dea518f8071853579f9041a7e5cee45d_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dea518f8071853579f9041a7e5cee45d_JaffaCakes118
Size

192KB
MD5

dea518f8071853579f9041a7e5cee45d
SHA1

5a9ea2ce046f535f2764699a0e42ce5a00b81895
SHA256

aed02b0986a67b8daede368ec773a844752d0c3c4e39645a440efcac54538797
SHA512

2b1ec72d84d9d9634b669ef8ad27c63e21e1476892cc46f94ac43b2a5c0180bebf9695052fd30a928fa7e525f669cf023f113cf7046f45d1a58f819f9bcaa20c
SSDEEP

3072:ATXT4HpDSELjK8ohNtrkkumdzlYjLK8044jPTBfxjYjZJQ2rZ:ATXTkQsRKNt9zlYa80TPTBp0jM2F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dea518f8071853579f9041a7e5cee45d_JaffaCakes118

Files

dea518f8071853579f9041a7e5cee45d_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1cf50655c50e81f974d7baf6c40cf8e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Project\InfoScanProject\InfoUpdate\obj\Release\InfoUpdate.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wininet

InternetCloseHandle
InternetAttemptConnect
InternetConnectA
HttpSendRequestExA
HttpEndRequestA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetSetCookieA
HttpSendRequestA
InternetWriteFile
InternetReadFile
HttpQueryInfoA
InternetOpenA
InternetSetOptionA

mfc71

ord4244
ord5152
ord1908
ord5073
ord6275
ord4185
ord3403
ord4722
ord4282
ord1600
ord5960
ord5235
ord5233
ord923
ord928
ord932
ord930
ord934
ord2390
ord2410
ord2394
ord2400
ord2398
ord2396
ord2413
ord2408
ord2392
ord2415
ord2403
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord1964
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2714
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4262
ord3182
ord605
ord745
ord2469
ord746
ord557
ord354
ord4580
ord4541
ord3683
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord1401
ord4568
ord5230
ord5213
ord5566
ord2838
ord4481
ord4261
ord3333
ord757
ord566
ord2248
ord1054
ord3830
ord2272
ord4081
ord1263
ord5491
ord300
ord2271
ord3854
ord5438
ord2131
ord2451
ord308
ord314
ord783
ord1230
ord3684
ord3576
ord5731
ord3204
ord2095
ord1591
ord5915
ord1402
ord4240
ord5214
ord572
ord741
ord6037
ord3401
ord5642
ord5613
ord6172
ord6178
ord4108
ord865
ord908
ord6288
ord2471
ord914
ord6210
ord4055
ord5625
ord2120
ord5089
ord2753
ord2746
ord383
ord2308
ord3094
ord1917
ord2750
ord5877
ord5323
ord2903
ord3787
ord1439
ord6179
ord6173
ord723
ord5403
ord5493
ord2703
ord3201
ord380
ord1003
ord3296
ord531
ord2346
ord5445
ord2274
ord5437
ord1580
ord1465
ord3457
ord379
ord3458
ord384
ord629
ord1467
ord3946
ord1617
ord1620
ord5912
ord1551
ord1670
ord1671
ord2020
ord4890
ord4735
ord4212
ord5182
ord6090
ord2468
ord3934
ord6286
ord5320
ord6297
ord5331
ord304
ord2322
ord3931
ord2748
ord5563
ord5529
ord4109
ord421
ord5111
ord907
ord911
ord3997
ord386
ord2280
ord2288
ord1440
ord631
ord655
ord501
ord347
ord1929
ord602
ord709
ord1794
ord781
ord558
ord784
ord265
ord266
ord3255
ord1903
ord6118
ord2933
ord299
ord2902
ord1489
ord313
ord1486
ord3460
ord3952
ord1123
ord3761
ord1482
ord5175
ord5637
ord1279
ord6065
ord2372
ord4125
ord6067
ord5203
ord1063
ord1280
ord3161
ord1934
ord3210
ord1084
ord762
ord1185
ord1198
ord876
ord764
ord297
ord310
ord578
ord3641
ord581
ord1167
ord1092
ord1209
ord315
ord765
ord3948
ord1207

msvcr71

strncpy
strncmp
rand
_mbsupr
malloc
free
_except_handler3
srand
time
atol
sprintf
_mbsstr
qsort
strtoul
ceil
strstr
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_CxxThrowException
??0exception@@QAE@ABV0@@Z
_vsnprintf
__CxxFrameHandler
_mbstok
memmove
??0exception@@QAE@ABQBD@Z
_splitpath
_setmbcp
_purecall
_utime
_chdir
_access
_errno
mktime
memset
__security_error_handler
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

kernel32

GetSystemDirectoryA
DeleteFileA
CreateDirectoryA
WriteFile
Sleep
GetFileAttributesA
CreateFileA
CloseHandle
GetFileSize
GetVersionExA
OpenMutexA
GetModuleFileNameA
CreateProcessA
GetCommandLineA
GetWindowsDirectoryA
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionA
ReadFile
HeapFree
GetProcessHeap
FormatMessageA
HeapAlloc
GetCurrentDirectoryA
GetDriveTypeA
GetDiskFreeSpaceA
SetVolumeLabelA
MoveFileA
LocalFree
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
InitializeCriticalSection
DeleteCriticalSection
LocalAlloc
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CopyFileA
SetFileAttributesA
CreateThread
GetModuleHandleA
WritePrivateProfileStringA
ReleaseMutex
GetLastError
CreateMutexA
TerminateProcess
GetExitCodeProcess
Process32Next
OpenProcess
GetPrivateProfileStringA
CreateToolhelp32Snapshot
Process32First

user32

LoadBitmapA
SetRect
CharToOemBuffA
OemToCharBuffA
GetParent
UpdateWindow
GetWindowRect
EnumWindows
GetWindowTextA
SendMessageTimeoutA
MessageBoxA
EnableWindow
GetSystemMetrics
FindWindowA
KillTimer
SetTimer
InvalidateRect
GetClientRect
IsIconic
PostMessageA
SendMessageA
DrawIcon
GetClassInfoA
LoadIconA
RegisterClassA
SystemParametersInfoA

gdi32

BitBlt
PatBlt
CreateCompatibleDC
GetStockObject
CreateFontA
GetObjectA
CreateCompatibleBitmap

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

comctl32

ord17

ole32

CoCreateGuid
StringFromGUID2

msvcp71

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

sensapi

IsNetworkAlive

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cf50655c50e81f974d7baf6c40cf8e8

Headers

File Characteristics

PDB Paths

Imports

version

wininet

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

comctl32

ole32

msvcp71

sensapi

iphlpapi

Sections

.text Size: 128KB - Virtual size: 126KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 320KB - Virtual size: 319KB

.text
Size: 128KB - Virtual size: 126KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 320KB - Virtual size: 319KB