fed269fa824d0e19e257a21c4594bea1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fed269fa824d0e19e257a21c4594bea1_JaffaCakes118
Size

900KB
MD5

fed269fa824d0e19e257a21c4594bea1
SHA1

9caa929ef8722c213c26df3433860eb1d32344e7
SHA256

f5ce682c1cf3bd1df4d57c38ea0b18306157c67004841b55e22fa4ffb0dfe518
SHA512

6b441197208f5f8e4049fc96a498d157e8634a82ef5558b5de14d39b39518d4651aba336c2842f7d49d07304654d31a3fb9b7b23a37cb6f2564423a52a847b72
SSDEEP

24576:3NE2FqrU2C/hEIP7G1K/9Vdsztsy/Ib4y:mm5VUy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fed269fa824d0e19e257a21c4594bea1_JaffaCakes118

Files

fed269fa824d0e19e257a21c4594bea1_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

91b3f26723e3271538b3a92b09dd0da9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord2414
ord2405
ord5053
ord3693
ord3626
ord3573
ord3571
ord1641
ord1640
ord5785
ord2864
ord2379
ord2575
ord3402
ord567
ord6569
ord1085
ord5265
ord4376
ord4998
ord2514
ord6052
ord1775
ord4407
ord5280
ord4425
ord3597
ord542
ord641
ord795
ord802
ord2642
ord3092
ord4055
ord5981
ord1779
ord6199
ord6241
ord4853
ord5601
ord5597
ord5823
ord3664
ord415
ord715
ord268
ord1567
ord1081
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord4622
ord3670
ord815
ord2724
ord3952
ord561
ord1247
ord6354
ord1216
ord6467
ord1227
ord1168
ord1200
ord1877
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord1226
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord289
ord4780
ord4649
ord1776
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord5825
ord698
ord723
ord3946
ord396
ord423
ord2541
ord4949
ord324
ord6030
ord4187
ord911
ord5592
ord939
ord5630
ord5605
ord3437
ord6143
ord4459
ord4502
ord4129
ord2860
ord941
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord4713
ord6371
ord5286
ord4438
ord3279
ord4625
ord449
ord746
ord2278
ord4243
ord3302
ord3293
ord3797
ord755
ord2971
ord470
ord4284
ord4402
ord3640
ord693
ord2438
ord6270
ord6905
ord5604
ord3984
ord3910
ord2080
ord2089
ord3301
ord4694
ord5148
ord3610
ord656
ord3089
ord4809
ord816
ord6605
ord5789
ord562
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord1086
ord4220
ord2584
ord3654
ord1644
ord4299
ord2582
ord3370
ord2862
ord4234
ord5710
ord4710
ord326
ord325
ord6197
ord2116
ord2714
ord6215
ord3721
ord521
ord518
ord6307
ord4167
ord5583
ord1132
ord4078
ord6055
ord3337
ord912
ord6883
ord5861
ord5859
ord3663
ord6141
ord6880
ord613
ord2122
ord2452
ord2450
ord4160
ord1088
ord6358
ord2385
ord5290
ord5277
ord2859
ord5875
ord283
ord2567
ord472
ord5788
ord4297
ord4133
ord3874
ord2614
ord1146
ord4275
ord556
ord323
ord609
ord809
ord640
ord3574
ord4424
ord4627
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord5163
ord5241
ord4354
ord4396
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord713
ord2233
ord537
ord3811
ord2818
ord535
ord5593
ord699
ord397
ord5631
ord414
ord3662
ord5821
ord4188
ord801
ord541
ord3726
ord5829
ord3438
ord1871
ord860
ord823
ord825
ord540
ord858
ord4637
ord800
ord1131

msvcrt

strcmp
?terminate@@YAXXZ
_except_handler3
memmove
fscanf
strtod
ctime
_mktemp
_getpid
_getcwd
__CxxFrameHandler
fwrite
fread
fclose
fopen
rewind
fprintf
atoi
_mbscmp
memset
strpbrk
strcpy
strlen
isdigit
strtok
memcpy
memcmp
sprintf
getenv
vsprintf
abs
_ftol
strstr
sqrt
strncpy
printf
_purecall
time
_filelength
??1type_info@@UAE@XZ
__dllonexit
_onexit
free
_initterm
malloc
_adjust_fdiv
ftell
_access
putc
fputc
_mkdir
qsort
toupper
mktime
_findfirst
_findnext
_stat
_findclose
__p__environ
srand
rand
strtol
fseek
clearerr
fgetc
ungetc
_beginthread
_endthread
_putenv
_sys_nerr
_sys_errlist
longjmp
_errno
calloc
localtime
_exit
__p__iob
tolower
_unlink
_fileno
strchr
_iob
isxdigit
isupper
isspace
ispunct
isprint
islower
iscntrl
isalpha
isalnum
isgraph
fgets
sscanf
fflush
_setjmp3
strrchr
strncmp
strcat
__p__pctype
_isctype
__p___mb_cur_max

kernel32

GetVersionExA
GetModuleHandleA
GetProcAddress
GetVersion
LocalAlloc
LocalFree
GetShortPathNameA
UnmapViewOfFile
CreateFileMappingA
GetLastError
OpenFileMappingA
MapViewOfFile
lstrlenA
lstrcpyA
lstrcatA
ExitProcess
CreateThread
GetExitCodeThread
GetCurrentProcessId
CreateProcessA
CreateEventA
ResetEvent
WaitForSingleObject
OpenEventA
Sleep
SetEvent
OpenProcess
TerminateProcess
CloseHandle
GetCurrentDirectoryA
OutputDebugStringA
FreeLibrary
LoadLibraryA
SetErrorMode
GetWindowsDirectoryA
GetVolumeInformationA
GetDriveTypeA
GlobalFree
GlobalAlloc
GetCurrentProcess
VirtualAlloc
VirtualFree
GetProcessTimes
SetLastError
CreateFileA
OpenSemaphoreA
CreateSemaphoreA
GetCurrentThread
ReleaseSemaphore
SetThreadPriority
ReadFile
WriteFile
DeviceIoControl
SleepEx
QueryPerformanceCounter
QueryPerformanceFrequency
GetPrivateProfileStringA
GetPrivateProfileIntA
FindFirstFileA
FindNextFileA
FindClose
GetTickCount

user32

OffsetRect
FillRect
FrameRect
DrawStateA
DrawFocusRect
GetWindowRect
GetClientRect
ClientToScreen
InvalidateRect
RedrawWindow
GetActiveWindow
InflateRect
CopyRect
GetCapture
SetCapture
GetParent
WindowFromPoint
EnableWindow
GetWindowLongA
SendMessageA
UpdateWindow
IsWindow
SetRectEmpty
UnionRect
IsWindowVisible
LoadBitmapA
EqualRect
SetCursor
ReleaseCapture
GetIconInfo
LoadImageA
DestroyIcon
DestroyCursor
BeginDeferWindowPos
EndDeferWindowPos
GetFocus
LockWindowUpdate
PostMessageA
AppendMenuA
CreatePopupMenu
PtInRect
GetKeyState
TranslateMessage
DispatchMessageA
DialogBoxIndirectParamA
CreateDialogIndirectParamA
wsprintfA
SetWindowTextA
EndDialog
MessageBoxA
SetDlgItemTextA
GetDlgItemTextA
MessageBeep
ScreenToClient
MoveWindow
GetDlgItem
ShowWindow
DeferWindowPos
GetSysColor

gdi32

GetTextExtentPoint32A
BitBlt
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
GetStockObject

advapi32

ReportEventA
RegOpenKeyA
RegQueryValueA
GetUserNameA
RegEnumValueA
RegDeleteValueA
RegisterEventSourceA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
DeregisterEventSource

comctl32

ImageList_Draw
ImageList_DrawEx
ImageList_GetIconSize
ord17

ole32

CoCreateGuid

oleaut32

LoadRegTypeLi

tclicr40

?TCL_SetValue@@YAXPAUHTCL__@@PBDHPAVCValue@@@Z
?TCL_GetValue@@YAHPAUHTCL__@@PBDAAHPAHPAVCValue@@@Z
?TCL_GetValue@@YAHPAUHTCL__@@PBDAAVCPoint@@PAV2@PAVCValue@@@Z
?TCL_LoadObject@@YAPAVCValue@@PAUHTCL__@@PBD@Z
?TCL_GetValue@@YAHPAUHTCL__@@PBDAAVCString@@1PAVCValue@@@Z
?TCL_GetValue@@YAHPAUHTCL__@@PBDAAKPAKPAVCValue@@@Z
?TCL_FindObject@@YAPAVCValue@@PAUHTCL__@@PBDPAV1@H@Z
?TCL_Eval@@YAHPAUHTCL__@@PBD@Z
?TCL_SetBinaryValue@@YAXPAUHTCL__@@PBD1HPAVCValue@@@Z
?TCL_GetObject@@YAPAVCValue@@PAUHTCL__@@PBDPAV1@1@Z
?TCL_GetBinaryValue@@YAHPAUHTCL__@@PBDPADHPAVCValue@@@Z
?TCL_SetParentObject@@YAPAVCValue@@PAUHTCL__@@PAV1@@Z
?TCL_GetInterp@@YAPAUTcl_Interp@@PAUHTCL__@@@Z
?TCL_InitTk@@YAHPAUHTCL__@@@Z
?TCL_GetValue@@YAHPAUHTCL__@@PBDAAVCRect@@PAV2@PAVCValue@@@Z
?TCL_GetObjectType@@YAXPAVCValue@@AAVCString@@@Z
?TCL_Init@@YAPAUHTCL__@@XZ
?TCL_CreateObject@@YAPAVCValue@@PAUHTCL__@@PBD1PAV1@1@Z
?TCL_SetValue@@YAXPAUHTCL__@@PBD1PAVCValue@@@Z
?TCL_SetValue@@YAXPAUHTCL__@@PBDKPAVCValue@@@Z
?TCL_BuildObjectName@@YAXPBDHAAVCString@@@Z
?TCL_SaveObject@@YAHPAVCValue@@PBD1@Z
?TCL_Exit@@YAXPAUHTCL__@@@Z
?TCL_SetValue@@YAXPAUHTCL__@@PBDAAVCPoint@@PAVCValue@@@Z

tcl80

Tcl_GetVar
Tcl_Free
Tcl_SetResult
Tcl_CreateCommand
Tcl_SplitList
Tcl_Eval

ct_file

ord34
ord35
ord41
ord21
ord40
ord13

ct_corct

ord23

netapi32

Netbios

comdlg32

GetOpenFileNameA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 744KB - Virtual size: 742KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 710KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91b3f26723e3271538b3a92b09dd0da9

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

comctl32

ole32

oleaut32

tclicr40

tcl80

ct_file

ct_corct

netapi32

comdlg32

Exports

Exports

Sections

.text Size: 744KB - Virtual size: 742KB

.rdata Size: 52KB - Virtual size: 48KB

.data Size: 44KB - Virtual size: 710KB

.rsrc Size: 16KB - Virtual size: 12KB

.reloc Size: 40KB - Virtual size: 38KB

.text
Size: 744KB - Virtual size: 742KB

.rdata
Size: 52KB - Virtual size: 48KB

.data
Size: 44KB - Virtual size: 710KB

.rsrc
Size: 16KB - Virtual size: 12KB

.reloc
Size: 40KB - Virtual size: 38KB