eae579dd1d39c1baf465f2cb071abc0e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eae579dd1d39c1baf465f2cb071abc0e_JaffaCakes118
Size

627KB
MD5

eae579dd1d39c1baf465f2cb071abc0e
SHA1

2b4ea1ac9ec593b118e3bb8bb4301c203fb5d856
SHA256

65d6a1b6ae8987d3fcce38c8ebc74e591dcf31dd935a3cba5cd631ed98fe8400
SHA512

d3f9d17da0e6c628604535f2ed7f7dad862196b95bd8133ffd050234dd72294b2198314ef53a65c5d580132d8b1d1f7848d6209ae8ea91e6f5ab6c172f2150e9
SSDEEP

12288:F+PuQ8cuCcuSq8qmpplpGoGL3etQoMiXM8gxf/Sj4yx0w:JVVBH563ey8gZqj4yr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
eae579dd1d39c1baf465f2cb071abc0e_JaffaCakes118

Files

eae579dd1d39c1baf465f2cb071abc0e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9cb93fb500a28cb4764cd4e5c3b4039c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetGetConnectedState

iphlpapi

GetAdaptersInfo

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreateSequential

mfc42

ord924
ord663
ord1105
ord348
ord926
ord2141
ord434
ord350
ord6283
ord433
ord6877
ord4160
ord465
ord2464
ord1572
ord2764
ord4278
ord6663
ord6929
ord1656
ord539
ord844
ord466
ord6930
ord6928
ord3237
ord1205
ord1799
ord614
ord2625
ord2623
ord290
ord4226
ord2486
ord1106
ord5710
ord4202
ord1158
ord2614
ord536
ord3610
ord3721
ord2582
ord4402
ord3370
ord3640
ord5265
ord4376
ord4853
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord656
ord693
ord795
ord641
ord1146
ord326
ord4234
ord2642
ord6215
ord4204
ord6199
ord3996
ord2078
ord6442
ord2116
ord4710
ord2645
ord3873
ord3874
ord353
ord2820
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord5715
ord817
ord565
ord3957
ord2726
ord6880
ord5297
ord3698
ord765
ord2108
ord1138
ord2463
ord690
ord1988
ord5354
ord5355
ord5356
ord5207
ord389
ord1651
ord940
ord1199
ord4033
ord6662
ord4129
ord818
ord3072
ord6874
ord4220
ord2584
ord3654
ord715
ord415
ord2438
ord755
ord470
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord1768
ord5785
ord5802
ord1644
ord1081
ord3097
ord3092
ord3089
ord2841
ord5953
ord3797
ord3803
ord2107
ord5450
ord5440
ord6383
ord6394
ord692
ord616
ord404
ord6282
ord4203
ord4277
ord2763
ord355
ord6779
ord5856
ord5683
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord4698
ord5714
ord3738
ord815
ord561
ord2454
ord2621
ord1247
ord1134
ord1151
ord1193
ord2725
ord1248
ord1832
ord1871
ord6453
ord2170
ord4224
ord5575
ord3613
ord3126
ord5651
ord3676
ord3130
ord859
ord3579
ord4622
ord3811
ord3337
ord551
ord2915
ord5572
ord922
ord535
ord858
ord2864
ord2379
ord2859
ord4299
ord4275
ord2414
ord3626
ord3663
ord567
ord1641
ord609
ord3574
ord4424
ord5261
ord4441
ord5290
ord5241
ord4396
ord4078
ord3619
ord3402
ord2575
ord6374
ord4413
ord2393
ord4436
ord5252
ord4242
ord825
ord366
ord1168
ord674
ord4427
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4837
ord3798
ord1665
ord2649
ord5282
ord4353
ord5163
ord2385
ord5237
ord4407
ord1776
ord4077
ord6055
ord4151
ord2878
ord2879
ord3403
ord5472
ord975
ord5012
ord3350
ord4303
ord4467
ord5103
ord5100
ord3059
ord2390
ord2723
ord1842
ord823
ord537
ord2818
ord941
ord939
ord540
ord860
ord800
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
??1type_info@@UAE@XZ
free
_strdup
strrchr
strtoul
floor
ceil
_CIpow
strtol
clearerr
fgets
_fsopen
atof
toupper
isdigit
strncmp
_getpid
sprintf
isspace
_purecall
_mbsicmp
strstr
atol
_ftol
_CxxThrowException
strchr
atoi
fopen
fread
ftell
fseek
fwrite
fflush
fclose
strncpy
_mbscmp
__CxxFrameHandler
wcslen
_stricmp
_strnicmp
_strlwr
_setmbcp
_controlfp

kernel32

SizeofResource
FindClose
lstrcmpiA
GlobalSize
lstrlenA
CreateProcessA
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentDirectoryA
GetTempPathA
GetCurrentProcess
DuplicateHandle
TerminateThread
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CreateMutexA
ReleaseMutex
GetExitCodeThread
ResumeThread
GetLastError
FormatMessageA
lstrcpynA
WriteFile
FlushFileBuffers
InterlockedDecrement
GetTickCount
WaitForMultipleObjects
Sleep
OpenEventA
LocalFree
ResetEvent
WaitForSingleObject
GetCurrentProcessId
FindResourceA
LoadResource
LockResource
CopyFileA
DeleteFileA
GetComputerNameA
SystemTimeToFileTime
SetFileTime
CreateDirectoryA
Beep
CreateEventA
SetEvent
lstrcpyA
lstrcatA
CreateFileA
DeviceIoControl
CloseHandle
FindFirstFileA
FindNextFileA
GetSystemTime
RemoveDirectoryA
SetCurrentDirectoryA
GetFileAttributesA
lstrcmpA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetLocalTime
ReadFile
GetLongPathNameA
GetModuleFileNameA
GetVersionExA
GetProcAddress
SetFileAttributesA
GetTempFileNameA
GetFileTime
EnumResourceNamesA
GetVolumeInformationA
GetDefaultCommConfigA
SetCommState
EscapeCommFunction
GetCommModemStatus
PurgeComm
SetupComm
SetCommTimeouts
GetCommTimeouts
BuildCommDCBA
GetStartupInfoA
MoveFileA
GetFileAttributesExA
FileTimeToSystemTime
WideCharToMultiByte
GetModuleHandleA
FileTimeToLocalFileTime

user32

GetWindow
SetFocus
GetLastActivePopup
ShowWindow
IsWindowVisible
WaitForInputIdle
FindWindowA
GetSubMenu
GetMenuItemID
GetMenuStringA
GetMenuItemCount
GetMenu
GetKeyState
GetClipboardData
CloseClipboard
IsClipboardFormatAvailable
OpenClipboard
DrawIcon
GetSystemMetrics
SetTimer
SetActiveWindow
SetWindowLongA
SetMenu
CreateMenu
AppendMenuA
KillTimer
EnableMenuItem
DdeFreeStringHandle
CheckMenuItem
GetMenuState
GetAncestor
SetWindowTextA
GetWindowThreadProcessId
IsChild
GetClassNameA
DispatchMessageA
EmptyClipboard
RegisterWindowMessageA
RegisterClassA
SystemParametersInfoA
UnregisterClassA
GetDesktopWindow
SetForegroundWindow
TrackPopupMenu
PostMessageA
PostQuitMessage
UnregisterHotKey
MapVirtualKeyA
SendInput
RegisterHotKey
LoadImageA
IsWindow
DdeAccessData
DdeUnaccessData
DdeGetLastError
DdeClientTransaction
DdeFreeDataHandle
DdeReconnect
DdeInitializeA
DdeDisconnect
DdeUninitialize
DestroyMenu
CreatePopupMenu
InsertMenuItemA
SendMessageTimeoutA
GetWindowTextA
EnumWindows
GetDlgItem
MessageBoxA
EnumChildWindows
IsZoomed
IsIconic
GetWindowRect
LoadIconA
SendMessageA
PostThreadMessageA
PeekMessageA
GetWindowLongA
GetDlgCtrlID
BeginPaint
GetClientRect
EndPaint
TrackMouseEvent
DefWindowProcA
SetClipboardData
MsgWaitForMultipleObjects
DdeCreateStringHandleA
GetGUIThreadInfo
DdeConnect
EnableWindow
GetParent
ScreenToClient
SetCursor
GetDC
ReleaseDC
LoadCursorA
UpdateWindow
GetCursorPos

gdi32

TextOutA
SelectObject
GetTextExtentPoint32A
GetObjectA
SetMapMode
SetTextColor
CreateFontA

winspool.drv

ClosePrinter
EnumPrintersA
ord201
StartPagePrinter
StartDocPrinterA
OpenPrinterA
EndDocPrinter
EndPagePrinter
WritePrinter

advapi32

RegCreateKeyExA
RegCloseKey
GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA

shell32

SHBrowseForFolderA
SHGetFolderPathA
Shell_NotifyIconA
SHGetFolderLocation
SHGetMalloc
ShellExecuteExA
SHGetPathFromIDListA
ShellExecuteA

ole32

CLSIDFromString
CLSIDFromProgID
OleRun
IIDFromString
CoCreateInstance
CreateStreamOnHGlobal

olepro32

ord251

oleaut32

VariantClear
GetErrorInfo
SysAllocString
SysFreeString

odbc32

ord18
ord23
ord8
ord27
ord13
ord43
ord61
ord10
ord11
ord72
ord16
ord26
ord31
ord7
ord41
ord75
ord24
ord9
ord20

Sections

.text
Size: 219KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 351KB - Virtual size: 351KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cb93fb500a28cb4764cd4e5c3b4039c

Headers

DLL Characteristics

File Characteristics

Imports

wininet

iphlpapi

version

rpcrt4

mfc42

msvcrt

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

olepro32

oleaut32

odbc32

Sections

.text Size: 219KB - Virtual size: 219KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 16KB - Virtual size: 18KB

.rsrc Size: 351KB - Virtual size: 351KB

.text
Size: 219KB - Virtual size: 219KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 16KB - Virtual size: 18KB

.rsrc
Size: 351KB - Virtual size: 351KB