df3fea7fb26883c22d6a9abe2f6fd32a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

df3fea7fb26883c22d6a9abe2f6fd32a_JaffaCakes118
Size

16.2MB
MD5

df3fea7fb26883c22d6a9abe2f6fd32a
SHA1

24ad4e41c010211a1de1f26734df174faa1e9fe9
SHA256

15c99d835c65c1c4b1298a88785fc17ad38f2c95a3f9de17e7bcd18a163b0805
SHA512

5fcf362ce02d9985dded51299176b9caa4fc2aade3fbe2f1d9225ad9df781e0b3bee20b045aa16385bacc5d0638377e2d4c7260efcf3956ef6c72bebf3c7cc45
SSDEEP

98304:xNmJx1oWepj32gnsoQqO77DaaqVV7nuEsxCxH5JY5jfc/WVzoVLkea5u+pYNNHmO:GJxOpjbjnThzifcDIea3HDQj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
df3fea7fb26883c22d6a9abe2f6fd32a_JaffaCakes118

Files

df3fea7fb26883c22d6a9abe2f6fd32a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

ff88bef92bb89ad45cd7099eedd4189d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6877
ord2915
ord5863
ord6008
ord3287
ord3303
ord6453
ord5572
ord1105
ord2754
ord2380
ord2652
ord1669
ord6385
ord3318
ord616
ord922
ord2393
ord6402
ord3521
ord6880
ord6907
ord3811
ord3996
ord3567
ord602
ord2575
ord4396
ord3574
ord609
ord4278
ord2860
ord5890
ord2937
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord1768
ord3706
ord6876
ord6197
ord6380
ord1200
ord4275
ord3742
ord6442
ord1233
ord4219
ord2581
ord4401
ord3639
ord2576
ord3352
ord4644
ord1771
ord6366
ord2413
ord2024
ord4217
ord4397
ord3577
ord692
ord4225
ord3803
ord665
ord1979
ord5773
ord5442
ord353
ord4123
ord668
ord1980
ord5186
ord354
ord3178
ord4058
ord2781
ord2770
ord356
ord4673
ord4274
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord3616
ord5651
ord3126
ord3613
ord3337
ord3127
ord350
ord4202
ord6927
ord2621
ord1247
ord6438
ord1134
ord765
ord6111
ord773
ord501
ord5600
ord1083
ord5607
ord5861
ord3698
ord809
ord556
ord1088
ord2122
ord3797
ord6358
ord926
ord5856
ord6930
ord4220
ord2584
ord3654
ord2438
ord6270
ord1644
ord5440
ord6383
ord5450
ord6394
ord2841
ord2078
ord5148
ord2107
ord3398
ord3733
ord810
ord4271
ord3914
ord5873
ord3296
ord2089
ord2135
ord812
ord5862
ord559
ord3693
ord5788
ord5787
ord536
ord3181
ord6883
ord6743
ord2298
ord2363
ord2289
ord6663
ord1834
ord4750
ord4608
ord5016
ord4375
ord4852
ord4834
ord4229
ord2645
ord2116
ord4287
ord3907
ord3200
ord3177
ord2299
ord4133
ord4297
ord1232
ord472
ord6379
ord4480
ord3324
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord1949
ord4034
ord1576
ord2097
ord2096
ord2862
ord3297
ord568
ord790
ord819
ord3716
ord6905
ord6929
ord541
ord801
ord2820
ord940
ord3998
ord6007
ord3286
ord384
ord795
ord693
ord686
ord3640
ord3370
ord4402
ord2582
ord3721
ord6283
ord6403
ord5265
ord3522
ord3317
ord2642
ord6515
ord1168
ord2859
ord470
ord5789
ord6172
ord755
ord3619
ord5875
ord5683
ord2301
ord4204
ord5710
ord2763
ord3573
ord5981
ord4476
ord3089
ord283
ord2379
ord6199
ord3061
ord537
ord4129
ord939
ord6282
ord2764
ord4277
ord2864
ord941
ord3876
ord6134
ord6136
ord924
ord3874
ord2362
ord2294
ord567
ord818
ord656
ord793
ord781
ord3708
ord4424
ord3402
ord5290
ord1776
ord6055
ord3719
ord3610
ord6215
ord355
ord2515
ord3499
ord1640
ord1146
ord1641
ord5785
ord2405
ord2414
ord3571
ord3626
ord3663
ord3092
ord2614
ord6334
ord2302
ord2370
ord4853
ord4376
ord535
ord2818
ord800
ord858
ord823
ord2086
ord4299
ord540
ord323
ord860
ord640
ord1175
ord4809
ord4234
ord825
ord324
ord641
ord3597
ord4425
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord5280
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4710
ord4998
ord1193

msvcrt

strncpy
__CxxFrameHandler
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_controlfp
_mbscmp
_access
??0exception@@QAE@ABV0@@Z
_ftol
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
sprintf
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
vsprintf
_mbsicmp
_acmdln
_cexit
_XcptFilter
_exit
_c_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
exit
fopen
fread
fclose
atoi
_except_handler3
malloc
_mbsstr
strstr
atol
_unlink
printf
free
_strdup
sscanf
fwrite
rand
srand
time
fseek
_stat
vfprintf
fprintf
_setmbcp

kernel32

DeviceIoControl
GetFileAttributesExA
CreateFileA
GetVolumeInformationA
GlobalAlloc
GlobalLock
GlobalUnlock
FindResourceA
LoadResource
SizeofResource
MulDiv
FindFirstFileA
FindNextFileA
FindClose
lstrcatA
lstrlenA
GetWindowsDirectoryA
LoadLibraryA
GetTempFileNameA
WriteFile
VirtualQuery
GetVersion
SetFilePointer
SetErrorMode
SetUnhandledExceptionFilter
GetCurrentProcess
FormatMessageA
CreateToolhelp32Snapshot
Process32First
Process32Next
WinExec
FreeLibrary
GetCurrentDirectoryA
SetCurrentDirectoryA
GetProcAddress
CreateProcessA
CreateMutexA
GetLastError
CloseHandle
GetModuleFileNameA
WaitForSingleObject
GetTickCount
GetDriveTypeA
SetThreadExecutionState
CreateDirectoryA
MoveFileA
GetVersionExA
ResumeThread
TerminateThread
GetTempPathA
CopyFileA
Sleep
RemoveDirectoryA
DeleteFileA
GetFileAttributesA
GetSystemDirectoryA
lstrcmpiA
GlobalMemoryStatus
GetCurrentProcessId
GetCurrentThreadId
GetStartupInfoA
GetModuleHandleA
GlobalFree
GetDiskFreeSpaceExA
lstrcpyA

user32

SetTimer
ClientToScreen
SetCursor
LoadCursorA
ScreenToClient
GetCursorPos
InflateRect
PeekMessageA
DispatchMessageA
EnumChildWindows
IsWindow
SetWindowLongA
GetWindowLongA
DrawIcon
GetSystemMetrics
IsIconic
IsRectEmpty
GetDC
MessageBoxA
GetSysColor
MessageBeep
RedrawWindow
CopyIcon
CheckMenuItem
AppendMenuA
CreatePopupMenu
GetDesktopWindow
LoadImageA
PostMessageA
SendMessageA
TranslateMessage
KillTimer
InvalidateRect
IsWindowVisible
CopyRect
LoadIconA
GetParent
PtInRect
LoadBitmapA
GetClientRect
RegisterWindowMessageA
EnableWindow
GetWindowRect
GetClassNameA
GetWindow
ReleaseCapture
SetCapture
UpdateWindow
SetWindowRgn
BringWindowToTop
ShowWindow
DrawTextA
GetWindowTextA
SetRectEmpty
OffsetRect
MessageBoxExA
FillRect
ExitWindowsEx
wsprintfA
CallWindowProcA
GetDlgItem
DefWindowProcA
DestroyWindow
FindWindowA
TabbedTextOutA
GrayStringA
SetWindowPos
RegisterClassExA
CreateWindowExA
UnregisterClassA
ReleaseDC

gdi32

Pie
CreatePen
CreateSolidBrush
SelectObject
RoundRect
CreateCompatibleBitmap
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetDeviceCaps
CreateDIBSection
StretchBlt
CreateRoundRectRgn
CreateRectRgn
GetPixel
CombineRgn
GetObjectA
DeleteObject
Rectangle
CreatePatternBrush
GetTextCharset
CreateFontIndirectA
GetStockObject
CreateBitmap
DeleteDC
GetTextExtentPoint32A
CreateCompatibleDC
CreatePolygonRgn
BitBlt

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
Shell_NotifyIconA

comctl32

_TrackMouseEvent
ImageList_AddMasked

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoInitialize
CoUninitialize
OleInitialize

olepro32

ord251

gdiplus

GdiplusStartup
GdiplusShutdown
GdipGetImageWidth
GdipDeleteGraphics
GdipDrawImageRectI
GdipSetSmoothingMode
GdipCreateFromHDC
GdipDisposeImage
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipDeletePen
GdipDrawLineI
GdipCreatePen1
GdipCloneImage
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipGetImageHeight

msvcp60

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0out_of_range@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1logic_error@std@@UAE@XZ
??_7out_of_range@std@@6B@
??_7logic_error@std@@6B@
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

recdvd

ord22
?GetString@CIniFile@@QAE?AVCString@@V2@00@Z
?SetFileName@CIniFile@@QAEXVCString@@@Z
??1CIniFile@@UAE@XZ
??0CIniFile@@QAE@XZ
ord7
ord9
ord10
ord30
ord25
ord27
ord19
ord18
ord29
ord26
ord8
ord13
ord3
ord28
ord6
ord2
ord4
ord20
ord16
ord1
ord11
ord12
?SaveParams@CEvn_param@@QAEHXZ

readcore

ord99
ord100
?g_dprintf@CDvdFile@@2P6AXHHPAX@ZA
ord11
ord8
ord12
??0CDvdFile@@QAE@XZ
??1CDvdFile@@UAE@XZ
?Seek@CDvdFile@@QAEKJH@Z
?Read@CDvdFile@@QAEKPAEK@Z
?GetPosition@CDvdFile@@QAEKXZ
?GetLength@CDvdFile@@QAEKXZ
?Open@CDvdFile@@QAEHPBDKK@Z
?OpenTitle@CDvdFile@@QAEHPBDKK@Z
ord9
ord13
ord14
ord7
ord16
?Close@CDvdFile@@QAEHXZ

vplaydll

ord3
ord8
ord5
ord10
ord11
ord12
ord2
ord4
ord6
ord7

hrburnapi

?GetWriteSpeed@CHRBurnApi@@QAEGXZ
?GetWriteSpeedList@CHRBurnApi@@QAEHQAGH@Z
?SetWriteSpeed@CHRBurnApi@@QAEHG@Z
?LoadMeida@CHRBurnApi@@QAEHH@Z
?UnloadMedia@CHRBurnApi@@QAEHH@Z
?BurnDvdVideoCatalog@CHRBurnApi@@QAEHPBD0@Z
?BurnIsoImage@CHRBurnApi@@QAEHPBD@Z
?BurnBDVideoCatalog@CHRBurnApi@@QAEHPBD0@Z
?GetCurDevice@CHRBurnApi@@QAE?AUtagCdromDevice@@XZ
?PrepareDisc@CHRBurnApi@@QAEHHKHPADPAUHWND__@@00000HPAUHICON__@@2H@Z
?BuildIsoImageFromCatalog@CHRBurnApi@@QAEHPBD00HH@Z
?SetCurDeviceByLetter@CHRBurnApi@@QAEHD@Z
?GrabCDDisc@CHRBurnApi@@QAEHPBDHHH@Z
?SetCurDevice@CHRBurnApi@@QAEHAAUtagCdromDevice@@@Z
?EnumCdroms@CHRBurnApi@@QAEHPAXI@Z
?PauseWatchThread@CHRBurnApi@@QAEHH@Z
?EnableWatchThread@CHRBurnApi@@QAEHH@Z
?InitialApi@CHRBurnApi@@QAEHPBDHPAXH@Z
?ExitApi@CHRBurnApi@@QAEHXZ
??1CHRBurnApi@@UAE@XZ
??0CHRBurnApi@@QAE@XZ
?IsHdBdDrive@CHRBurnApi@@QAEHD@Z
?GetRreparedBurner@CHRBurnApi@@QAEHH@Z
?SetCurDevice@CHRBurnApi@@QAEHH@Z

bmenu

ord6

reczip

ord2

winmm

sndPlaySoundA

wininet

InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetGetConnectedState
InternetOpenA
InternetConnectA
InternetReadFile
HttpQueryInfoA

ws2_32

WSACleanup
closesocket
recv
send
connect
htons
gethostbyname
socket
WSAStartup
gethostname
inet_ntoa

Sections

.text
Size: 344KB - Virtual size: 342KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15.7MB - Virtual size: 15.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff88bef92bb89ad45cd7099eedd4189d

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

gdiplus

msvcp60

recdvd

readcore

vplaydll

hrburnapi

bmenu

reczip

winmm

wininet

ws2_32

Sections

.text Size: 344KB - Virtual size: 342KB

.rdata Size: 84KB - Virtual size: 81KB

.data Size: 12KB - Virtual size: 25KB

.rsrc Size: 15.7MB - Virtual size: 15.7MB

.text
Size: 344KB - Virtual size: 342KB

.rdata
Size: 84KB - Virtual size: 81KB

.data
Size: 12KB - Virtual size: 25KB

.rsrc
Size: 15.7MB - Virtual size: 15.7MB