b61da90cb099f3597453472ca0c6e1da_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b61da90cb099f3597453472ca0c6e1da_JaffaCakes118
Size

1.0MB
MD5

b61da90cb099f3597453472ca0c6e1da
SHA1

c2b86c78a6d077cd46231207785608d4a83887c2
SHA256

3f02f30f6e46f414690b6e4b1f919d3142a68e6fc6956b4a3e929f1fbabf2ff5
SHA512

08d261363564ba7162be885aeb29f071f72edc010b69eec0169abe70f605a4f3bec091d013194937385c462bd887a45291c4f338c4c01733d3c50adc28db780a
SSDEEP

24576:xJJ5PjEe9/T+iTvIT9DOf1lzF5FxToq09UfgwZtc:h5ZTDTvIT9DSbxTfVgmc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b61da90cb099f3597453472ca0c6e1da_JaffaCakes118

Files

b61da90cb099f3597453472ca0c6e1da_JaffaCakes118
.exe windows:4 windows x86 arch:x86

91d5c203cc051ce8899aa295a4c98ada

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord3332
ord3806
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord2717
ord4074
ord4692
ord5303
ord5285
ord5710
ord4616
ord3733
ord815
ord561
ord5214
ord617
ord1229
ord5208
ord296
ord2613
ord1131
ord5785
ord2855
ord3871
ord2606
ord6920
ord6918
ord5679
ord5568
ord5852
ord941
ord2776
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord4273
ord537
ord6896
ord4124
ord5706
ord3084
ord4621
ord2746
ord2854
ord3281
ord3993
ord6898
ord6003
ord4238
ord3701
ord693
ord3635
ord860
ord2099
ord2836
ord803
ord543
ord3579
ord354
ord5180
ord6381
ord1971
ord665
ord4166
ord1761
ord6390
ord5446
ord6379
ord5436
ord4155
ord3365
ord4396
ord2574
ord3288
ord6667
ord3991
ord4197
ord6879
ord6278
ord6279
ord3312
ord355
ord2507
ord3172
ord4219
ord922
ord6330
ord3792
ord539
ord6193
ord6195
ord6640
ord2756
ord942
ord940
ord6868
ord927
ord2859
ord2078
ord3087
ord5977
ord6211
ord2637
ord6451
ord1165
ord1143
ord6871
ord4229
ord324
ord641
ord3592
ord4419
ord3356
ord5276
ord1767
ord6048
ord2506
ord4704
ord4992
ord4847
ord4370
ord5261
ord4279
ord809
ord609
ord3658
ord289
ord2559
ord2372
ord283
ord2406
ord4118
ord613
ord3621
ord2108
ord2111
ord2072
ord2085
ord2100
ord616
ord765
ord3569
ord3693
ord3577
ord4392
ord2570
ord4213
ord2015
ord2403
ord4390
ord656
ord2081
ord2092
ord6688
ord6238
ord3605
ord6370
ord861
ord858
ord1230
ord2144
ord818
ord567
ord3737
ord4418
ord2910
ord323
ord1633
ord5781
ord640
ord3591
ord5860
ord6057
ord5567
ord5575
ord5732
ord5674
ord5790
ord5869
ord6168
ord6017
ord6185
ord4324
ord6182
ord5752
ord6188
ord5755
ord1569
ord2966
ord4294
ord5945
ord3614
ord356
ord2762
ord2773
ord4053
ord3173
ord1972
ord668
ord2858
ord2914
ord2444
ord3566
ord6638
ord2351
ord2292
ord2333
ord2290
ord2331
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord538
ord540
ord925
ord800
ord2810
ord535
ord823
ord825
ord2291
ord2332
ord2350
ord2293
ord2359
ord2358
ord2362
ord2357
ord2356
ord2355
ord2354
ord2353
ord2352
ord562
ord6597
ord5778
ord816
ord6354
ord795
ord3716
ord804
ord3724
ord3389
ord4400
ord2579
ord4282
ord6726
ord1088
ord2070
ord2567
ord470
ord755
ord2114
ord556
ord1634
ord5871
ord682
ord3625
ord4394
ord2572

msvcrt

malloc
_wcslwr
strstr
isalnum
wcsncmp
_vsnwprintf
atoi
free
_CIpow
_ftol
time
_wctime
_wtoi64
swscanf
fclose
wcscmp
wcsncpy
_beginthreadex
wcsncat
wcslen
wcsstr
_wtoi
wcschr
_wtol
??0exception@@QAE@ABQBD@Z
memmove
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcsrchr
__CxxFrameHandler
_purecall
_wcsicmp
_wcsnicmp
strncmp
sprintf
atol
strncpy
mktime
wcscat
wcscpy
getenv
strchr
isspace
fputc
tolower
strtod
_iob
fprintf
longjmp
isalpha
towlower
_wfsopen
_snprintf
abort
_wfopen
fopen
atof
wcstod
__CxxLongjmpUnwind
_setjmp3
fwrite
fseek
ftell
fread
memchr
floor
ceil
_wsplitpath
_wmakepath
sscanf
_tzset
_stricmp
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_controlfp
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv

kernel32

GlobalAlloc
GetStartupInfoW
UnmapViewOfFile
DuplicateHandle
CreateFileMappingW
MapViewOfFile
GetFileType
GetFileInformationByHandle
FileTimeToDosDateTime
SetEvent
CreateFileA
GetProcessHeap
HeapAlloc
HeapFree
LoadLibraryExW
DeviceIoControl
SetFilePointer
lstrlenW
SetEnvironmentVariableW
CopyFileW
MoveFileExW
TerminateProcess
GetFileAttributesW
GetTimeZoneInformation
FileTimeToSystemTime
CreateProcessW
CreateMutexW
InterlockedCompareExchange
RemoveDirectoryW
WritePrivateProfileSectionW
ReadProcessMemory
GetExitCodeProcess
ResumeThread
Thread32First
OpenThread
Thread32Next
GetCurrentProcessId
ProcessIdToSessionId
GetACP
MultiByteToWideChar
AreFileApisANSI
GetLongPathNameW
LoadLibraryA
FreeLibrary
GetLogicalDriveStringsW
QueryDosDeviceW
OpenProcess
lstrcmpW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleHandleA
GetCurrentProcess
GetVersion
LoadLibraryW
GetLastError
ReleaseMutex
GetSystemTime
CreateMutexA
SystemTimeToFileTime
GetLocalTime
FindFirstFileW
SetFileAttributesW
DeleteFileW
FindNextFileW
FindClose
WideCharToMultiByte
WriteFile
GetVersionExW
GetModuleHandleW
GetProcAddress
GetSystemInfo
lstrcmpiW
InterlockedExchange
SuspendThread
GetFileAttributesExW
GetTempFileNameW
Sleep
GetTempPathW
GetPrivateProfileStringW
GetWindowsDirectoryW
CreateDirectoryW
WritePrivateProfileStringW
CreateFileW
GetFileSize
ReadFile
GetPrivateProfileSectionW
GetPrivateProfileIntW
InterlockedIncrement
InterlockedDecrement
GetTickCount
CreateThread
WaitForSingleObject
TerminateThread
CloseHandle
GetModuleFileNameW
lstrlenA
LocalFree
lstrcpynW
SizeofResource
LockResource
LoadResource
FindResourceW
GlobalFree
GlobalUnlock
GlobalLock
ExpandEnvironmentStringsW
MulDiv
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection

user32

CharLowerBuffW
WaitForInputIdle
WindowFromPoint
SystemParametersInfoW
LoadStringW
FindWindowW
IsIconic
IsWindowVisible
SetForegroundWindow
SendMessageTimeoutW
GetClassInfoW
SetCapture
ReleaseCapture
OffsetRect
GetDC
ReleaseDC
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
IsRectEmpty
DispatchMessageW
PtInRect
GetUpdateRgn
ScreenToClient
SetCursor
LoadCursorW
GetWindowLongW
GetWindow
DrawTextW
GetCursorPos
GetKeyState
GetDesktopWindow
IsClipboardFormatAvailable
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
IntersectRect
EnumChildWindows
IsZoomed
SetWindowRgn
GetMonitorInfoW
MonitorFromWindow
SetWindowLongW
ModifyMenuW
GetMenuStringW
GetSubMenu
GetMenuItemID
GetMenuItemCount
EnumWindows
GetWindowThreadProcessId
FillRect
TabbedTextOutW
GrayStringW
DrawIcon
DrawIconEx
GetSysColor
GetParent
SetWindowTextW
KillTimer
PostQuitMessage
SetWindowPos
ShowWindow
LoadIconW
LoadImageW
GetDlgItem
GetWindowRect
GetClientRect
FrameRect
GetSystemMetrics
InvalidateRect
PostMessageW
RegisterWindowMessageW
EnableWindow
SetTimer
DestroyWindow
CopyRect
SendMessageW
IsWindow

gdi32

GetTextExtentPoint32W
RectInRegion
GetObjectW
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
StretchBlt
DeleteDC
DeleteObject
CreateRectRgn
BitBlt
CreateDIBSection
StretchDIBits
SetPixel
CombineRgn
GetDIBits
GetCurrentObject
CreateFontIndirectW
GetBkMode
GetTextColor
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
GetDeviceCaps
ExtCreateRegion
GetBitmapBits
CreateBitmap
SetDIBits
GetStockObject
SetRectRgn

advapi32

RegCreateKeyExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryInfoKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteExW
SHGetSpecialFolderPathW
ShellExecuteW
SHChangeNotify

msvcp60

??_7?$ctype@D@std@@6B@
??_7ctype_base@std@@6B@
??_7facet@locale@std@@6B@
?_Iscloc@locale@std@@QBE_NXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?id@?$ctype@D@std@@2V0locale@2@A
??0_Lockit@std@@QAE@XZ
??1?$ctype@D@std@@UAE@XZ
??_8?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B@
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?init@?$basic_ios@DU?$char_traits@D@std@@@std@@IAEXPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@_N@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?str@?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_7?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
?_Tidy@?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IAEXXZ
??_7?$basic_streambuf@DU?$char_traits@D@std@@@std@@6B@
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??_D?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??1?$basic_filebuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1ios_base@std@@UAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?close@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@XZ
??_7?$basic_filebuf@DU?$char_traits@D@std@@@std@@6B@
?_Init@?$basic_filebuf@DU?$char_traits@D@std@@@std@@IAEXPAU_iobuf@@W4_Initfl@12@@Z
?clear@ios_base@std@@QAEXH_N@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?open@?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAEPAV12@PBDH@Z
??_7?$basic_ifstream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0ios_base@std@@IAE@XZ
??_8?$basic_ifstream@DU?$char_traits@D@std@@@std@@7B@
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?do_toupper@?$ctype@D@std@@MBEDD@Z
?do_toupper@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_tolower@?$ctype@D@std@@MBEDD@Z
?do_tolower@?$ctype@D@std@@MBEPBDPADPBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??1ctype_base@std@@UAE@XZ
??_7bad_cast@std@@6B@
_Getctype
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?_Cltab@?$ctype@D@std@@0PBFB
?_Term@?$ctype@D@std@@KAXXZ
??1_Locinfo@std@@QAE@XZ

ole32

CreateStreamOnHGlobal
IIDFromString
CoCreateInstance

oleaut32

VariantClear
VariantChangeType
VariantInit
VariantCopy
SysAllocStringByteLen
SysStringByteLen
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SysAllocString
SysFreeString
SysStringLen

shlwapi

PathFileExistsW
StrCmpW
StrCmpIW
PathFindExtensionW
PathCombineW
SHDeleteKeyW
SHDeleteValueW
SHSetValueW
PathIsDirectoryW
PathAppendW
StrCmpNW
PathRemoveFileSpecW
PathAddBackslashW
StrCmpNIW
SHGetValueW

wininet

InternetSetCookieA
HttpAddRequestHeadersA
HttpOpenRequestA
HttpEndRequestW
InternetWriteFile
HttpSendRequestA
HttpQueryInfoW
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetAttemptConnect
InternetReadFile
FtpOpenFileA
InternetSetStatusCallbackW
HttpSendRequestExA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msimg32

TransparentBlt
AlphaBlend

comctl32

_TrackMouseEvent

olepro32

ord251

Sections

.text
Size: 808KB - Virtual size: 804KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 44KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

91d5c203cc051ce8899aa295a4c98ada

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

gdi32

advapi32

shell32

msvcp60

ole32

oleaut32

shlwapi

wininet

version

msimg32

comctl32

olepro32

Sections

.text Size: 808KB - Virtual size: 804KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 44KB - Virtual size: 47KB

.rsrc Size: 88KB - Virtual size: 88KB

.text
Size: 808KB - Virtual size: 804KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 44KB - Virtual size: 47KB

.rsrc
Size: 88KB - Virtual size: 88KB