f9c02e48b7bd4d4573fa7f4836d8cb5a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f9c02e48b7bd4d4573fa7f4836d8cb5a_JaffaCakes118
Size

836KB
MD5

f9c02e48b7bd4d4573fa7f4836d8cb5a
SHA1

4c3d45cb827f89cea7a5dabfe99b876a7f2182aa
SHA256

90f290f5746ccd0565ed1c4dac863f49f5c8bcf5646cfd8ccc6a46c7763a25eb
SHA512

5f701ddb606276e1a7a63cbb67269b7f7768caae129d802a58f4748bf45bb7dfe26a53795903bf80cadba9f3ca9bbca27431f28a630508576aa6d4f1190bfa35
SSDEEP

12288:r6m5yhV+Phor2mCwv0wPvzWp0EoYjdu35Z81:r6m5yjCaXv0wPKp7oYjdim

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f9c02e48b7bd4d4573fa7f4836d8cb5a_JaffaCakes118

Files

f9c02e48b7bd4d4573fa7f4836d8cb5a_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2ea2086fb6a2f01d005b9a47a4cd5b6d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetSetCookieA
InternetGetCookieA

shfolder

SHGetFolderPathA

kernel32

OutputDebugStringA
lstrlenW
lstrcpyW
LeaveCriticalSection
GetLastError
EnterCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
GetPrivateProfileSectionNamesA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetFileSize
SetFilePointer
GlobalLock
GlobalUnlock
MulDiv
GlobalFree
ResumeThread
GlobalAlloc
FreeResource
CreateWaitableTimerA
SetWaitableTimer
WaitForMultipleObjects
SetEvent
ResetEvent
GetEnvironmentStrings
ExpandEnvironmentStringsA
WritePrivateProfileStringA
LocalAlloc
lstrcmpiA
GetSystemTime
SystemTimeToTzSpecificLocalTime
GetModuleFileNameA
SetLastError
FileTimeToLocalFileTime
FileTimeToSystemTime
SearchPathA
CreateProcessA
GetTempPathA
CreateDirectoryA
CopyFileA
SetFileAttributesA
RemoveDirectoryA
Sleep
GetComputerNameA
lstrcatA
GetWindowsDirectoryA
TerminateProcess
CreateMutexA
SetCurrentDirectoryA
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
IsDBCSLeadByte
lstrcpynA
LoadLibraryExA
MultiByteToWideChar
FormatMessageA
GetStartupInfoA
HeapSize
HeapDestroy
OpenProcess
GetFileInformationByHandle
GetFileType
SystemTimeToFileTime
UnmapViewOfFile
FileTimeToDosDateTime
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
FindResourceA
LocalFree
SizeofResource
LockResource
LoadResource
FindResourceExA
lstrcpyA
lstrlenA
lstrcmpA
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
VirtualFree
DeleteFileA
CreateFileA
GetTimeZoneInformation
GetLocalTime
GetTickCount
WideCharToMultiByte
GetOverlappedResult
WriteFile
ReadFile
CreateThread
RaiseException
GetModuleHandleA
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA

user32

GetWindowTextA
GetDC
GetDesktopWindow
SendMessageA
BringWindowToTop
ShowWindow
SetWindowPos
CreateWindowExA
MoveWindow
SetWindowLongA
RegisterHotKey
LoadCursorA
InvalidateRect
SetCursor
GetClientRect
IsWindow
GetSystemMetrics
GetClassInfoExA
GetClassLongA
GetSysColor
ReleaseDC
GetWindowDC
LoadMenuA
SetRect
GetWindowLongA
CopyRect
FillRect
EnableWindow
GetSystemMenu
EnableMenuItem
EnumChildWindows
SetWindowRgn
ClientToScreen
CallWindowProcA
GetDlgItem
GetWindowTextLengthA
GetActiveWindow
SetWindowTextA
wsprintfA
RedrawWindow
DestroyWindow
MapWindowPoints
SetDlgItemTextA
GetWindow
SystemParametersInfoA
GetParent
LoadImageA
GetWindowRect
RegisterClassExA
UnregisterClassA
DialogBoxParamA
EndDialog
InflateRect
OffsetRect
GetFocus
DrawFrameControl
GetDlgItemTextA
GetGUIThreadInfo
GetAncestor
FindWindowA
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
LoadBitmapA
CharNextA
DefWindowProcA
DrawFocusRect
GetScrollInfo
IsWindowEnabled
GetSubMenu
IsMenu
DrawTextA
PtInRect
TrackPopupMenu
ScreenToClient
GetCursorPos
IntersectRect
IsRectEmpty
EndPaint
BeginPaint
PostMessageA
ReleaseCapture
KillTimer
SetTimer
SetCapture
SetFocus
DestroyMenu
GetCapture

gdi32

GetTextExtentPoint32A
LineTo
MoveToEx
SelectObject
GetObjectA
CreateFontA
CreateCompatibleDC
ExtTextOutA
CreateCompatibleBitmap
SetStretchBltMode
StretchBlt
CreateRoundRectRgn
RoundRect
ExcludeClipRect
CreateRectRgnIndirect
SetPixel
GetPixel
SaveDC
RestoreDC
GetDeviceCaps
BitBlt
CreateDIBSection
CreateFontIndirectA
CreateSolidBrush
CreatePen
CombineRgn
GetStockObject
DeleteObject
SetBkMode
SetTextColor
Rectangle
DeleteDC
GetDIBits
SetBkColor

shell32

SHGetSpecialFolderPathA
ShellExecuteExA
ShellExecuteA

ole32

CoTaskMemFree
CreateStreamOnHGlobal
CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoTaskMemRealloc

oleaut32

VarUI4FromStr
OleLoadPicture

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shlwapi

PathAppendA
PathRemoveBackslashA
PathFindFileNameA
PathStripPathA
PathFileExistsA

comctl32

ImageList_GetIconSize
ImageList_DrawEx
_TrackMouseEvent
ord17
ImageList_GetImageCount
ImageList_AddMasked
ImageList_Add
ImageList_Create
ImageList_Draw

ws2_32

recv
setsockopt
WSAResetEvent
WSARecv
WSAGetOverlappedResult
WSASend
WSASetEvent
closesocket
WSACloseEvent
htons
getservbyname
inet_addr
htonl
send
gethostbyname
getservbyport
ntohs
gethostbyaddr
WSASocketA
WSACreateEvent
WSAEventSelect
WSAConnect
WSAEnumNetworkEvents
WSAGetLastError
shutdown
WSAStartup
WSACleanup
gethostname
WSASetLastError
bind
connect
socket
ntohl
inet_ntoa

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Nomemory@std@@YAXXZ

msvcr71

__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_tzset
_callnewh
memset
sscanf
_local_unwind2
_stricmp
mktime
_CxxThrowException
__CxxFrameHandler
_except_handler3
_errno
strtol
toupper
_strlwr
_ultoa
_mbsncmp
__p___argv
__p___argc
_mbsrchr
fputs
fprintf
_resetstkoflw
_adjust_fdiv
_beginthreadex
_mbsicmp
_mbscmp
??0exception@@QAE@ABV0@@Z
_mbslwr
_mbscspn
_mbsspn
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_purecall
strtoul
_mbsnbcpy
strncmp
isspace
atoi
sprintf
calloc
strncpy
strchr
_itoa
vsprintf
_vscprintf
free
realloc
malloc
_mbsstr
_splitpath
_snprintf
rand
fclose
fwrite
fopen
_ismbcspace
_mbsinc
_mbschr
??_V@YAXPAX@Z
??3@YAXPAX@Z
memmove
__p__commode
__p__fmode
__set_app_type
__security_error_handler
_localtime64
printf
_controlfp

mfc71

ord297
ord578
ord5715
ord1185
ord6006
ord911
ord310
ord5493
ord3198
ord784
ord380
ord876
ord2322
ord781
ord746
ord1170
ord1489
ord2902
ord912
ord6118
ord299
ord2933
ord1482
ord3255
ord2346
ord1580
ord304
ord907
ord3997
ord5563
ord3934
ord4085
ord4108
ord1005
ord4109
ord2271
ord558
ord2272
ord1486
ord5331
ord6297
ord5320
ord6286
ord2469
ord2131
ord557
ord745
ord2275

Sections

.text
Size: 236KB - Virtual size: 233KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 548KB - Virtual size: 544KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ea2086fb6a2f01d005b9a47a4cd5b6d

Headers

File Characteristics

Imports

wininet

shfolder

kernel32

user32

gdi32

shell32

ole32

oleaut32

version

shlwapi

comctl32

ws2_32

msvcp71

msvcr71

mfc71

Sections

.text Size: 236KB - Virtual size: 233KB

.rdata Size: 44KB - Virtual size: 41KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 548KB - Virtual size: 544KB

.text
Size: 236KB - Virtual size: 233KB

.rdata
Size: 44KB - Virtual size: 41KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 548KB - Virtual size: 544KB