095ca629831204ce8e168eb11a7f35aa_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

095ca629831204ce8e168eb11a7f35aa_JaffaCakes118
Size

324KB
MD5

095ca629831204ce8e168eb11a7f35aa
SHA1

0b1b423209c73829efcfac52510ba8c8d4fad177
SHA256

b81e2cb479ea5676f6ffba1a79977f005c6798cfba25314ca2a003846bf2acdf
SHA512

35bf7bb01cdcbe4b6186add317d5b22a96680026f79e8fa53513e62092a7cc41ec43562b9f252845cfc55f073418e9faf1eedb04841574a17b9f84971a573f82
SSDEEP

6144:gxCLxvucnXDiBTpjCV+Yjw8JWvuYZSyYZ:g8xXmBkc8toSr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
095ca629831204ce8e168eb11a7f35aa_JaffaCakes118

Files

095ca629831204ce8e168eb11a7f35aa_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0f91337da9180fa5a8d7f813b3796c27

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

crlutl

_UNITConvToUnitAndString@24
?UTLLocateExceptionMapEntry@@YGHHPAUHWND__@@HAAK@Z
_UTLShowHelp@20
_UTLStandardHelpButton@12
_UTLStandardHelp@20
_UTLStandardContextMenu@20
_UTLLoadString@4
_UTLFindHelpFile@8
?GetInst@IGLB_UILanguage@@SAAAV1@XZ

crli18n

_CorGetCharSet@0
_CorIsFarEastWindow@0
?SetFromUnicode@CGlbChar@@QAGHQBGI@Z

crlctl

?BuildPropPageArray@WCmnUI_PropertySheet@@UAEXXZ
?SetNumDecimalPlaces@WUnitSpinBase@@QAEXI@Z
??0WSpinCtrl@@QAE@XZ
??1WSpinCtrl@@UAE@XZ
?GetThisMessageMap@WCmnUI_PropertyPage@@KGPBUAFX_MSGMAP@@XZ
?GetThisClass@WCmnUI_PropertyPage@@SGPAUCRuntimeClass@@XZ
??0WCmnUI_PropertyPage@@QAE@IIK@Z
??1WCmnUI_PropertyPage@@UAE@XZ
?GetThisMessageMap@WCmnUI_PropertySheet@@KGPBUAFX_MSGMAP@@XZ
?GetThisClass@WCmnUI_PropertySheet@@SGPAUCRuntimeClass@@XZ
??0WCmnUI_PropertySheet@@QAE@IPAVCWnd@@I@Z
?AddPage@WCmnUI_PropertySheet@@QAEXPAVCPropertyPage@@@Z
?OnInitDialog@WCmnUI_PropertySheet@@UAEHXZ
??1WCmnUI_PropertySheet@@UAE@XZ
?UTLGetNumDisplayColors@@YGJXZ
??0WCmnUI_PropertySheet@@QAE@XZ

mfc71u

ord760
ord709
ord501
ord3635
ord4463
ord4461
ord3677
ord701
ord757
ord5178
ord4206
ord4729
ord4884
ord4574
ord2011
ord1662
ord1661
ord5908
ord1392
ord5199
ord4256
ord3176
ord354
ord605
ord2239
ord762
ord1079
ord1086
ord4032
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2832
ord4475
ord3327
ord490
ord593
ord5379
ord5221
ord6248
ord5113
ord1488
ord956
ord5995
ord547
ord4025
ord1049
ord1117
ord1121
ord334
ord3624
ord3596
ord3657
ord3533
ord2686
ord4851
ord4737
ord4703
ord4841
ord1945
ord1663
ord4496
ord4803
ord4888
ord4910
ord4363
ord4329
ord4326
ord4911
ord2665
ord4455
ord4247
ord4989
ord5600
ord4021
ord2541
ord2998
ord4916
ord3096
ord6241
ord5461
ord973
ord3029
ord3380
ord2819
ord4561
ord2610
ord2616
ord6234
ord2007
ord5153
ord1371
ord5408
ord4254
ord1917
ord4216
ord3034
ord2762
ord2831
ord4476
ord4264
ord705
ord1139
ord4702
ord1189
ord2297
ord2250
ord1123
ord2132
ord487
ord5590
ord1533
ord5316
ord6282
ord1177
ord313
ord3676
ord3585
ord4438
ord4437
ord4784
ord4198
ord4775
ord4974
ord4166
ord4175
ord4771
ord4380
ord4395
ord4393
ord4375
ord4378
ord4373
ord4858
ord4855
ord3968
ord5147
ord3338
ord1352
ord4267
ord565
ord756
ord5170
ord4145
ord4585
ord6225
ord6227
ord2027
ord266
ord265
ord6232
ord1396
ord3922
ord1784
ord572
ord1270
ord5633
ord5609
ord2651
ord347
ord2066
ord3654
ord3525
ord4836
ord2823
ord1950
ord1322
ord4892
ord5494
ord4306
ord4305
ord2237
ord1904
ord2609
ord5003
ord5006
ord4303
ord4129
ord2933
ord4898
ord940
ord5356
ord2419
ord2418
ord4016
ord3939
ord5144
ord5205
ord2164
ord1297
ord4271
ord4259
ord704
ord697
ord468
ord480
ord471
ord694
ord5373
ord4296
ord5161
ord3642
ord3460
ord5352
ord4013
ord5201
ord395
ord635
ord4293
ord1573
ord5208
ord4274
ord1512
ord4266
ord4109
ord2422
ord3126
ord3534
ord4852
ord2990
ord4875
ord4817
ord4822
ord4827
ord4579
ord4551
ord4732
ord5011
ord4798
ord4504
ord4865
ord4369
ord4878
ord4387
ord4973
ord3906
ord2854
ord2936
ord4479
ord488
ord706
ord2366
ord589
ord330
ord4512
ord6058
ord5065
ord5064
ord4791
ord4611
ord4838
ord4184
ord4207
ord4730
ord5207
ord4714
ord620
ord591
ord5829
ord4119
ord1922
ord1474
ord4092
ord2080
ord1538
ord4228
ord2985
ord3165
ord1545
ord3189
ord1785
ord5699
ord2421
ord2160
ord6115
ord4861
ord3753
ord2155
ord587
ord3983
ord6086
ord5066
ord2340
ord2362
ord2361
ord602
ord1571
ord5327
ord6293
ord4072
ord2077
ord4226
ord3158
ord2121
ord293
ord577
ord5231
ord5229
ord2384
ord2394
ord2392
ord2390
ord2386
ord2409
ord2397
ord1647
ord1646
ord1590
ord1542
ord4320
ord2009
ord1007
ord5096
ord566
ord6063
ord870
ord4026
ord2751
ord4886
ord5380
ord4481
ord4519
ord2042
ord2736
ord5492
ord4850
ord4736
ord5931
ord6039
ord1472
ord1172
ord1118
ord287
ord860
ord2895
ord3927
ord896
ord776
ord777
ord1782
ord1058
ord2986
ord1548
ord3756
ord1883
ord774
ord2893
ord290
ord2926
ord1765
ord775
ord280
ord2311
ord1536
ord3331
ord4255
ord4480
ord3943
ord2638
ord3703
ord3713
ord3712
ord2527
ord2640
ord2534
ord2856
ord2708
ord4301
ord2829
ord2725
ord2531
ord5196
ord1955
ord5171
ord1353
ord4961
ord3339
ord6275
ord3796
ord6273
ord1513
ord2163
ord2169
ord2399
ord2381
ord2379
ord2402
ord2407
ord2388
ord2404
ord931
ord927
ord929
ord925
ord920
ord5956
ord1591
ord4276
ord4716
ord3397
ord5210
ord4179
ord6271
ord5067
ord1899
ord5148
ord4238
ord1393
ord3940
ord1608
ord1611
ord5911
ord3678
ord764
ord5640
ord326
ord502
ord5636
ord5637
ord3249
ord1271
ord3280
ord1925
ord3204
ord3155
ord1198

msvcr71

_controlfp
?terminate@@YAXXZ
__security_error_handler
_onexit
_CIsin
_CIcos
_purecall
wcscpy
__CxxFrameHandler
_CIacos
sprintf
atof
_CxxThrowException
wcslen
strncpy
_wtoi
atoi
isdigit
strncat
atol
wcscmp
wcsncmp
memset
_except_handler3
free
_c_exit
_exit
_XcptFilter
_cexit
__dllonexit
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_amsg_exit
_wcmdln
exit

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GlobalUnlock
GlobalLock
GlobalAlloc
HeapAlloc
GetProcessHeap
HeapFree
InterlockedExchange
GetACP
GetLocaleInfoA
GetVersionExW
WideCharToMultiByte
WritePrivateProfileStructA
lstrlenW
WritePrivateProfileStringW
WritePrivateProfileStringA
GetPrivateProfileStructA
GetPrivateProfileStringW
GetPrivateProfileStringA
GetPrivateProfileIntA
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
GetStartupInfoW
ExitProcess
GetThreadLocale
GetVersionExA
QueryPerformanceCounter

user32

FillRect
CopyRect
MessageBeep
GetDlgCtrlID
GetClassNameA
GetParent
WindowFromDC
GetWindowRect
LoadBitmapW
GetSysColor
LoadStringA
PostMessageW
SendMessageW
EnableWindow
GetClientRect
GetSystemMetrics
OpenClipboard
EmptyClipboard
SetClipboardData
SendDlgItemMessageW
CloseClipboard
InvalidateRect
UpdateWindow
GetDC
ReleaseDC

gdi32

EnumFontFamiliesW
GetCurrentObject
GetTextExtentPoint32W
BitBlt
CreateCompatibleDC
GetObjectW
PatBlt
RealizePalette
CreatePalette
CreateMetaFileW
SetWindowOrgEx
CloseMetaFile
CreateSolidBrush
SaveDC
SetMapMode
GetDeviceCaps
SetWindowExtEx
SetViewportExtEx
GetTextMetricsW
GetTextExtentPoint32A
RestoreDC
CreateFontW
SetBkMode
SetTextColor
SetTextAlign
TextOutA
Polygon
LPtoDP
CreatePen
SelectObject
MoveToEx
LineTo
DeleteObject

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

G3
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

0f91337da9180fa5a8d7f813b3796c27

Headers

File Characteristics

Imports

crlutl

crli18n

crlctl

mfc71u

msvcr71

kernel32

user32

gdi32

Sections

.text Size: 148KB - Virtual size: 144KB

.rdata Size: 40KB - Virtual size: 37KB

.data Size: 4KB - Virtual size: 4KB

.rsrc Size: 48KB - Virtual size: 44KB

G3 Size: 80KB - Virtual size: 80KB

.text
Size: 148KB - Virtual size: 144KB

.rdata
Size: 40KB - Virtual size: 37KB

.data
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 48KB - Virtual size: 44KB

G3
Size: 80KB - Virtual size: 80KB