ad921acf5b68ba0c5eba8a3d4050d777_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ad921acf5b68ba0c5eba8a3d4050d777_JaffaCakes118
Size

678KB
MD5

ad921acf5b68ba0c5eba8a3d4050d777
SHA1

8ba2c2db6bb3114019b244c96709a02fbd3da0b3
SHA256

1d334130be8c27b5ff58ef08ee5868a28e7466a0568a6f1f38ca9dfa19da72d9
SHA512

32360cff3480b516e35a2d42e924ac3635960837c5c701b847261d391b05c2790bfeadb49ca9cc46846542540c2ad89fe95a91bfedaf4275529f5aeda00d595a
SSDEEP

12288:j9GzPs+q15pCB4AMi9Md0X56hRgIID80IwfZNqF27KDzUBYXS+EprKkWrEn+OGup:j9qjq15tAMjKp6hRgIID80IwfZNqF27f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad921acf5b68ba0c5eba8a3d4050d777_JaffaCakes118

Files

ad921acf5b68ba0c5eba8a3d4050d777_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b32133bdc480c43a60b8a203e527b21a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
GetSystemTimeAsFileTime
GetLocalTime
GetLastError
GetShortPathNameA
GetPrivateProfileStringA
GetFileTime
GetPrivateProfileIntA
CloseHandle
WaitForSingleObject
CreateProcessA
GetModuleFileNameA
GetFileSize
CreateFileA
ExitThread
Sleep
GetExitCodeThread
CreateThread
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetModuleHandleA
lstrcmpiA
GetDiskFreeSpaceA
GetVersionExA
lstrcpyA
InitializeCriticalSection
HeapDestroy
GetCurrentProcess
FindNextFileA
SetLastError
lstrlenA
GetSystemDirectoryA
GetLocaleInfoA
GetSystemTime
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
FlushFileBuffers
GetStartupInfoA
GetEnvironmentVariableA
FreeLibrary
CreateMutexA
FormatMessageA
TerminateProcess
OpenProcess
LocalAlloc
LocalLock
LocalUnlock
LocalFree
GetModuleHandleW
GetFileAttributesA
CreateDirectoryA
CopyFileA
GetTempPathA
ExpandEnvironmentStringsA
SetFileAttributesA
DeleteFileA
FindClose
RemoveDirectoryA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindFirstFileA
LoadLibraryA
GetProcAddress
lstrcatA
DeleteCriticalSection
ReleaseMutex

user32

MsgWaitForMultipleObjects
RegisterClassA
BeginPaint
GetSysColor
LoadCursorA
EndPaint
PostQuitMessage
DefWindowProcA
DestroyWindow
CreateWindowExA
ExitWindowsEx
CharNextA
GetSysColorBrush
LoadStringA
InvalidateRect
UpdateWindow
SendMessageA
ShowWindow
MessageBoxA
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
LoadIconA
DrawTextA

gdi32

SetBkColor

advapi32

RegEnumKeyExA
RegCreateKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyA
OpenProcessToken

ole32

ProgIDFromCLSID
CoUnmarshalInterface
CreateStreamOnHGlobal
CoMarshalInterface
CoTaskMemFree
OleLoadFromStream
OleSaveToStream
WriteClassStm
CoReleaseMarshalData
StringFromCLSID
CoCreateInstance
CoRegisterClassObject
CoRevokeClassObject

oleaut32

SysStringLen
SysFreeString
SysAllocStringLen
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantInit
VariantClear
VariantChangeType
VariantCopy
RegisterTypeLi
SetErrorInfo
LoadTypeLi
CreateErrorInfo

comctl32

ord17

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ws2_32

WSAStartup
gethostbyname
WSAGetLastError
gethostname
WSACleanup

msvcrt

?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_XcptFilter
strcmp
_except_handler3
fputc
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_fdopen
strstr
strncmp
sscanf
strncpy
fseek
ftell
rewind
_errno
_isctype
__mb_cur_max
_pctype
printf
isalpha
tolower
_wtoi
_ultow
_ltow
_wtol
atof
_itow
_access
fwprintf
_wcsupr
swprintf
wcslen
_purecall
_stricmp
_EH_prolog
wcscmp
memcmp
malloc
fread
fwrite
free
atoi
rename
remove
fputs
fgets
atol
fclose
fopen
fprintf
_itoa
_ui64toa
_ftol
_strupr
??2@YAPAXI@Z
__CxxFrameHandler
calloc
__getmainargs
strlen
strcat
strcpy
memset
??3@YAXPAX@Z
_chdir
getchar
_iob
fflush
exit
strchr
_acmdln
sprintf
memcpy
toupper
_unlink
_strdup
_stat

msvcp50

?_Freeze@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ifstream@DU?$char_traits@D@std@@@std@@UAE@XZ
?seekg@?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@H@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@JW4seekdir@ios_base@2@@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??1?$basic_ifstream@GU?$char_traits@G@std@@@std@@UAE@XZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDH@Z
?getline@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@1@AAV21@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPAD0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGII@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?tellg@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE?AV?$fpos@H@2@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBGI@Z
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBDI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIPBD@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IPBD@Z
??0Init@ios_base@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??1Init@ios_base@std@@QAE@XZ
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
?eof@ios_base@std@@QBE_NXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDH@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??9std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
??7ios_base@std@@QBE_NXZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?fail@ios_base@std@@QBE_NXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

odbc32

ord16
ord18
ord13
ord7
ord72
ord14
ord12
ord23
ord2
ord9
ord10
ord11
ord50
ord15
ord3
ord49
ord48
ord4
ord1
ord19

Exports

Exports

??0CProcessManager@@QAE@ABV0@@Z
??0CProcessManager@@QAE@XZ
??1CProcessManager@@UAE@XZ
??4CProcessManager@@QAEAAV0@ABV0@@Z
??_7CProcessManager@@6B@
?killProc@CProcessManager@@QBE?AW4_retval@1@PBD@Z

Sections

.text
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b32133bdc480c43a60b8a203e527b21a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

comctl32

version

ws2_32

msvcrt

msvcp50

odbc32

Exports

Exports

Sections

.text Size: 429KB - Virtual size: 429KB

.rdata Size: 41KB - Virtual size: 41KB

.data Size: 83KB - Virtual size: 133KB

.idata Size: 15KB - Virtual size: 15KB

.rsrc Size: 107KB - Virtual size: 107KB

.text
Size: 429KB - Virtual size: 429KB

.rdata
Size: 41KB - Virtual size: 41KB

.data
Size: 83KB - Virtual size: 133KB

.idata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 107KB - Virtual size: 107KB