
LoadMenuA
GetUserObjectInformationA
SendDlgItemMessageW
SetWindowLongA
CloseWindowStation
DestroyWindow
DdeSetUserHandle
AppendMenuA
OpenInputDesktop
SetProgmanWindow
EndPaint
DrawCaption
DdeConnectList
SetKeyboardState
DialogBoxIndirectParamAorW
DrawFrame
DrawTextExA
SetRectEmpty
GetGUIThreadInfo
LoadMenuIndirectA
DrawFocusRect
HiliteMenuItem
DrawTextW
LoadCursorFromFileW
SetWindowStationUser
SetWindowWord
MessageBoxTimeoutA
RegisterClipboardFormatA
BroadcastSystemMessageA
TranslateAccelerator
GetRegisteredRawInputDevices
InSendMessage
ScrollWindowEx
GetRawInputDeviceInfoW
DdeFreeStringHandle
MessageBoxExW
SetCaretBlinkTime
MenuWindowProcW
DdeAccessData
ExitWindowsEx
SetMenuItemInfoA
SetMenuItemInfoW
InflateRect
UnloadKeyboardLayout
BroadcastSystemMessage
LoadAcceleratorsW
LoadCursorA
LoadIconA

Sections

CODE
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 13KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 140KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6453abfbd5c5b3fb24ca958adb2058e7

Headers

File Characteristics

Imports

msvcrt

gdi32

kernel32

user32

Sections

CODE Size: 96KB - Virtual size: 96KB

.rdata Size: 14KB - Virtual size: 14KB

.idata Size: 3KB - Virtual size: 23KB

DATA Size: 13KB - Virtual size: 215KB

.rsrc Size: 140KB - Virtual size: 140KB

CODE
Size: 96KB - Virtual size: 96KB

.rdata
Size: 14KB - Virtual size: 14KB

.idata
Size: 3KB - Virtual size: 23KB

DATA
Size: 13KB - Virtual size: 215KB

.rsrc
Size: 140KB - Virtual size: 140KB