11e0552ce997d23860748fcaf53e47e6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

11e0552ce997d23860748fcaf53e47e6_JaffaCakes118
Size

2.8MB
MD5

11e0552ce997d23860748fcaf53e47e6
SHA1

fa078a08252f628a9fa84b5cf9b29959b75ce586
SHA256

d26fc6c4a22ec2a5432f521bac0482afb36b940f127c8ad4aa1307717d36c48c
SHA512

d2a11e5e134a1acf5d78fcd22a37ffe7329a9e41cff53c627f550705f90adca2b6d39f59dadbdd25bccd97666925dd0c081684cd71f4cac0bf3d6dbb20701773
SSDEEP

49152:AlxigH6clH0CF815QjDtNUqeuBn+Lv/GiwQ9Tg3TYAzDaz:MseIQvtIzGnYAz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
11e0552ce997d23860748fcaf53e47e6_JaffaCakes118

Files

11e0552ce997d23860748fcaf53e47e6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

bef48a39345607c5c85b72cd31c3e726

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

fmod

_FSOUND_Stream_SetBufferSize@4
_FSOUND_Sample_Free@4
_FSOUND_GetMaxChannels@0
_FSOUND_Stream_GetMode@4
_FSOUND_Stream_SetMode@8
_FSOUND_Stream_PlayEx@16
_FSOUND_Stream_Close@4
_FSOUND_Stream_Stop@4
_FSOUND_SetDriver@4
_FSOUND_SetHWND@4
_FSOUND_StopSound@4
_FSOUND_3D_Listener_SetAttributes@32
_FSOUND_Update@0
_FSOUND_3D_SetMinMaxDistance@12
_FSOUND_SetMute@8
_FSOUND_3D_SetDopplerFactor@4
_FSOUND_3D_SetDistanceFactor@4
_FSOUND_3D_SetRolloffFactor@4
_FSOUND_Sample_Load@20
_FSOUND_GetError@0
_FSOUND_Sample_SetMinMaxDistance@12
_FSOUND_GetDriverName@4
_FSOUND_SetOutput@4
_FSOUND_SetMinHardwareChannels@4
_FSOUND_GetVersion@0
_FSOUND_GetVolume@4
_FSOUND_Close@0
_FSOUND_Stream_SetEndCallback@12
_FSOUND_Stream_Open@16
_FSOUND_Init@12
_FSOUND_GetNumDrivers@0
_FSOUND_SetMaxHardwareChannels@4
_FSOUND_GetDriverCaps@8
_FSOUND_Sample_GetMode@4
_FSOUND_PlaySoundEx@16
_FSOUND_3D_SetAttributes@12
_FSOUND_SetPriority@8
_FSOUND_SetVolume@8
_FSOUND_SetPaused@8

kernel32

GetThreadLocale
GetLocaleInfoA
MultiByteToWideChar
InterlockedExchange
GetCurrentProcess
WideCharToMultiByte
GetVersion
CompareStringA
CompareStringW
GetACP
SetPriorityClass
lstrlenA
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
DeleteCriticalSection
Sleep
lstrcmpiA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
SetCurrentDirectoryA
CreateMutexA
WaitForSingleObject
CloseHandle
GetModuleFileNameA
GetWindowsDirectoryA
FindFirstFileA
CreateDirectoryA
FindClose
GetCurrentDirectoryA
GetVolumeInformationA
GetLastError
WinExec
IsDebuggerPresent
VirtualQuery
OutputDebugStringA
GetTickCount
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
FileTimeToSystemTime
GlobalFindAtomA
GetStringTypeW
GlobalGetAtomNameA
GlobalFlags
GetCPInfo
GetOEMCP
GetFullPathNameA
FlushFileBuffers
FileTimeToLocalFileTime
RtlUnwind
GetSystemTimeAsFileTime
GetStartupInfoA
HeapReAlloc
HeapSize
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
IsProcessorFeaturePresent
SetEnvironmentVariableA
IsBadCodePtr
TlsFree
GetStringTypeA
GetDriveTypeA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LocalReAlloc
TlsSetValue
TlsAlloc
UnhandledExceptionFilter
IsBadWritePtr
HeapCreate
HeapDestroy
MulDiv
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
CreateEventA
IsDBCSLeadByte
SetEvent
ResetEvent
ExitThread
WaitForMultipleObjects
SizeofResource
LockResource
LoadResource
FindResourceA
GetLocalTime
SetUnhandledExceptionFilter
TerminateProcess
CreateThread
GetSystemInfo
GlobalUnlock
GlobalLock
lstrcatA
GlobalMemoryStatusEx
InterlockedDecrement
ReadFile
SetFileTime
GetFileAttributesA
FindNextFileA
GetCurrentProcessId
WriteFile
SystemTimeToFileTime
GetCurrentThread
GlobalAlloc
GlobalSize
GlobalAddAtomA
GlobalDeleteAtom
SetEndOfFile
ExitProcess
GetCommandLineA
SetThreadPriority
SetFilePointer
OpenEventA
lstrcmpA
IsBadReadPtr
VirtualProtect
DeleteFileA
VirtualAlloc
VirtualFree
HeapFree
GetProcessHeap
HeapAlloc
SetStdHandle
GetStdHandle
lstrcpyA
FindNextChangeNotification
FindCloseChangeNotification
FindFirstChangeNotificationA
GetExitCodeThread
GetSystemDefaultLangID
SetFileAttributesA
LocalFree
lstrcpynA
FormatMessageA
GlobalFree
SetLastError
GlobalReAlloc
lstrcmpW
RaiseException
InterlockedIncrement
LocalAlloc
GlobalHandle
TlsGetValue
GetTimeZoneInformation

user32

GetSysColorBrush
GetSysColor
GetSystemMetrics
LoadCursorA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
LoadBitmapA
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetFocus
SetMenuItemBitmaps
PtInRect
CopyRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
CallWindowProcA
GetDlgCtrlID
GetClassInfoA
AdjustWindowRectEx
GetMenu
SetForegroundWindow
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetDlgItem
GetForegroundWindow
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
GetCapture
WinHelpA
RegisterWindowMessageA
SetWindowTextA
UnregisterClassA
DestroyMenu
SetWindowsHookExA
CallNextHookEx
ValidateRect
UnhookWindowsHookEx
MoveWindow
GetClientRect
SetWindowLongA
GetWindowLongA
UpdateWindow
GetActiveWindow
SetWindowPos
CreateWindowExA
RegisterClassA
LoadIconA
TranslateMessage
PeekMessageA
DispatchMessageA
ReleaseDC
GetDC
GetMenuState
GetMenuItemID
SetCursorPos
ClientToScreen
GetKeyState
GetWindowTextA
EnumWindows
PostMessageA
GetWindowRect
PostQuitMessage
wsprintfA
GetAsyncKeyState
CloseClipboard
GetClipboardData
IsClipboardFormatAvailable
OpenClipboard
MessageBoxA
DefWindowProcA
SetFocus
ShowCursor
GetWindow
ShowWindow
FindWindowExA
GetClassNameA
GetTopWindow
GetMenuItemCount
GetSubMenu
GetCursorPos
SetClipboardData
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
MapVirtualKeyA
GetKeyNameTextA
ScreenToClient
SendMessageA
GetKeyboardLayout
EmptyClipboard
UnregisterHotKey

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateBitmap
GetStockObject
GetClipBox
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetTextMetricsA
GetDeviceCaps
CreateFontA
AddFontResourceA
RemoveFontResourceA
CreateCompatibleDC
CreateDIBSection
SetMapMode
GetObjectA
GetTextExtentPoint32A
SelectObject
DeleteObject
DeleteDC

shell32

SHGetSpecialFolderPathA
SHChangeNotify
ShellExecuteA

ole32

CoCreateInstance
CoInitialize
OleRun
CoUninitialize

comctl32

ord17

shlwapi

StrStrIA
PathRemoveFileSpecA
PathStripPathA
PathIsDirectoryA
PathSearchAndQualifyA

urlmon

URLDownloadToFileA

imm32

ImmGetCompositionStringA
ImmGetDefaultIMEWnd
ImmSetConversionStatus
ImmAssociateContext
ImmNotifyIME
ImmGetCandidateListA
ImmGetContext
ImmGetOpenStatus
ImmReleaseContext
ImmGetConversionStatus

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod
timeGetDevCaps

ws2_32

bind
socket
htons
gethostbyname
inet_addr
ntohs
inet_ntoa
ioctlsocket
setsockopt
WSACleanup
WSAStartup
closesocket
htonl
recv
WSAGetLastError
connect
WSACloseEvent
send
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
WSAEventSelect
WSACreateEvent
shutdown
sendto
recvfrom
getsockname
gethostname

gdiplus

GdipGetImageEncoders
GdipCloneBrush
GdipGetFamily
GdipCreateFontFromLogfontA
GdipCreateFontFromDC
GdipDrawString
GdipFillPath
GdipGraphicsClear
GdipDrawPath
GdipSetSmoothingMode
GdipCreateFromHDC
GdipAddPathString
GdipCreateSolidFill
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipStringFormatGetGenericTypographic
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdipDisposeImage
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipGetImageEncodersSize
GdipBitmapUnlockBits
GdipFree
GdipAlloc
GdiplusStartup
GdiplusShutdown

dbghelp

MiniDumpWriteDump

wininet

InternetCloseHandle
InternetSetStatusCallback
InternetReadFileExA
HttpQueryInfoA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
DeleteUrlCacheEntry
InternetCrackUrlA

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA

oleaut32

VariantChangeType
VariantClear
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
GetErrorInfo

Exports

Exports

fcEXP

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 392KB - Virtual size: 391KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 152KB - Virtual size: 26.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.cleaned
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pe
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

pebundle
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bef48a39345607c5c85b72cd31c3e726

Headers

File Characteristics

Imports

fmod

kernel32

user32

gdi32

shell32

ole32

comctl32

shlwapi

urlmon

imm32

winmm

ws2_32

gdiplus

dbghelp

wininet

oleacc

winspool.drv

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 392KB - Virtual size: 391KB

.data Size: 152KB - Virtual size: 26.0MB

.cleaned Size: 56KB - Virtual size: 52KB

.rsrc Size: 12KB - Virtual size: 11KB

.pe Size: 1024B - Virtual size: 4KB

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 8KB - Virtual size: 7KB

pebundle Size: 8KB - Virtual size: 8KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 392KB - Virtual size: 391KB

.data
Size: 152KB - Virtual size: 26.0MB

.cleaned
Size: 56KB - Virtual size: 52KB

.rsrc
Size: 12KB - Virtual size: 11KB

.pe
Size: 1024B - Virtual size: 4KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 7KB

pebundle
Size: 8KB - Virtual size: 8KB