0fcbdf82cb2ca7add14ff10664986000_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0fcbdf82cb2ca7add14ff10664986000_JaffaCakes118
Size

236KB
MD5

0fcbdf82cb2ca7add14ff10664986000
SHA1

bb238defd377856283000eb097f1ad25c2b2a86c
SHA256

b6d493da66e871485792402f67d72cc07c45fb70dbf7baad4fb988671bd177a1
SHA512

49468956949619e00212d1e89433d8b22e859759b16b714d7dad205b0e09733144f960c1ccc18c47d3db628e204e28e9c5af737a79df6b0fd49514c28be4c019
SSDEEP

3072:iNMfXfKLF7fwY+wQpo3YXuXeqtMWwkTPfa4hZi2vqR99lN:ifLFLawl3YKMUraf99lN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0fcbdf82cb2ca7add14ff10664986000_JaffaCakes118

Files

0fcbdf82cb2ca7add14ff10664986000_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a6e0ded285fd2420f33ac23965c6cb94

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

IsValidCodePage
GetTickCount
GetProcAddress
GetCurrentThreadId
MulDiv
IsBadCodePtr
GetVersion
MultiByteToWideChar
lstrlenW
lstrlenA
WideCharToMultiByte
Thread32Next
ResumeThread
SuspendThread
OpenThread
Thread32First
GetCurrentProcessId
Sleep
GetUserDefaultLangID
GetUserDefaultLCID
LoadLibraryA
GetCommandLineA
GetLastError
InterlockedDecrement
GetFileSize
GetModuleHandleA
SetEvent
VirtualProtect
IsBadReadPtr
GetSystemInfo
CloseHandle
LocalFree
GetStartupInfoA
Process32Next
GetUserDefaultUILanguage

user32

CreateDesktopA
GetUserObjectInformationA
GetCursor
GetDesktopWindow
GetInputState
IsCharUpperA
GetCapture
IsMenu
CharUpperA
CharLowerA
GetWindowRect
PostMessageA
GetSystemMetrics
GetForegroundWindow
GetActiveWindow
IsWindow
IsCharAlphaNumericA
IsCharAlphaA
GetFocus
IsCharLowerA

ole32

CLSIDFromString
CLSIDFromProgID
CoInitializeEx
CoCreateInstance
OleRun

oleaut32

SysAllocStringLen
GetErrorInfo
SysAllocString
VariantClear
SysStringByteLen
SysAllocStringByteLen
SysFreeString
SysStringLen

msvcp60

?_Incref@facet@locale@std@@QAEXXZ
??1?$ctype@D@std@@UAE@XZ
?id@?$ctype@D@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getfacet@locale@std@@QBEPBVfacet@12@I_N@Z
?_Iscloc@locale@std@@QBE_NXZ
??0?$ctype@D@std@@QAE@PBF_NI@Z
??_7bad_cast@std@@6B@
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
?do_tolower@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_tolower@?$ctype@D@std@@MBEDD@Z
?do_toupper@?$ctype@D@std@@MBEPBDPADPBD@Z
?do_toupper@?$ctype@D@std@@MBEDD@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??0locale@std@@QAE@PBDH@Z
??1locale@std@@QAE@XZ
?_Decref@facet@locale@std@@QAEPAV123@XZ
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?_Xran@std@@YAXXZ
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEPADPADD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0logic_error@std@@QAE@ABV01@@Z
??0out_of_range@std@@QAE@ABV01@@Z
??1out_of_range@std@@UAE@XZ
??_7out_of_range@std@@6B@
??0logic_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

msvcrt

sprintf
_strdup
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_onexit
__dllonexit
??0exception@@QAE@ABQBD@Z
atoi
wcslen
strncat
strcat
_strnicmp
_stricmp
strstr
strchr
strncpy
strcpy
free
_itoa
malloc
_CxxThrowException
??0exception@@QAE@ABV0@@Z
memcmp
_ftol
strlen
__CxxFrameHandler
_except_handler3
rand
srand
memset
??2@YAPAXI@Z
memcpy
wcscmp
pow

ws2_32

send
getsockopt
connect
htons
setsockopt
socket
gethostbyname
WSAStartup
closesocket
WSACleanup
recv

Sections

CODE
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 826B - Virtual size: 826B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 736B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6e0ded285fd2420f33ac23965c6cb94

Headers

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

msvcp60

msvcrt

ws2_32

Sections

CODE Size: 147KB - Virtual size: 147KB

DATA Size: 97KB - Virtual size: 97KB

BSS Size: 5KB - Virtual size: 5KB

.idata Size: 826B - Virtual size: 826B

.rsrc Size: 736B - Virtual size: 736B

CODE
Size: 147KB - Virtual size: 147KB

DATA
Size: 97KB - Virtual size: 97KB

BSS
Size: 5KB - Virtual size: 5KB

.idata
Size: 826B - Virtual size: 826B

.rsrc
Size: 736B - Virtual size: 736B