ad7bcb4903ae83d84f1862b013ae2b17_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

ad7bcb4903ae83d84f1862b013ae2b17_JaffaCakes118
Size

196KB
MD5

ad7bcb4903ae83d84f1862b013ae2b17
SHA1

dcf08312cb70efd01c170c7f18791da789bd0700
SHA256

df54874bd0e5cf9031eb69c34e1c8700ea35305fac147538b1907bd2fc036b22
SHA512

6ca8ea506b378fa90619c8ef2e4b520ff16457ee46493cf18e99b55294989f923f6c6d360d20c446dcb48feb8229ef478f7eb2039116998283a6cea9cebc6f65
SSDEEP

3072:ePF15xRu6uz2ZvjJj7vZRgFZRgeoGu5tB0cped4I5J7h0AfaH0wIzzShauav:kF15xo6CCjJj7LtB0cji7h0AfjweVF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ad7bcb4903ae83d84f1862b013ae2b17_JaffaCakes118

Files

ad7bcb4903ae83d84f1862b013ae2b17_JaffaCakes118
.exe windows:4 windows x86 arch:x86

366094567b25f9df0e4f70d5008371b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr71

_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
strtoul
_wsopen
_close
_filelength
_lseek
_read
realloc
calloc
printf
__security_error_handler
memset
_errno
_wctime
vswprintf
time
wcsncmp
swscanf
wcstok
_wcsicmp
wcschr
wcsncat
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_except_handler3
_wcsupr
fseek
ftell
_waccess
_wfopen
fgetws
fclose
wcscmp
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z
wcsncpy
_snwprintf
swprintf
wcscpy
wcscat
wcsrchr
wcslen
_wtoi
free
malloc

mfc71u

ord929
ord927
ord931
ord2404
ord2388
ord2407
ord2402
ord2379
ord2381
ord2399
ord2169
ord2163
ord1513
ord6273
ord3796
ord6275
ord3339
ord4961
ord1353
ord5171
ord1955
ord5196
ord2531
ord2725
ord2829
ord4301
ord2708
ord2856
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4480
ord4255
ord3331
ord572
ord760
ord709
ord602
ord1920
ord5640
ord925
ord501
ord6086
ord3635
ord5178
ord4206
ord4729
ord4884
ord2011
ord1662
ord1661
ord5908
ord1392
ord4256
ord3176
ord605
ord651
ord5199
ord2648
ord2083
ord1632
ord1562
ord4232
ord2952
ord3224
ord658
ord416
ord354
ord2860
ord4314
ord2364
ord5867
ord2651
ord1555
ord6115
ord4574
ord2361
ord589
ord330
ord3590
ord6116
ord1091
ord1190
ord5727
ord3417
ord4109
ord3395
ord3281
ord4117
ord2366
ord4226
ord587
ord326
ord5609
ord3995
ord5637
ord5636
ord3677
ord920
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord4562
ord5226
ord5209
ord5562
ord2832
ord4475
ord3327
ord757
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord899
ord776
ord577
ord293
ord896
ord2461
ord2311
ord283
ord1542
ord5862
ord2877
ord6063
ord1118
ord1536
ord5414
ord280
ord3756
ord4320
ord2009
ord1007
ord5096
ord566
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord1894
ord5633
ord1270
ord3280
ord3155
ord2362
ord1271
ord3157
ord1925
ord3204
ord1079
ord3678
ord1198
ord347
ord4032

kernel32

GetModuleHandleW
GetVersionExA
ExitProcess
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStartupInfoW
GetModuleHandleA
GetCurrentThread
LocalAlloc
GetCurrentProcess
LocalFree
CreateProcessW
CreateEventW
WaitForSingleObject
LoadLibraryExW
GetModuleFileNameW
CreateThread
Sleep
lstrcpyW
lstrcatW
lstrcmpiW
InterlockedIncrement
InterlockedDecrement
GetVersionExW
QueryPerformanceCounter
InitializeCriticalSection
SetErrorMode
LoadLibraryW
GetProcAddress
GetLastError
CloseHandle
FreeLibrary
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetDateFormatW
lstrlenW

user32

GetForegroundWindow
LoadStringW
GetSystemMetrics
DrawIconEx
DestroyIcon
ScreenToClient
GetWindowRect
InflateRect
CopyRect
DrawStateW
GetParent
GetActiveWindow
GetLastActivePopup
MessageBoxW
GetDC
InvalidateRect
FillRect
GetClientRect
UpdateWindow
EnableWindow
ReleaseDC
LoadIconW
SendMessageW
PeekMessageW
TranslateMessage
DispatchMessageW
LoadImageW

gdi32

CreateSolidBrush
GetObjectW
CreateCompatibleDC
GetDeviceCaps
RealizePalette
BitBlt
DeleteObject
CreatePalette
CreateHalftonePalette
GetTextExtentPoint32W
GetDIBColorTable
CreatePen
RoundRect
GetPixel
SetPixel
CreatePatternBrush

advapi32

RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
RegOpenKeyExW
OpenProcessToken
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid

shell32

SHChangeNotify
ShellExecuteW

comctl32

_TrackMouseEvent
ord17
ImageList_ReplaceIcon

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

366094567b25f9df0e4f70d5008371b9

Headers

File Characteristics

Imports

msvcr71

mfc71u

kernel32

user32

gdi32

advapi32

shell32

comctl32

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 8KB - Virtual size: 5KB

.rsrc Size: 124KB - Virtual size: 124KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 8KB - Virtual size: 5KB

.rsrc
Size: 124KB - Virtual size: 124KB