15667babdcdd88ee08174a39c86b00ad_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

15667babdcdd88ee08174a39c86b00ad_JaffaCakes118
Size

396KB
MD5

15667babdcdd88ee08174a39c86b00ad
SHA1

19ed09bbe8711e7e0b9a6b7664538559a86d312d
SHA256

5061395e96ddf44be20b37f12ab25da2ee84f9c8ec2dd0b5db4f11cfdb14b2a0
SHA512

e9688e3c981eb1ff0f822dfc2c1a75c570d518b28c8b324b54f4e4fe626cd78ab39171a9f0a61f54eb1e602d941f7faa456aec169bd2379854e7fa411a6fec4a
SSDEEP

12288:LVaauWatLv/kjWaesK3YSYJmlzFZ3IHmMr:L03DkjtLS5hVq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
15667babdcdd88ee08174a39c86b00ad_JaffaCakes118

Files

15667babdcdd88ee08174a39c86b00ad_JaffaCakes118
.exe windows:4 windows x86 arch:x86

0b3fd014c201ba333650fb1f00161ed2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetDisconnectDialog
MultinetGetConnectionPerformanceA
WNetUseConnectionA
WNetCancelConnectionA

advapi32

SetServiceStatus
GetServiceKeyNameA
RegOpenKeyExA
LsaQueryInformationPolicy
CloseServiceHandle
ReadEventLogW
RegCloseKey
CreateProcessAsUserW
QueryServiceLockStatusW
OpenEventLogW
RegisterServiceCtrlHandlerW
SetServiceObjectSecurity
RegSetValueExW
StartServiceCtrlDispatcherW

rasapi32

RasGetConnectStatusA
RasEnumConnectionsA

msvcrt

_setmbcp
_except_handler3
_mbsrev
__dllonexit
_onexit
acos
_wexecl
atol
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

user32

GetClassNameW
GetScrollPos
VkKeyScanW
CopyIcon
FindWindowA
LoadCursorFromFileA
TranslateMessage
MapVirtualKeyExW
WindowFromPoint
SetTimer
DrawIconEx
GetDoubleClickTime
SetCaretPos
DestroyCaret
RemoveMenu
ChangeDisplaySettingsA
MessageBoxA
IsCharLowerA
CharLowerA
CreateDialogIndirectParamW
PostMessageA
DrawStateW
CopyAcceleratorTableW
SendDlgItemMessageW
GetClipCursor
DrawTextW
CreateCursor
CharUpperBuffW
GetProcessWindowStation
LoadImageA
MoveWindow
DialogBoxIndirectParamW
ReuseDDElParam
SetWindowTextW
SetPropA
RegisterHotKey
SendInput
GetKeyboardState
MessageBeep
CloseClipboard
DrawIcon
GetCaretPos
EmptyClipboard
PostThreadMessageA
PostThreadMessageW
GetTabbedTextExtentA
RegisterClassExW
FindWindowExA
GetParent
SetDlgItemTextW
ClientToScreen
EnableScrollBar
WindowFromDC
CreateDialogIndirectParamA
wvsprintfA
CreateWindowExW
GetWindowLongA
GetSystemMetrics
TranslateAcceleratorA
DestroyMenu
GetMenuItemCount
ModifyMenuA
DefFrameProcW
SetWindowLongA
GetDlgItemTextA
FindWindowExW
SetClipboardData
CloseDesktop
GetUserObjectInformationW
CharUpperA
GrayStringW
GetMessageExtraInfo
GetScrollRange
DdeFreeStringHandle
SetWindowTextA
GetMessageA
BeginDeferWindowPos
CharLowerBuffA
ShowOwnedPopups
AttachThreadInput
BlockInput
DispatchMessageA
TrackPopupMenuEx
SetClassLongA
LockWindowUpdate
GetKeyState
SystemParametersInfoA
GetKeyNameTextW
CallMsgFilterA
SendNotifyMessageW
PostMessageW
PackDDElParam
SetWindowRgn
ChangeClipboardChain
RegisterWindowMessageA
DialogBoxParamA
SetWindowPlacement
InvalidateRect
GetMessagePos
DrawTextA
GetClassInfoW
GetSysColor

gdi32

CreateDCW
SwapBuffers
DeleteEnhMetaFile
SetAbortProc
EnumFontsW
GetWinMetaFileBits
GetNearestPaletteIndex
IntersectClipRect
GetRgnBox
GetPolyFillMode
CombineRgn
GetROP2
CreateBitmap
GetDIBits
GetClipRgn
SetWindowOrgEx
GetObjectA
GetCharWidthA
SetDeviceGammaRamp
TextOutA
AbortDoc
ExtTextOutA
GetKerningPairsA
RemoveFontResourceA
SelectClipRgn
DeleteObject
EnumFontFamiliesA
ResetDCW
CreateDCA
SaveDC
SetPixel
OffsetWindowOrgEx
OffsetClipRgn
PatBlt
GetTextMetricsA
SetBitmapBits
SetWinMetaFileBits
GetObjectW
CreateEllipticRgn
RectVisible
GetTextCharsetInfo
SetTextAlign
GdiFlush
CreateDIBSection
LPtoDP
GetFontData
Ellipse
GetPixel
CopyEnhMetaFileA
GetDIBColorTable
EnumMetaFile
EndPage
RectInRegion
CreateICA
WidenPath
PolyBezierTo
RealizePalette
GetMapMode
ExtCreatePen
GetStockObject
CreateMetaFileA
GetDeviceCaps
SetROP2

kernel32

FileTimeToSystemTime
BackupSeek
GetProcessAffinityMask
GetStringTypeA
MulDiv
DeleteFiber
GetWindowsDirectoryW

mfc42

ord815
ord6375
ord4486
ord2554
ord1084
ord5731
ord3922
ord1089
ord1050
ord2396
ord3346
ord1048
ord5302
ord2725
ord1077
ord4698
ord5307
ord1037
ord5714
ord1079
ord2982
ord1089
ord3259
ord4465
ord1066
ord3262
ord2985
ord3081
ord2976
ord3401
ord3830
ord3831
ord3825
ord3079
ord4080
ord1076
ord4424
ord3738
ord561
ord1576
ord1168

Sections

.text
Size: 240KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b3fd014c201ba333650fb1f00161ed2

Headers

File Characteristics

Imports

mpr

advapi32

rasapi32

msvcrt

user32

gdi32

kernel32

mfc42

Sections

.text Size: 240KB - Virtual size: 236KB

.rdata Size: 68KB - Virtual size: 65KB

.data Size: 68KB - Virtual size: 2.6MB

.rsrc Size: 16KB - Virtual size: 12KB

.text
Size: 240KB - Virtual size: 236KB

.rdata
Size: 68KB - Virtual size: 65KB

.data
Size: 68KB - Virtual size: 2.6MB

.rsrc
Size: 16KB - Virtual size: 12KB