a29988f2701854bd977c36544f681716_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a29988f2701854bd977c36544f681716_JaffaCakes118
Size

860KB
MD5

a29988f2701854bd977c36544f681716
SHA1

8535d9c497721000c054620716a10f678a7ebcaf
SHA256

5bf5b254c351189863a2d2363ca12c524e94ef0863e9a08314d6ab4aeee4f8f2
SHA512

f81db3dd874f2819c9fea0302c324b80599596f904d846ab875acc1f693c3fbb043a274963d4275d07e119455e088258932cacafa9b524d1ef280765adb54464
SSDEEP

24576:Yg86iyQoX+lgiucdOhMiajnif25rqX0Vi:Yg8MQa+lgydOhHX00

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a29988f2701854bd977c36544f681716_JaffaCakes118

Files

a29988f2701854bd977c36544f681716_JaffaCakes118
.exe windows:4 windows x86 arch:x86

dc195d8c46a96c45accd1b3f01a37fd5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

inject

Mad_VirtualFreeEx
Mad_CreateRemoteThread
Mad_VirtualAllocEx

mfc42d

ord516
ord4492
ord599
ord697
ord3533
ord1258
ord391
ord2670
ord4952
ord470
ord454
ord4583
ord3403
ord2129
ord4856
ord2605
ord3447
ord1855
ord2055
ord2054
ord3450
ord1179
ord1656
ord450
ord4676
ord3432
ord3686
ord3711
ord4049
ord4475
ord3894
ord2352
ord4014
ord1490
ord974
ord3757
ord3978
ord3627
ord3972
ord4068
ord3611
ord3616
ord3836
ord3970
ord3729
ord3739
ord3726
ord3725
ord4004
ord4002
ord3379
ord3362
ord4175
ord1781
ord4216
ord2078
ord1310
ord3670
ord3001
ord1343
ord4190
ord1830
ord3664
ord704
ord526
ord3758
ord2448
ord1284
ord2020
ord1886
ord3551
ord3689
ord3573
ord877
ord2324
ord4036
ord3517
ord3738
ord3741
ord4195
ord3629
ord4017
ord4753
ord1364
ord4176
ord4208
ord4191
ord3658
ord1952
ord1228
ord2875
ord736
ord380
ord317
ord1772
ord1766
ord1756
ord1757
ord3524
ord5056
ord4507
ord3831
ord3948
ord2231
ord1761
ord1748
ord2044
ord4721
ord3296
ord1446
ord1996
ord1264
ord410
ord643
ord1807
ord2621
ord4957
ord2748
ord2322
ord3657
ord2024
ord1288
ord2981
ord700
ord374
ord520
ord612
ord3549
ord4686
ord979
ord1602
ord3690
ord3716
ord1630
ord2732
ord1028
ord2257
ord2551
ord4331
ord618
ord686
ord2068
ord2435
ord4061
ord2131
ord3254
ord494
ord493
ord685
ord4330
ord986
ord1549
ord899
ord4341
ord1534
ord985
ord2256
ord3042
ord3652
ord1072
ord1416
ord3731
ord3610
ord3614
ord3969
ord3728
ord4003
ord4001
ord4755
ord4209
ord1342
ord1597
ord659
ord619
ord586
ord442
ord382
ord478
ord335
ord352
ord671
ord3529
ord1238
ord1968
ord3684
ord1790
ord4525
ord4403
ord4645
ord2476
ord3282
ord3835
ord4033
ord1499
ord4837
ord2593
ord4592
ord4720
ord901
ord3289
ord2085
ord4716
ord4669
ord2619
ord2318
ord4384
ord3018
ord2252
ord3040
ord4934
ord4328
ord3554
ord4380
ord2128
ord4381
ord3255
ord3483
ord2620
ord677
ord475
ord1743
ord4793
ord4801
ord2806
ord4674
ord1096
ord2799
ord1863
ord343
ord688
ord496
ord4951
ord1590
ord4433
ord3170
ord3292
ord2385
ord4706
ord3295
ord1603
ord4719
ord2792
ord2255
ord2618
ord3867
ord3221
ord2598
ord2846
ord381
ord1021
ord3086
ord2353
ord1812
ord2384
ord565
ord306
ord1019
ord4473
ord4653
ord4615
ord2634
ord2383
ord1917
ord3646
ord2915
ord3531
ord1105
ord4682
ord1029
ord632
ord5011
ord3068
ord3436
ord398
ord3990
ord2751
ord2508
ord1805
ord2616
ord903
ord1510
ord5086
ord590
ord4123
ord342
ord554
ord1509
ord290
ord477
ord3786
ord3661
ord1990
ord4030
ord2589
ord556
ord596
ord3421
ord2659
ord1661
ord422
ord293
ord349
ord5072
ord3201
ord3098
ord474
ord4830
ord3892
ord3889
ord3205
ord4832
ord3006
ord646
ord4944
ord4588
ord1730
ord413
ord2513
ord3845
ord4126
ord4291
ord3785
ord2123
ord1316
ord4461
ord868
ord2271
ord1639
ord2409
ord573
ord316
ord3167
ord1636
ord1785
ord4080
ord4083
ord3693
ord2679
ord973
ord2224
ord3431
ord1780
ord3667
ord3662
ord681
ord479
ord1626
ord1624
ord3685
ord4186
ord1259
ord1991
ord4212
ord4932
ord5082
ord5065
ord4170
ord3960
ord2611
ord2995
ord4031
ord5035
ord4617
ord3290
ord2594
ord3458
ord1806
ord2590
ord3309
ord3622
ord2094
ord3180
ord1935
ord4993
ord2110
ord4998
ord4286
ord4235
ord2327
ord4430
ord4927
ord4427
ord4916
ord3603
ord4921
ord4731
ord4887
ord4556
ord4462
ord4467
ord4398
ord4417
ord4305
ord4301
ord4766
ord4540
ord1951
ord1227
ord2874
ord1638
ord1834
ord1832
ord1041
ord4303
ord4457
ord1295
ord862
ord654
ord429
ord4971
ord4862
ord4800
ord5019
ord5016
ord3178
ord4735
ord2646
ord1361
ord420
ord4432
ord2790
ord4782
ord5103
ord2167
ord4896
ord3400
ord1487
ord4189
ord521
ord3550
ord1226
ord1950
ord3563
ord3139
ord3715
ord3025
ord3561
ord3398
ord4455
ord4713
ord2591
ord3552
ord5077
ord3702
ord1880
ord1860
ord4415
ord3231
ord1033
ord4130
ord1789
ord2661
ord4227
ord4229
ord3366
ord3826
ord4239
ord4215
ord4408
ord3784
ord2021
ord1285
ord2986
ord706
ord528
ord996
ord403
ord2104
ord5080
ord1098
ord4268
ord758
ord765
ord772
ord788
ord1048
ord2363
ord3572
ord4792
ord4449
ord711
ord2989
ord709
ord533
ord3553
ord4586
ord3870
ord1776
ord1896
ord3227
ord4152
ord2527
ord3377
ord2069
ord5091
ord983
ord2127
ord4258
ord2636
ord2597

msvcrtd

_ftol
_except_handler3
memcmp
strchr
_stricmp
atoi
_setmbcp
_chkesp
_memicmp
strtoul
strrchr
__CxxFrameHandler
sscanf
strncpy
memset
strcpy
strcat
sprintf
free
vsprintf
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
malloc
memcpy
printf
strstr
pow
strlen
strcmp
_strupr
isprint

kernel32

GetStartupInfoA
GetThreadTimes
FileTimeToSystemTime
GetTempPathA
IsBadReadPtr
LocalFree
GetFileInformationByHandle
GetProcessHeap
HeapAlloc
ReadFile
HeapFree
GetPrivateProfileSectionA
GetPrivateProfileSectionNamesA
GetPrivateProfileStructA
WritePrivateProfileStructA
WritePrivateProfileSectionA
lstrcmpiA
Module32First
Module32Next
Process32First
Process32Next
CreateToolhelp32Snapshot
Thread32First
Thread32Next
SetPriorityClass
GetVersionExA
WideCharToMultiByte
ResetEvent
ReleaseMutex
GetThreadContext
SetThreadContext
WriteProcessMemory
GetModuleHandleA
GetExitCodeThread
CreateMutexA
CreateFileMappingA
GetLastError
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
lstrlenA
GetCurrentProcessId
VirtualQueryEx
ReadProcessMemory
MultiByteToWideChar
GetLogicalDrives
GetDriveTypeA
DeviceIoControl
GetEnvironmentVariableA
CopyFileA
ExitThread
OpenProcess
SetFileAttributesA
DeleteFileA
CreateFileA
SetFilePointer
WriteFile
SetEvent
CreateDirectoryA
CreateEventA
LoadLibraryA
GetProcAddress
FreeLibrary
WaitForSingleObject
GetCurrentProcess
GetFileAttributesA
FindFirstFileA
FindNextFileA
FindClose
lstrcpyA
GetSystemDirectoryA
GetWindowsDirectoryA
WritePrivateProfileStringA
GlobalLock
GlobalUnlock
GlobalFree
SuspendThread
TerminateThread
SetThreadPriority
GetCurrentDirectoryA
SetCurrentDirectoryA
CreateProcessA
TerminateProcess
ResumeThread
CloseHandle
GetModuleFileNameA
GetPrivateProfileStringA
lstrcatA
Sleep
GetThreadPriority

user32

wsprintfA
GetWindowTextA
GetDC
MessageBoxA
RegisterClipboardFormatA
ReleaseDC
GetForegroundWindow
GetClipboardData
EmptyClipboard
SetClipboardData
CloseClipboard
DestroyCaret
SetCaretBlinkTime
GetSysColor
GetSystemMetrics
DrawFocusRect
SetCursor
LoadCursorA
ReleaseCapture
EnumWindows
DestroyCursor
DestroyIcon
BringWindowToTop
GetWindowLongA
ShowWindow
RegisterHotKey
GetWindowThreadProcessId
UnregisterHotKey
IsWindow
LoadIconA
ClientToScreen

gdi32

DeleteObject
CreateCompatibleBitmap
SelectObject

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
CloseServiceHandle
OpenSCManagerA
DeleteService
OpenServiceA
CreateServiceA
StartServiceA
ControlService
RegCloseKey
GetSecurityInfo
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegDeleteValueA
GetUserNameA
QueryServiceStatus
RegEnumValueA
SetSecurityInfo
SetEntriesInAclA

shell32

ShellExecuteA
SHGetMalloc
DragQueryFileA
SHGetPathFromIDListA
SHBrowseForFolderA
ExtractIconA

comctl32

_TrackMouseEvent

mfco42d

ord1217
ord323
ord931
ord347
ord587
ord809
ord1630
ord2767
ord595

cj60libd

?SetTabImageList@CCJTabCtrlBar@@QAEPAVCImageList@@PAV2@@Z
?AddView@CCJTabCtrlBar@@QAEHPBDPAUCRuntimeClass@@PAUCCreateContext@@@Z
?SetInitialSize@CCJMDIFrameWnd@@QAEXHHHH@Z
??1CCJMDIFrameWnd@@UAE@XZ
??0CCJTabCtrlBar@@QAE@XZ
?classCCJMDIFrameWnd@CCJMDIFrameWnd@@2UCRuntimeClass@@B
?messageMap@CCJMDIFrameWnd@@1UAFX_MSGMAP@@B
?RecalcLayout@CCJMDIFrameWnd@@UAEXH@Z
??1CCJTabCtrlBar@@UAE@XZ
?EnableDockingSizeBar@CCJMDIFrameWnd@@QAEXK@Z
??0CCJMDIFrameWnd@@QAE@XZ
?SetActiveView@CCJTabCtrlBar@@QAEXH@Z
?DockSizeBar@CCJMDIFrameWnd@@QAEXPAVCControlBar@@PAVCCJSizeDockBar@@PAUtagRECT@@@Z
?EnableDockingOnSizeBar@CCJControlBar@@QAEXK@Z

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 348KB - Virtual size: 347KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 200KB - Virtual size: 720KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 240KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc195d8c46a96c45accd1b3f01a37fd5

Headers

File Characteristics

Imports

inject

mfc42d

msvcrtd

kernel32

user32

gdi32

advapi32

shell32

comctl32

mfco42d

cj60libd

version

Sections

.text Size: 348KB - Virtual size: 347KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 200KB - Virtual size: 720KB

.rsrc Size: 240KB - Virtual size: 237KB

.text
Size: 348KB - Virtual size: 347KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 200KB - Virtual size: 720KB

.rsrc
Size: 240KB - Virtual size: 237KB