fa92fff90e522220a72d01d9dd0db6ee_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fa92fff90e522220a72d01d9dd0db6ee_JaffaCakes118
Size

146KB
MD5

fa92fff90e522220a72d01d9dd0db6ee
SHA1

941ee5e044e546e55f715d37a9aed7d44f66e430
SHA256

9bfcd6999e67c3ce30ca9571b8f0771cb1a5f7f962cdc6df724d02ee38c355ad
SHA512

d9a502eedf50694a1b6d6ab82e3d53f9cf1e1a9f50ec9f8138bae51c505415bd80da2f267de3cf9a5b79f98f4c37ef332a3d8950eda0daef183bd4cf33fa0260
SSDEEP

3072:knpjJLJFnCdA6Lar2FhRvPpByYp9/f+q98P82fv2/iWixG63V:OjJn4ByYp59K1m/HiE0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fa92fff90e522220a72d01d9dd0db6ee_JaffaCakes118

Files

fa92fff90e522220a72d01d9dd0db6ee_JaffaCakes118
.exe windows:4 windows x86 arch:x86

624034b046324f9a09f62362a09375c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
RemoveDirectoryA
InterlockedIncrement
GetModuleFileNameA
InterlockedDecrement
CopyFileA
LocalFree
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcpyA
lstrcatA
SetEvent
CloseHandle
WaitForSingleObject
CreateThread
CreateEventA
lstrcpynA
IsDBCSLeadByte
FreeLibrary
LoadLibraryExA
Sleep
GetCurrentThreadId
GetCommandLineA
CreateMutexA
OpenMutexA
SetFilePointer
CreateFileA
UnlockFile
SetEndOfFile
WriteFile
ReadFile
LockFile
GetPrivateProfileIntA
ReleaseMutex
SetLastError
GetTimeFormatA
GetDateFormatA
CreateProcessA
SearchPathA
FormatMessageA
LoadLibraryA
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
ExitProcess
GetStartupInfoA
GetModuleHandleA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
RaiseException
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateDirectoryA
GetTickCount
lstrlenA
lstrcmpiA
lstrlenW
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
InterlockedExchange
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetFileSize

user32

EndPaint
wsprintfA
BeginPaint
DefWindowProcA
DestroyWindow
KillTimer
IsWindow
SetTimer
CharNextA
GetWindowLongA
PostThreadMessageA
DispatchMessageA
GetMessageA
FindWindowA
SetWindowLongA
CreateWindowExA
RegisterClassA
LoadCursorA
LoadStringA

gdi32

SetBkMode
GetTextMetricsA
TextOutA

advapi32

RegOpenKeyExA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
QueryServiceStatus
StartServiceA
RegEnumKeyExA
RegQueryInfoKeyA
RegQueryValueExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA

ole32

GetRunningObjectTable
CreateFileMoniker
OleRun
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoUninitialize
CoInitialize
ProgIDFromCLSID
CoCreateInstance

hpvaut32

ord200
ord202
ord201
ord313
ord277
ord163
ord186
ord161
ord162
ord10
ord9
ord8
ord314
ord149
ord150
ord7
ord6
ord2
ord4

hpvcp70

??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?_Nomemory@std@@YAXXZ

hpvcr70

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_except_handler3
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_callnewh
localtime
time
atoi
__mb_cur_max
_isctype
_pctype
iswctype
_mbschr
calloc
__p__commode
strncat
vsprintf
printf
strchr
atol
_itow
realloc
_mbsnbcpy
_ltoa
_purecall
strcpy
strcat
remove
memset
sprintf
strstr
_wremove
wcsrchr
_itoa
_time64
??0exception@@QAE@ABV0@@Z
_mbsicmp
wcstok
wcscat
wcslen
swprintf
strlen
_localtime64
wcscpy
??3@YAXPAX@Z
__CxxFrameHandler
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memcpy
??_V@YAXPAX@Z
__p__fmode
__set_app_type
__security_error_handler
_controlfp
_ultoa
free
memcmp
_mbsrchr
_mbscmp
_CxxThrowException
malloc

Exports

Exports

?COMWndProc@@YGJPAUHWND__@@IIJ@Z

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

624034b046324f9a09f62362a09375c3

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

hpvaut32

hpvcp70

hpvcr70

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 78KB

.rdata Size: 28KB - Virtual size: 27KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 30KB - Virtual size: 30KB

.text
Size: 80KB - Virtual size: 78KB

.rdata
Size: 28KB - Virtual size: 27KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 30KB - Virtual size: 30KB