b2941a5d7d1aea05189666fafa93fa96_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b2941a5d7d1aea05189666fafa93fa96_JaffaCakes118
Size

2.5MB
MD5

b2941a5d7d1aea05189666fafa93fa96
SHA1

982deb526e93ed6d096640b69b4c90c427a9a659
SHA256

728a5ea31ba7eaa2e32df524b4350a920b6833ce2b9ce427099c98149ac5bff7
SHA512

813401de088daef7e6f39fca414c78ed46bd1ee91fa6873d7f6711743b83fa6b3615a3791277ad0c1a50df7e2c32875dd02cd39a83cfbe3355dc5bdf79742d0d
SSDEEP

49152:z4jClnWSEgRRalksg4t5xSCCxP90LU1ki09sNV3gsaQRIV+cB3LTRmB6TSC/qXIP:EmVEc8lksd7cd9qU15tNVwj+cB3Xm6Tz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b2941a5d7d1aea05189666fafa93fa96_JaffaCakes118

Files

b2941a5d7d1aea05189666fafa93fa96_JaffaCakes118
.exe windows:4 windows x86 arch:x86

61b7c96a10f49d392e2d08038dcfa7e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5280
ord5065
ord5261
ord2446
ord4425
ord3597
ord641
ord324
ord2302
ord4234
ord6199
ord4710
ord4034
ord3005
ord6197
ord6379
ord6215
ord1199
ord3874
ord2379
ord6453
ord1802
ord1934
ord6569
ord1935
ord4278
ord6648
ord6662
ord4160
ord3318
ord6927
ord5710
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord4046
ord2145
ord2144
ord6225
ord5231
ord5247
ord2132
ord4601
ord2621
ord1205
ord1134
ord824
ord5435
ord1683
ord1673
ord2628
ord5980
ord2641
ord4122
ord6214
ord6196
ord4298
ord5948
ord3088
ord3875
ord3871
ord6198
ord4286
ord4283
ord3137
ord3796
ord5719
ord6092
ord3524
ord6374
ord6095
ord4035
ord2549
ord2433
ord3353
ord3579
ord426
ord726
ord826
ord2817
ord2820
ord3811
ord6143
ord3402
ord3721
ord795
ord567
ord818
ord4275
ord4299
ord3528
ord2136
ord2841
ord1601
ord2107
ord5241
ord1775
ord6052
ord2514
ord4998
ord5265
ord922
ord1200
ord6883
ord1168
ord541
ord801
ord2818
ord924
ord354
ord665
ord2729
ord2730
ord6467
ord2727
ord6449
ord6394
ord5450
ord6383
ord5440
ord2452
ord5856
ord4202
ord2764
ord537
ord941
ord940
ord939
ord2915
ord1146
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord1727
ord3749
ord6376
ord2055
ord2648
ord1176
ord1243
ord1578
ord600
ord269
ord1576
ord4441
ord4837
ord3798
ord4353
ord5163
ord2385
ord4407
ord1776
ord4078
ord6055
ord1641
ord858
ord2414
ord5683
ord2763
ord4129
ord3626
ord3571
ord4083
ord539
ord823
ord3663
ord1175
ord1862
ord825
ord500
ord3701
ord772
ord540
ord1574
ord2864
ord2405
ord323
ord1640
ord4032
ord640
ord389
ord5207
ord1988
ord690
ord1949
ord5030
ord465
ord857
ord2135
ord4467
ord674
ord3623
ord4427
ord5252
ord4436
ord1665
ord2649
ord5282
ord5237
ord4077
ord4151
ord2878
ord2879
ord3403
ord5472
ord975
ord5012
ord3350
ord4303
ord5103
ord5290
ord860
ord535
ord800
ord1099
ord686
ord3872
ord1871
ord6571
ord415
ord715
ord5620
ord1105
ord6876
ord6283
ord6282
ord6930
ord6928
ord6877
ord6874
ord353
ord5861
ord5829
ord3726
ord2065
ord711
ord398
ord413
ord700
ord6307
ord913
ord4167
ord521
ord1158
ord4189
ord1799
ord614
ord2623
ord290
ord4226
ord2486
ord4003
ord446
ord743
ord1106
ord6354
ord5500
ord6929
ord861
ord1770
ord462
ord926
ord2450
ord859
ord844
ord1572
ord542
ord812
ord6144
ord5862
ord5610
ord559
ord2448
ord2044
ord5834
ord1948
ord5303
ord4699
ord5715
ord565
ord817
ord2726
ord802
ord1085
ord2765
ord703
ord603
ord273
ord404
ord3939
ord2454
ord1969
ord403
ord6663
ord2092
ord1233
ord366
ord1979
ord5442
ord4376
ord3092
ord4853
ord5953
ord4204
ord4242
ord2688
ord2723
ord2390
ord3059
ord5100
ord384

msvcrt

??8type_info@@QBEHABV0@@Z
_setmbcp
_EH_prolog
?terminate@@YAXXZ
isupper
strncmp
isdigit
islower
memset
strlen
_snprintf
strrchr
_mbsstr
mbstowcs
_wcslwr
wcsstr
_getch
??0exception@@QAE@ABQBD@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_purecall
calloc
strstr
_CxxThrowException
_mbsnbcpy
_mbsicmp
tolower
ftell
rewind
isxdigit
strchr
_tempnam
printf
sprintf
fprintf
_stricmp
_itoa
_strnicmp
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
fwrite
_splitpath
toupper
sscanf
isalpha
strncpy
atoi
fputc
fgetc
fopen
fseek
fread
fclose
time
srand
rand
_mbscmp
memmove
_ftol
wcslen
wcscpy
__CxxFrameHandler
malloc
free

kernel32

SetEvent
ResumeThread
SuspendThread
Beep
WaitForSingleObject
ResetEvent
CopyFileA
IsDebuggerPresent
MoveFileA
VirtualProtect
OutputDebugStringA
Sleep
GetCurrentThreadId
ReadProcessMemory
OpenProcess
WinExec
PulseEvent
OpenEventA
GetCurrentThread
GetACP
InterlockedDecrement
InterlockedIncrement
GlobalFree
ReadFile
GlobalAlloc
GetFileSize
LocalAlloc
FormatMessageA
SetEnvironmentVariableA
IsDBCSLeadByte
GetCurrentProcess
VirtualProtectEx
GetCurrentProcessId
SetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualAlloc
GetStartupInfoA
WideCharToMultiByte
CloseHandle
OpenMutexA
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
SetCurrentDirectoryA
GetLastError
FreeLibrary
GetWindowsDirectoryA
GetSystemDirectoryA
GetTempPathA
MultiByteToWideChar
SetFileAttributesA
GetPrivateProfileStringA
GetModuleHandleA
GetModuleFileNameA
GetTempFileNameA
GetPrivateProfileIntA
LoadLibraryA
GetProcAddress
CreateFileA
DeviceIoControl
CompareStringA
CreateDirectoryA
DeleteFileA
lstrlenW
lstrlenA
GetVersion
GetVersionExA
HeapFree
HeapAlloc
GetProcessHeap
VirtualQuery
GetSystemInfo
VirtualFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalReAlloc
SetUnhandledExceptionFilter
Module32Next
Module32First
CreateToolhelp32Snapshot
SleepEx
TerminateThread
CreateThread
FileTimeToSystemTime
SetFilePointer
GetFileInformationByHandle
WriteFile
SystemTimeToFileTime
GetLocalTime
GetTickCount
GetCurrentDirectoryA
LocalFileTimeToFileTime
SetFileTime
LocalFree
LCMapStringA
GetStringTypeExA
GetUserDefaultLCID
InterlockedCompareExchange
InterlockedExchange
CreateEventA
VirtualProtect
ExitProcess

user32

EnumDisplaySettingsA
PostQuitMessage
DefWindowProcA
UnregisterClassA
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
RegisterClassA
LoadCursorA
PostThreadMessageA
ShowWindow
EnumWindows
IsWindowVisible
OpenClipboard
LoadStringA
SetClipboardData
DrawIcon
ClipCursor
GetCursorPos
SetCursorPos
MapVirtualKeyA
CloseClipboard
EmptyClipboard
LoadImageA
keybd_event
SetWindowLongA
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowThreadProcessId
SystemParametersInfoA
CallNextHookEx
UnregisterHotKey
RegisterHotKey
SendInput
GetGUIThreadInfo
wsprintfA
GetWindowDC
GetAsyncKeyState
ReleaseDC
GetDC
GetDesktopWindow
GetForegroundWindow
GetIconInfo
IsWindow
SendMessageA
SetForegroundWindow
LoadIconA
PostMessageA
GetWindowRect
GetClientRect
EnableWindow
LoadBitmapA
GetSystemMetrics

gdi32

GetObjectA
GetPixel
CreateDIBSection
SelectObject
BitBlt
DeleteObject
CreateCompatibleBitmap
CreateCompatibleDC
GetStockObject
SetDIBits
GetDIBits
CreateDCA

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegCreateKeyA
RegOpenKeyA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
DeleteService
OpenServiceA
StartServiceA
ControlService
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteA
Shell_NotifyIconA

ole32

CoUninitialize
CoInitialize
ProgIDFromCLSID
OleRun
CoCreateInstance
StgOpenStorage

oleaut32

SysStringLen
VariantClear
VariantInit
GetErrorInfo
SysAllocStringByteLen
SysAllocStringLen
LoadTypeLi
SysFreeString
SysAllocString

shlwapi

SHDeleteKeyA

msvcp60

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??_7runtime_error@std@@6B@
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??1runtime_error@std@@UAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD0@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADXZ
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PAD0PBD1@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??_7logic_error@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??0logic_error@std@@QAE@ABV01@@Z
?what@logic_error@std@@UBEPBDXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Xlen@std@@YAXXZ
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??8std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??_7bad_exception@std@@6B@
??1bad_exception@std@@UAE@XZ
??0bad_exception@std@@QAE@ABV01@@Z
??1logic_error@std@@UAE@XZ
?what@runtime_error@std@@UBEPBDXZ
?_Doraise@runtime_error@std@@MBEXXZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IID@Z
??Nstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0runtime_error@std@@QAE@ABV01@@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??9std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z

imagehlp

MakeSureDirectoryPathExists

psapi

EnumProcessModules

ws2_32

gethostbyname

wininet

InternetSetOptionA

winmm

timeGetTime

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 387KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 1004KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.mmc0
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mmc1
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

61b7c96a10f49d392e2d08038dcfa7e6

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

msvcp60

imagehlp

psapi

ws2_32

wininet

winmm

Exports

Exports

Sections

.text Size: - Virtual size: 332KB

.rdata Size: - Virtual size: 387KB

.data Size: - Virtual size: 106KB

.rsrc Size: 20KB - Virtual size: 1004KB

.mmc0 Size: - Virtual size: 1.7MB

.mmc1 Size: 2.4MB - Virtual size: 2.4MB

.text
Size: - Virtual size: 332KB

.rdata
Size: - Virtual size: 387KB

.data
Size: - Virtual size: 106KB

.rsrc
Size: 20KB - Virtual size: 1004KB

.mmc0
Size: - Virtual size: 1.7MB

.mmc1
Size: 2.4MB - Virtual size: 2.4MB