b660657da5421d0b8a489c2fa46042d4_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b660657da5421d0b8a489c2fa46042d4_JaffaCakes118
Size

384KB
MD5

b660657da5421d0b8a489c2fa46042d4
SHA1

36fcb65fa8458aa119c53ff8e8e0525c68d660fb
SHA256

7ac32ac56ce05dbc3c693d378cab9d32f3e5e482d9dcec90cb7fccfe1fa04c23
SHA512

fda92e26aa06aa068c023282ba8c55ca7dbefbfe2f6612acc4b7d06d6fdb3d8f8ef57c1b961a70f68451f532bffac2284496463bf276770c64de69410b43e2d4
SSDEEP

6144:r81ZvDAf0f5v2QRZn7bZ4wuZPfmMSnhVtuTBfvu1Eonsix+79u2I37ko:rUrU0rSwO8VETJvuKQ2mV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b660657da5421d0b8a489c2fa46042d4_JaffaCakes118

Files

b660657da5421d0b8a489c2fa46042d4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

74733f716346c59a89a083c384ea73ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord6142
ord5860
ord772
ord500
ord758
ord475
ord4710
ord4234
ord641
ord324
ord3597
ord4425
ord5280
ord1775
ord6052
ord2514
ord4998
ord5265
ord6453
ord1146
ord2859
ord3571
ord6383
ord5440
ord6215
ord4299
ord5787
ord3573
ord2379
ord6380
ord6197
ord562
ord816
ord5875
ord5789
ord3626
ord3619
ord1233
ord6442
ord4275
ord567
ord818
ord4627
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1776
ord4078
ord6055
ord1949
ord6663
ord926
ord922
ord6283
ord2107
ord2044
ord2448
ord2841
ord6394
ord5834
ord5450
ord3663
ord356
ord2770
ord2781
ord4058
ord3178
ord1980
ord668
ord5856
ord2256
ord2726
ord924
ord565
ord817
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5715
ord5289
ord5307
ord4699
ord4079
ord5303
ord5300
ord3346
ord2396
ord4226
ord1948
ord6877
ord5683
ord5710
ord2860
ord323
ord1640
ord5785
ord2405
ord2414
ord640
ord2763
ord6662
ord4277
ord536
ord5572
ord5773
ord2614
ord6385
ord1641
ord289
ord613
ord2915
ord1187
ord4278
ord654
ord541
ord341
ord801
ord860
ord535
ord4202
ord2764
ord4129
ord858
ord939
ord941
ord354
ord5186
ord665
ord5442
ord1168
ord1979
ord3318
ord1200
ord537
ord825
ord533
ord5194
ord3811
ord540
ord3337
ord2818
ord6407
ord1997
ord800
ord798
ord1575
ord1182
ord823
ord342
ord1253
ord2086

msvcrt

_callnewh
wcslen
sscanf
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_strlwr
_CIacos
_CIpow
__dllonexit
_onexit
??1type_info@@UAE@XZ
_initterm
_adjust_fdiv
exit
memset
strcat
__CxxFrameHandler
_vsnprintf
sprintf
memcpy
strcpy
strncmp
strlen
strtoul
printf
_CxxThrowException
ceil
_ftol
memmove
abs
strncpy
strcmp
rand
srand
pow
log10
free
calloc
strchr
time
atoi
_mbscmp
strstr
memcmp
fprintf
_iob
malloc
fflush
realloc
??0exception@@QAE@ABV0@@Z
wcscmp
_strupr
_beginthreadex
getenv
_flushall
system
_mbsicmp
_except_handler3
strrchr

kernel32

Module32First
LeaveCriticalSection
EnterCriticalSection
GetTickCount
TerminateThread
DeleteCriticalSection
InitializeCriticalSection
FormatMessageA
QueryPerformanceFrequency
QueryPerformanceCounter
GetSystemTimeAsFileTime
TlsGetValue
TlsSetValue
SetEvent
ReleaseMutex
TlsFree
TlsAlloc
CreateMutexA
CreateEventA
GetVersion
WaitForSingleObject
CreateToolhelp32Snapshot
Process32First
Process32Next
CreateThread
OpenProcess
lstrlenA
VirtualAllocEx
WriteProcessMemory
ReadProcessMemory
GetCurrentProcess
GetLastError
GetSystemDirectoryA
OutputDebugStringA
ExitProcess
UnmapViewOfFile
GetVersionExA
CloseHandle
MapViewOfFile
LocalFree
FreeLibrary
LoadLibraryA
GetProcAddress
Sleep
GetCommandLineA
GetModuleHandleA
Module32Next
DuplicateHandle
GetCurrentProcessId
lstrlenW
LocalAlloc
GetTempPathA
Beep
GetPrivateProfileStringA
VirtualQueryEx
GetSystemInfo
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameA
GlobalReAlloc
GlobalUnlock
GlobalAlloc
GlobalLock
GlobalFree
WinExec
DeleteFileA
MoveFileA
SetLastError
MultiByteToWideChar
GetExitCodeThread
VirtualFreeEx
WriteFile
CreateFileA
ReadFile
GetFileSize
FindFirstFileA
TerminateProcess
CreateProcessA
GetStartupInfoA
WriteConsoleInputA
GetStdHandle
ReadConsoleOutputCharacterA
ReadConsoleOutputA
GetConsoleScreenBufferInfo
SetCurrentDirectoryA
CopyFileA
AllocConsole
WaitForMultipleObjectsEx
SetLocalTime
GetLocalTime
SetStdHandle
CreatePipe
GetWindowsDirectoryA
Thread32Next
OpenThread
Thread32First
WideCharToMultiByte
GetCurrentThreadId
lstrcpyW
GetDiskFreeSpaceExA
lstrcpyA
GetDriveTypeA
FindClose
FindNextFileA
lstrcatA
SetFilePointer
CreateDirectoryA
RemoveDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetExitCodeProcess
GetEnvironmentVariableW
DeviceIoControl
lstrcmpiA
GetComputerNameA
GetLogicalDrives
GlobalMemoryStatus
lstrcpynA
CreateRemoteThread
FreeConsole
lstrcmpA

user32

CharToOemA
IsCharAlphaNumericA
GetCursorPos
CloseWindow
MessageBoxA
FillRect
InvalidateRect
SetWindowRgn
SetWindowLongA
DefWindowProcA
LoadCursorA
LoadIconA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
wsprintfA
EnumDisplayDevicesA
EnumWindows
GetClassNameA
PostMessageA
CloseWindowStation
OpenInputDesktop
GetUserObjectInformationA
CloseDesktop
GetProcessWindowStation
GetThreadDesktop
OpenWindowStationA
SetProcessWindowStation
SendMessageTimeoutA
ShowWindow
GetWindowThreadProcessId
GetWindowTextA
GetAsyncKeyState
GetTopWindow
GetWindowPlacement
WindowFromPoint
ScreenToClient
GetWindow
GetWindowLongA
GetKeyState
GetForegroundWindow
EnumChildWindows
DialogBoxParamA
SetWindowPos
SetForegroundWindow
RegisterWindowMessageA
OpenDesktopW
SetThreadDesktop
GetCursor
IsRectEmpty
PostThreadMessageA
PostQuitMessage
SendMessageA
GetClientRect
GetIconInfo
DestroyIcon
OpenClipboard
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
IsWindowUnicode
RegisterHotKey
UnregisterHotKey
ExitWindowsEx
SystemParametersInfoA
EnableWindow
keybd_event
mouse_event
SetCursorPos
GetSystemMetrics
GetWindowDC
GetWindowRect
GetDC
ReleaseDC
GetDesktopWindow
SetTimer
EndDialog
KillTimer
GetDCEx
LoadBitmapA
SetRect
CopyRect
SwapMouseButton

gdi32

CreatePatternBrush
PatBlt
ExtCreateRegion
CombineRgn
CreateSolidBrush
CreateFontIndirectA
BeginPath
EndPath
PathToRegion
GetDeviceCaps
GetBitmapBits
CreateDCA
GetPixel
GetStockObject
SelectPalette
RealizePalette
CreateCompatibleBitmap
CreateDIBSection
BitBlt
DeleteObject
GetObjectA
CreateCompatibleDC
SelectObject
GetDIBits
DeleteDC
CreateBitmap

advapi32

RegEnumKeyA
RegCreateKeyA
RegEnumKeyExA
RegDeleteValueA
EnumServicesStatusA
DeleteService
ChangeServiceConfigA
ControlService
StartServiceA
OpenSCManagerA
CloseServiceHandle
OpenServiceA
QueryServiceConfigA
ImpersonateLoggedOnUser
GetUserNameA
RevertToSelf
RegQueryValueExA
CreateProcessAsUserA
RegOpenKeyA
RegEnumValueA
RegOpenKeyExA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegisterEventSourceA
ReportEventA
DeregisterEventSource

shell32

SHGetFileInfoA
ExtractIconExA
SHGetSpecialFolderPathA
ShellExecuteA

ole32

CoInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoUninitialize

olepro32

ord251

oleaut32

GetErrorInfo
VariantClear
SysFreeString

urlmon

URLDownloadToFileA

msvcp60

??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?nothrow@std@@3Unothrow_t@1@B
??0Init@ios_base@std@@QAE@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z

msvfw32

ICSendMessage
ICOpen
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSeqCompressFrame
ICSeqCompressFrameStart

shlwapi

SHDeleteKeyA

ntdll

_strcmpi
_strnicmp
_wcsicmp
_stricmp
ZwQuerySystemInformation
ZwOpenFile
RtlInitUnicodeString
ZwOpenSection

wininet

InternetGetConnectedState
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
InternetReadFile

winmm

mixerClose
sndPlaySoundA
mixerSetControlDetails
waveOutGetDevCapsA
waveInUnprepareHeader
mixerGetControlDetailsA
mixerGetLineControlsA
mixerGetLineInfoA
mixerOpen
mixerGetID
mciSendStringA
waveOutGetNumDevs
timeGetTime
waveOutSetVolume
waveOutOpen
waveOutGetErrorTextA
waveOutClose
waveOutReset
waveOutUnprepareHeader
waveOutWrite
waveOutPrepareHeader
waveInStart
waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInGetErrorTextA
waveInClose
waveInReset
waveInStop

ws2_32

ioctlsocket
WSAGetOverlappedResult
WSAResetEvent
WSAWaitForMultipleEvents
gethostname
__WSAFDIsSet
WSAAsyncSelect
WSAConnect
WSAAsyncGetHostByName
WSASocketA
WSACloseEvent
WSACreateEvent
WSAGetLastError
WSAStartup
WSACleanup
ntohs
bind
socket
closesocket
connect
send
recv
ntohl
htonl
sendto
recvfrom
getsockname
getpeername
setsockopt
WSARecv
WSASend
htons
WSASetLastError
inet_ntoa
getservbyname
inet_addr
gethostbyname
gethostbyaddr
getservbyport
select
listen
accept

Exports

Exports

start

Sections

.text
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74733f716346c59a89a083c384ea73ab

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

olepro32

oleaut32

urlmon

msvcp60

msvfw32

shlwapi

ntdll

wininet

winmm

ws2_32

Exports

Exports

Sections

.text Size: 240KB - Virtual size: 236KB

.rdata Size: 48KB - Virtual size: 45KB

.data Size: 56KB - Virtual size: 2.3MB

.rsrc Size: 4KB - Virtual size: 2KB

.reloc Size: 32KB - Virtual size: 29KB

.text
Size: 240KB - Virtual size: 236KB

.rdata
Size: 48KB - Virtual size: 45KB

.data
Size: 56KB - Virtual size: 2.3MB

.rsrc
Size: 4KB - Virtual size: 2KB

.reloc
Size: 32KB - Virtual size: 29KB