bf6ba47a5f61bc88505927e556e9d3bb_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

bf6ba47a5f61bc88505927e556e9d3bb_JaffaCakes118
Size

236KB
MD5

bf6ba47a5f61bc88505927e556e9d3bb
SHA1

2db8fa09ea676a358bfbd20bd07a6b2e727b237b
SHA256

c232683efe282a0e2f0a0683e3d322a7a639d255f9f8594b34fcb8eef7c6bfa5
SHA512

1a7296e68fef4a5a65705b447493d45f50ac4b4faff6d3db4691ad18974ad3fcc88e73deded01b48b4e138d51eb65f6adbf761bd08ec6e0da9139ecfb704faff
SSDEEP

3072:315M1FW22RQuSdHuAvIdy3p7EpJtnifNnUEyIs/Oj+7WKo+RuIJYGO5Oz/YR5xy:vvSIA0/ZYbUOAz/I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
bf6ba47a5f61bc88505927e556e9d3bb_JaffaCakes118

Files

bf6ba47a5f61bc88505927e556e9d3bb_JaffaCakes118
.exe windows:4 windows x86 arch:x86

5807083b3120081fad2982f0d6e71bf8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sapstg

?CreateProtocolMoniker@@YAJPA_W0PAUIStorage@@PAPAUIMoniker@@@Z
?OpenStgFile@@YAJPB_WPAUIStorage@@KPAPA_WKPAPAU1@@Z
?CreateStgFile@@YAJW4StorageTypesE@@PB_WKKPAPAUIStorage@@@Z
?SetAutoDelete@@YAXPAUIStorage@@0@Z
?Copy2Storage@@YAJPAUIStream@@PB_W@Z
?SetAutoDelete@@YAXPAUIStorage@@PAUIStream@@@Z
?NavigateToStorage@@YAJPAUIStorage@@PB_WPAPAU1@K_N@Z
?NavigateToStream@@YAJPAUIStorage@@PB_WPAPAUIStream@@K_N@Z

winmm

PlaySoundA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

mfc80

ord744
ord1452
ord5346
ord5097
ord313
ord556
ord5431
ord870
ord664
ord427
ord4067
ord2292
ord3466
ord5165
ord6065
ord6281
ord6283
ord6090
ord6063
ord2430
ord3076
ord1084
ord2371
ord4125
ord2372
ord1903
ord4041
ord6067
ord635
ord742
ord4265
ord4486
ord5200
ord1599
ord1655
ord1656
ord1964
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4277
ord3403
ord1306
ord2173
ord5205
ord4185
ord6275
ord5073
ord1908
ord5148
ord4244
ord1402
ord3945
ord1617
ord1620
ord5915
ord6725
ord1557
ord4019
ord2424
ord2425
ord943
ord4904
ord2939
ord4135
ord5012
ord5009
ord2615
ord1913
ord2246
ord6009
ord5738
ord2264
ord5726
ord3803
ord3109
ord4250
ord6305
ord2531
ord3758
ord5584
ord2992
ord2272
ord2003
ord2475
ord4968
ord2938
ord5977
ord3033
ord2766
ord5833
ord4722
ord5356
ord3944
ord5766
ord1425
ord593
ord4015
ord2145
ord2144
ord5725
ord5859
ord5119
ord334
ord4299
ord3648
ord4194
ord4993
ord553
ord395
ord3514
ord668
ord5720
ord5922
ord5401
ord5415
ord5588
ord5523
ord5647
ord5642
ord5727
ord6037
ord5888
ord6058
ord4162
ord6055
ord5609
ord6060
ord5611
ord2528
ord5229
ord5369
ord6128
ord2254
ord6125
ord2101
ord2103
ord2207
ord629
ord1031
ord6286
ord1211
ord2306
ord1181
ord2259
ord5320
ord347
ord434
ord6099
ord555
ord301
ord305
ord1159
ord3605
ord354
ord3182
ord4262
ord2862
ord5175
ord4282
ord5203
ord5152
ord1401
ord3946
ord5912
ord6724
ord1551
ord1670
ord1671
ord2020
ord4890
ord5182
ord605
ord356
ord4320
ord1203
ord2657
ord4212
ord4735
ord6236
ord4580
ord3641
ord5807
ord572
ord3315
ord2991
ord5214
ord1589
ord1647
ord739
ord1781
ord1880
ord1794
ord476
ord701
ord757
ord2248
ord5226
ord5213
ord490
ord566
ord3333
ord2838
ord5566
ord4109
ord3948
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord4568
ord3683
ord4467
ord4469
ord4473
ord5225
ord5383
ord6252
ord6251
ord3110
ord6306
ord5386
ord2156
ord1497
ord959
ord5769
ord547
ord4031
ord5975
ord1054
ord1126
ord4035
ord5124
ord3602
ord3450
ord663
ord1922
ord426
ord3236
ord1308
ord1123
ord2176
ord616
ord4264
ord4482
ord6043
ord5934
ord2768
ord3040
ord4222
ord4852
ord5495
ord2742
ord5412
ord1379
ord5592
ord5156
ord2051
ord2016
ord6238
ord1207
ord2614
ord4566
ord2141
ord368
ord4705
ord4257
ord6231
ord4085
ord3645
ord4066
ord3022
ord869
ord5430
ord1230
ord5716
ord5715
ord795
ord5446
ord783
ord6288
ord1439
ord5323
ord2903
ord5089
ord384
ord745
ord557
ord3588
ord3397
ord6752
ord340
ord4273
ord5173
ord1361
ord3344
ord5151
ord3974
ord4861
ord4864
ord4379
ord4384
ord4381
ord4399
ord4401
ord4386
ord4777
ord4591
ord4181
ord4172
ord4980
ord4781
ord4204
ord4790
ord4443
ord4444
ord596
ord416
ord651
ord2867
ord3799
ord2370
ord1565
ord4306
ord3681
ord1614
ord3591
ord760
ord5174
ord2044
ord1063
ord756
ord565
ord709
ord501
ord3682
ord4471
ord4472
ord826
ord833
ord3575
ord552
ord4281
ord4721
ord1590
ord1736
ord1744
ord5361
ord4397
ord4606
ord1734
ord1946
ord6104
ord6102
ord1936
ord1921
ord5704
ord1367
ord947
ord2017
ord2052
ord2053
ord3797
ord2832
ord2797
ord6146
ord6142
ord2076
ord6010
ord6108
ord6110
ord740
ord3085
ord3674
ord3584
ord4950
ord4682
ord4296
ord3163
ord3204
ord1279
ord2478
ord2869
ord755
ord751
ord564
ord562
ord1962
ord5161
ord4966
ord2402
ord5202
ord6269
ord5145
ord1351
ord1345
ord1352
ord2039
ord2077
ord2081
ord1912
ord3987
ord5355
ord3929
ord4198
ord6014
ord1595
ord1651
ord2875
ord4869
ord4868
ord602
ord1929
ord5640
ord2263
ord2075
ord5613
ord4991
ord5717
ord4704
ord758
ord567
ord2204
ord4962
ord1969
ord1564
ord4759
ord2479
ord2477
ord1281
ord3677
ord1729
ord2164
ord6035
ord3596
ord3908
ord1198
ord6180
ord4081
ord6174
ord300
ord3934
ord1187
ord865
ord3997
ord2451
ord4104
ord5491
ord3255
ord1091
ord5713
ord6004
ord2322
ord3694
ord314
ord6754
ord2252

msvcr80

_controlfp_s
_invoke_watson
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
__dllonexit
_encode_pointer
_unlock
_setmbcp
_strupr
memset
_lock
_mbsnicmp
_mbsicmp
_wcslwr
free
malloc
__CxxFrameHandler3
strrchr
_mktime64
strftime
_localtime64_s
_time64
atoi
sprintf
sscanf

kernel32

FileTimeToLocalFileTime
FileTimeToSystemTime
FindFirstFileA
FindNextFileA
FindClose
RemoveDirectoryA
GetModuleHandleA
GetProcAddress
GetDiskFreeSpaceA
GetFileInformationByHandle
CompareFileTime
GetFileAttributesA
MoveFileA
FormatMessageA
LocalFree
GetLastError
ExpandEnvironmentStringsA
GetTempPathA
CreateDirectoryA
GetModuleFileNameA
lstrlenA
CreateFileA
WriteFile
CloseHandle
WideCharToMultiByte
lstrlenW
Sleep
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetPrivateProfileIntA
GetPrivateProfileStringA
SystemTimeToFileTime
GetSystemTime
SetCurrentDirectoryA
GetCurrentDirectoryA
SetFileAttributesA
CopyFileA
MultiByteToWideChar
lstrcpynA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
LoadLibraryA
SetLastError
GetVolumeInformationA
GetDriveTypeA
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
DeleteFileA
InterlockedExchange
GetWindowsDirectoryA

user32

GetCursorPos
InflateRect
IntersectRect
GetUpdateRect
GetWindowLongA
FindWindowA
wsprintfA
SetWindowPos
SetCursor
LoadCursorA
ScreenToClient
KillTimer
SetTimer
IsWindow
EnableWindow
UpdateWindow
PostMessageA
GrayStringA
TranslateAcceleratorA
GetKeyState
GetFocus
IsChild
GetClassNameA
GetParent
GetSystemMetrics
GetSysColor
SetForegroundWindow
GetDesktopWindow
IsWindowVisible
InvalidateRect
GetWindowRect
IsZoomed
PtInRect
SendMessageA
GetClientRect
DispatchMessageA
PeekMessageA
DrawMenuBar
GetMenu
ModifyMenuA
GetSubMenu
GetMenuItemID
GetMenuItemCount
OffsetRect
MsgWaitForMultipleObjects
CopyAcceleratorTableA
CopyRect
MessageBoxA
SetRectEmpty

gdi32

GetStockObject
CreateFontIndirectA
GetObjectA
GetBkColor
CreateSolidBrush
SelectObject
PatBlt
DeleteObject
PlayEnhMetaFile
BitBlt
GetEnhMetaFileBits
SetEnhMetaFileBits
SetWinMetaFileBits
DeleteEnhMetaFile
GetDeviceCaps
CreateBitmap
CreateCompatibleDC
DeleteDC
CreateDIBitmap
StretchBlt
GetWindowExtEx
GetWindowOrgEx
RealizePalette
CreatePalette
CreateCompatibleBitmap

advapi32

RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

shell32

DragAcceptFiles
ShellExecuteExA

ole32

OleSetContainedObject
StgCreateDocfile
OleRun
CoTaskMemFree
OleLockRunning
StgIsStorageFile
OleCreateFromFile
OleLoad
OleSave

oleaut32

VariantClear
SysAllocString

urlmon

CoInternetParseUrl

Sections

.text
Size: 136KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5807083b3120081fad2982f0d6e71bf8

Headers

File Characteristics

Imports

sapstg

winmm

version

mfc80

msvcr80

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

urlmon

Sections

.text Size: 136KB - Virtual size: 132KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 40KB - Virtual size: 40KB

.text
Size: 136KB - Virtual size: 132KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 40KB - Virtual size: 40KB