acaea49774c7cb84b40a8f97d2a3c9c2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

acaea49774c7cb84b40a8f97d2a3c9c2_JaffaCakes118
Size

688KB
MD5

acaea49774c7cb84b40a8f97d2a3c9c2
SHA1

d20d4bddc81b9e2fc43be859066caa0b9588c3f0
SHA256

d1b86f16e75ef375973edcc3d2fdac7cf72af820d4f308d7181c343dab2fcbc2
SHA512

53712580f03c8e51853df32cbd64c4c3f02fe2b4587ae0bf2ddebc85434a8bcab74e91b3fc3d0b3de13d65421adf2ae622dfd1d3a1f0ad90d37687c21e6dcfc5
SSDEEP

12288:ANt4wj8XU6W5IWmBzsRyV4lV5D+BucntqJRr2rXHx5TX14s+T+941bkRktIgTXt8:AgXFW5XmB7tqch5L1a6wbkRkIgTdwyBe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
acaea49774c7cb84b40a8f97d2a3c9c2_JaffaCakes118

Files

acaea49774c7cb84b40a8f97d2a3c9c2_JaffaCakes118
.exe windows:5 windows x86 arch:x86

4a1cbb9a21c82fb8e81cae18f66ffe0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

shlwapi

StrDupA

ws2_32

WSACleanup
WSAStartup
gethostbyname
socket
htons
connect
send
recv

kernel32

GetLastError
CreateThread
WaitForSingleObject
GetExitCodeThread
Sleep
lstrlenW
WideCharToMultiByte
GetFileAttributesW
FindFirstFileW
FindClose
CompareFileTime
CreateDirectoryW
ExpandEnvironmentStringsW
lstrlenA
lstrcmpW
GetSystemTimeAsFileTime
DeleteFileW
FindNextFileW
RemoveDirectoryW
VirtualAlloc
VirtualFree
FindResourceA
LoadResource
LockResource
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiW
GetVersionExW
GetModuleFileNameW
LocalFree
SystemTimeToFileTime
CreateEventW
SetEvent
ResetEvent
InitializeCriticalSection
FormatMessageW
lstrcpyW
InterlockedIncrement
InterlockedDecrement
SuspendThread
TerminateThread
ResumeThread
DeleteCriticalSection
ReadFile
WriteFile
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
CreateFileW
SetFileTime
GetFileSize
SetFilePointer
SetEndOfFile
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetTickCount
GetLocalTime
SetLastError
SetFileAttributesW
GetDiskFreeSpaceExW
GetModuleHandleW
MultiByteToWideChar
InterlockedCompareExchange
InterlockedExchange
GetStartupInfoA
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
CloseHandle
IsDebuggerPresent

user32

InvalidateRect
GetClientRect
GetMenuItemCount
GetSubMenu
RemoveMenu
DestroyMenu
DrawMenuBar
GetWindowTextA
SetWindowLongW
GetParent
GetWindowLongW
PostMessageW
DefWindowProcW
SendMessageW
wsprintfW
EnableWindow
IsWindow
EnableMenuItem
GetSystemMenu
ReleaseCapture
RegisterClassExA
MoveWindow
DialogBoxIndirectParamW
DrawTextW
GetDC
ShowWindow
SystemParametersInfoW
SetFocus
MessageBoxExW
GetDlgItem
GetSystemMetrics
wvsprintfW
MessageBoxW
MessageBoxA
SetWindowPos
ReleaseDC
SetWindowTextW
ScreenToClient
GetWindowRect
GetWindowTextW
GetWindowTextLengthW
EndDialog
GetCursorPos

gdi32

SelectObject
CreateFontIndirectW
DeleteObject
GetObjectW

advapi32

RegOpenCurrentUser
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

ole32

StgCreateDocfile
OleCreate
OleSetContainedObject
CoInitialize
OleInitialize
CLSIDFromString

oleaut32

VariantClear
SysFreeString
VariantInit
SysAllocString

msvcr90

strlen
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__uncaught_exception
__crtLCMapStringW
__crtGetStringTypeW
islower
_malloc_crt
_free_locale
_ui64toa_s
_create_locale
___mb_cur_max_l_func
_errno
_calloc_crt
___lc_handle_func
___lc_codepage_func
isupper
__pctype_func
__crtLCMapStringA
setlocale
abort
__CxxFrameHandler3
_CxxThrowException
_itoa_s
strcat
strcpy
wcsncpy
wcsstr
exit
wcsncmp
_beginthreadex
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
strcspn
atoi
strchr
localeconv
memchr
_crt_debugger_hook
_controlfp_s
wcscat
wcscmp
_wtol
_vswprintf
_invoke_watson
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
toupper
strcat_s
sprintf_s
malloc
strncmp
??_V@YAXPAX@Z
memmove
memcpy
??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
memset
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
memcpy_s
memmove_s
??0exception@std@@QAE@ABV01@@Z
_wcsdup
sprintf
?what@exception@std@@UBEPBDXZ
wcslen
free
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_purecall
_adjust_fdiv

Sections

.text
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4a1cbb9a21c82fb8e81cae18f66ffe0c

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

ws2_32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcr90

Sections

.text Size: 106KB - Virtual size: 106KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 3KB - Virtual size: 21KB

.rsrc Size: 3KB - Virtual size: 3KB

.text
Size: 106KB - Virtual size: 106KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 3KB - Virtual size: 21KB

.rsrc
Size: 3KB - Virtual size: 3KB