b9fdb87f555742cbb5532342e7cec854_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b9fdb87f555742cbb5532342e7cec854_JaffaCakes118
Size

272KB
MD5

b9fdb87f555742cbb5532342e7cec854
SHA1

3c4856d67b2108b8925f69a1a718525aeb0dee87
SHA256

7c46381a4641cecf3c3ba27d45aff540e2784d6ab63745ad9cce09fa3b26ca4c
SHA512

75338c830310e156e0df695c4735903221127b4c9182a654d87d378196146e5cccc3c5550ed34503af280412db23f1858928bfcc835a19549c22e9f28f732409
SSDEEP

3072:lLzhjSt5UDwb6kFzI2FDpVrjkY56Hx7JLR2YWgBOk9RPFdz7CqqhnBViNyyae+99:lLzhjxw7j56Hx7d1BOk99z7kBAPaeo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b9fdb87f555742cbb5532342e7cec854_JaffaCakes118

Files

b9fdb87f555742cbb5532342e7cec854_JaffaCakes118
.exe windows:5 windows x86 arch:x86

ddadd4d5e0e6ea13e1e205ae272ac741

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc90u

ord3803
ord4004
ord5137
ord3082
ord4351
ord2601
ord280
ord1043
ord783
ord581
ord2326
ord5887
ord6013
ord2479
ord2449
ord321
ord2452
ord2451
ord320
ord1599
ord650
ord1204
ord4276
ord4684
ord4906
ord6553
ord6439
ord3035
ord3340
ord4641
ord2090
ord5171
ord5285
ord4677
ord5945
ord3009
ord5861
ord1462
ord5606
ord2239
ord2204
ord6762
ord2867
ord2859
ord4994
ord4490
ord1188
ord2337
ord388
ord462
ord710
ord3948
ord4042
ord4895
ord4896
ord588
ord4693
ord1441
ord3681
ord5664
ord5601
ord4378
ord5294
ord5297
ord4800
ord4805
ord4802
ord4820
ord4823
ord4807
ord5210
ord5020
ord4599
ord4590
ord5418
ord5224
ord4866
ord793
ord5624
ord2232
ord3773
ord614
ord3993
ord813
ord338
ord290
ord935
ord938
ord2478
ord6693
ord4442
ord2547
ord2081
ord6699
ord1603
ord4451
ord3853
ord779
ord788
ord4687
ord4698
ord5658
ord2071
ord4431
ord2652
ord980
ord6382
ord6380
ord3232
ord4731
ord5452
ord5449
ord2080
ord1733
ord4126
ord2189
ord2341
ord2340
ord6338
ord4720
ord5619
ord4013
ord585
ord576
ord451
ord1176
ord3855
ord3879
ord903
ord1108
ord1183
ord445
ord3568
ord6127
ord4475
ord5917
ord3321
ord697
ord3494
ord5878
ord6612
ord293
ord3729
ord6164
ord4519
ord899
ord5939
ord1088
ord1144
ord2597
ord617
ord582
ord3500
ord1298
ord6311
ord2360
ord2345
ord6687
ord6691
ord811
ord4448
ord4423
ord6801
ord4173
ord6803
ord4747
ord2251
ord2206
ord6035
ord4179
ord1048
ord5548
ord6741
ord5830
ord4213
ord2087
ord3217
ord5674
ord5676
ord4347
ord4996
ord5680
ord5663
ord6018
ord3115
ord4905
ord4681
ord3670
ord589
ord513
ord4897
ord4893
ord4890
ord4043
ord3220
ord285
ord1607
ord4000
ord639
ord5632
ord4631
ord5167
ord5324
ord5008
ord2208
ord1810
ord1809
ord1675
ord3353
ord6408
ord4345
ord1492
ord5602
ord2074
ord5653
ord4702
ord6376
ord3226
ord5625
ord2139
ord4682
ord3515
ord374
ord1186
ord2537
ord296
ord600
ord794
ord736
ord1137
ord450
ord266
ord5618
ord5448
ord1697
ord4985
ord5354
ord2445
ord2079
ord2860
ord5447
ord5451
ord4730
ord4553
ord3233
ord5338
ord3229
ord6379
ord3230
ord6381
ord981
ord5803
ord3287
ord2651
ord2650
ord4430
ord1681
ord3355
ord6411
ord1754
ord1751
ord4344
ord1493
ord4664
ord5598
ord2070
ord5512
ord6800
ord4603
ord5657
ord2369
ord1380
ord3743
ord5154
ord4697
ord1728
ord6466
ord5685
ord5683
ord960
ord965
ord969
ord967
ord971
ord2615
ord2635
ord2619
ord2625
ord2623
ord2621
ord2638
ord2633
ord2617
ord2640
ord2628
ord2610
ord2612
ord2630
ord2375
ord2368
ord1641
ord6802
ord4174
ord1261
ord3959
ord6397
ord3343
ord3966
ord265
ord2084
ord1254
ord1250
ord1248
ord1201
ord2447
ord6482
ord4441
ord457
ord996
ord1616
ord5831
ord341
ord5567
ord1064
ord6776
ord6777
ord1198
ord6804
ord3682
ord5404
ord5675
ord6375
ord3225
ord1442
ord2138
ord1792
ord1791
ord1727
ord5650
ord2771
ord2983
ord2694
ord5851
ord5979
ord4405
ord933
ord784
ord286
ord3112
ord4728
ord2966
ord3140
ord2774
ord2893
ord802
ord322
ord1145
ord2764
ord4080
ord4081
ord4071
ord2891
ord4348
ord4910
ord4685
ord670
ord4012
ord3852
ord799
ord939
ord801
ord605
ord1274
ord1233
ord1272

msvcr90

wcscat_s
_itow_s
_CxxThrowException
wcscpy_s
_wcsicmp
_waccess
_wtoi
memset
_recalloc
wcsncpy_s
memcpy_s
free
malloc
wcsstr
_wsplitpath_s
__CxxFrameHandler3
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
toupper
_chdrive
_chdir
_getcwd
atoi

kernel32

GetModuleFileNameW
lstrlenW
LoadLibraryW
GetProcessHeap
GetLastError
InterlockedIncrement
GetTempPathW
RemoveDirectoryW
GetCommandLineW
FindFirstFileW
GetSystemTimeAsFileTime
DeleteFileW
FindNextFileW
FindClose
ResumeThread
DeleteCriticalSection
InitializeCriticalSection
HeapFree
CreateDirectoryW
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
SetErrorMode
LoadLibraryA
LocalAlloc
GetModuleFileNameA
lstrcpyA
lstrlenA
GetPrivateProfileStringA
LocalFree
CreateProcessW
Sleep
WideCharToMultiByte
CopyFileExW
ExpandEnvironmentStringsW
GetProfileStringW
GetWindowsDirectoryW
GetShortPathNameW
lstrcatW
GetVolumeInformationW
GetVersionExW
CreateEventW
ResetEvent
LeaveCriticalSection
EnterCriticalSection
SetEvent
GetTickCount
GetFileAttributesW
InterlockedDecrement
CopyFileW
GetFileSize
MoveFileW
CreateFileW
CloseHandle
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
GetModuleHandleW
GetProcAddress
RaiseException

user32

ReleaseCapture
WaitForInputIdle
EnumWindows
GetWindowThreadProcessId
IsWindow
GetAncestor
GetWindowTextW
SetForegroundWindow
BringWindowToTop
SetFocus
EnableWindow
SetCapture
SetActiveWindow
SetCursor
LoadCursorW
DestroyWindow
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
PostQuitMessage
CreateDialogParamW
CharNextW

gdi32

DeleteDC
CreateICW

winspool.drv

EnumPrinterDriversW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW

shell32

SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetFolderPathW
ShellExecuteExW

ole32

OleInitialize
OleUninitialize
CoMarshalInterThreadInterfaceInStream
CoInitialize
CoGetInterfaceAndReleaseStream
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
VariantInit
VariantClear
SysStringLen
DispCallFunc
LoadRegTypeLi
LoadTypeLi
SetErrorInfo
CreateErrorInfo
SysAllocStringByteLen
SysStringByteLen

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.prdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ddadd4d5e0e6ea13e1e205ae272ac741

Headers

DLL Characteristics

File Characteristics

Imports

mfc90u

msvcr90

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 114KB - Virtual size: 113KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 4KB

.rsrc Size: 41KB - Virtual size: 41KB

.prdata Size: 72KB - Virtual size: 72KB

.text
Size: 114KB - Virtual size: 113KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 41KB - Virtual size: 41KB

.prdata
Size: 72KB - Virtual size: 72KB