16cb5539f138bccce7e583890b839c9e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

16cb5539f138bccce7e583890b839c9e_JaffaCakes118
Size

1.0MB
MD5

16cb5539f138bccce7e583890b839c9e
SHA1

7b35bd8542db708834da6a2ac2eea4166c8c67b6
SHA256

9aa0e623668f50caa1fdfffbbf12d488b12df539568bc7033285aeb55daaac5f
SHA512

6208d39c7d7250345ecc622251c6af016f13ff7a1250b21655852b1795f6ce5ca85fdc47cfbd3b1c863965399542e0079390bb56c6ae84b7cff9930e1b1dd721
SSDEEP

12288:5RFv8iUh+NhJCCSYHDziHqyJyEyksP/pHadNvym4JeqPw8:LLJCbUiKS25xaHqm468

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
16cb5539f138bccce7e583890b839c9e_JaffaCakes118

Files

16cb5539f138bccce7e583890b839c9e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

2812ace3b7109e258ee2747a653c8fcc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

mfc42d

ord335
ord478
ord317
ord728
ord1757
ord1857
ord3524
ord4934
ord2291
ord734
ord736
ord4589
ord4615
ord812
ord2634
ord2351
ord3302
ord880
ord851
ord3042
ord1041
ord1087
ord3831
ord3629
ord1830
ord2068
ord2316
ord485
ord1136
ord2383
ord3174
ord3948
ord619
ord382
ord3355
ord487
ord4645
ord3281
ord3717
ord3286
ord490
ord1790
ord2230
ord3447
ord4756
ord1365
ord4216
ord3657
ord2024
ord1288
ord2989
ord533
ord709
ord3553
ord1151
ord646
ord413
ord618
ord381
ord813
ord4616
ord4912
ord3304
ord4638
ord2456
ord4303
ord3097
ord3104
ord2517
ord2409
ord474
ord723
ord2168
ord903
ord899
ord901
ord714
ord523
ord702
ord5072
ord2324
ord454
ord5065
ord4720
ord3289
ord845
ord3039
ord2619
ord2318
ord1098
ord1996
ord1264
ord2936
ord410
ord643
ord409
ord642
ord4326
ord730
ord1787
ord982
ord719
ord721
ord2640
ord685
ord3483
ord493
ord3481
ord985
ord3555
ord2130
ord824
ord900
ord2255
ord1812
ord2353
ord3059
ord511
ord823
ord2408
ord512
ord897
ord507
ord509
ord1493
ord1789
ord2661
ord4227
ord4230
ord3366
ord3827
ord4239
ord4215
ord4409
ord3784
ord2023
ord1287
ord531
ord708
ord2105
ord3519
ord1917
ord3646
ord2915
ord3531
ord1417
ord3530
ord2103
ord1784
ord2412
ord4078
ord4081
ord3692
ord3575
ord2679
ord4021
ord973
ord2717
ord2223
ord2222
ord3429
ord3361
ord4210
ord2077
ord1309
ord3666
ord4896
ord470
ord2054
ord4655
ord2209
ord1607
ord2434
ord883
ord1537
ord1623
ord1624
ord1179
ord450
ord3685
ord2995
ord4183
ord1239
ord1969
ord4653
ord3661
ord4279
ord4061
ord3400
ord4951
ord3282
ord1608
ord4029
ord1043
ord2593
ord4333
ord4330
ord987
ord853
ord3043
ord2085
ord3436
ord4739
ord1837
ord2994
ord2589
ord3403
ord943
ord2128
ord4381
ord2129
ord2693
ord299
ord599
ord354
ord4174
ord2220
ord1362
ord5069
ord1804
ord1548
ord3514
ord1916
ord3645
ord2716
ord2914
ord1042
ord2790
ord3065
ord2474
ord717
ord4170
ord3010
ord3013
ord3006
ord4832
ord4834
ord4830
ord3009
ord3012
ord3005
ord3392
ord3309
ord4831
ord4833
ord4829
ord4932
ord3201
ord4433
ord829
ord3170
ord1505
ord5082
ord5081
ord3563
ord817
ord418
ord707
ord2123
ord2099
ord529
ord3599
ord886
ord5005
ord818
ord877
ord1777
ord449
ord4264
ord5093
ord3382
ord2419
ord797
ord803
ord1122
ord1831
ord4498
ord4256
ord5084
ord1564
ord2044
ord850
ord1661
ord1834
ord2659
ord293
ord556
ord1359
ord1658
ord3442
ord2271
ord3421
ord573
ord1316
ord4457
ord1639
ord316
ord4405
ord945
ord3552
ord5077
ord3702
ord1880
ord1860
ord4415
ord3231
ord1033
ord4130
ord4229
ord3826
ord4408
ord1100
ord1285
ord2986
ord528
ord706
ord567
ord4820
ord2052
ord4143
ord308
ord2104
ord1494
ord596
ord4811
ord349
ord1717
ord1809
ord4291
ord733
ord4933
ord2991
ord1295
ord1096
ord3572
ord711
ord3690
ord3889
ord3870
ord1935
ord1776
ord4566
ord4462
ord4887
ord4011
ord660
ord443
ord2730
ord2550
ord2362
ord3040
ord4380
ord3591
ord1534
ord1533
ord1026
ord4340
ord2126
ord4860
ord739
ord3110
ord1363
ord5015
ord5018
ord3338
ord2142
ord593
ord2133
ord345
ord590
ord5086
ord341
ord710
ord988
ord534
ord855
ord3044
ord724
ord4258
ord4123
ord344
ord342
ord847
ord2008
ord1273
ord2950
ord442
ord659
ord4302
ord4328
ord4448
ord4447
ord4339
ord983
ord4376
ord4311
ord1408
ord4386
ord2468
ord589
ord338
ord508
ord2561
ord2719
ord3015
ord2725
ord2406
ord3177
ord1409
ord2293
ord1510
ord2161
ord965
ord5036
ord3459
ord2636
ord4723
ord4443
ord2028
ord4651
ord2491
ord2495
ord2487
ord2808
ord1960
ord1236
ord5003
ord306
ord492
ord574
ord680
ord586
ord559
ord565
ord684
ord2875
ord4492
ord1228
ord1952
ord3658
ord3786
ord3367
ord2431
ord3142
ord3144
ord3143
ord2339
ord2432
ord2341
ord2585
ord2473
ord3691
ord2584
ord2481
ord2340
ord4205
ord1631
ord4191
ord1344
ord4064
ord3002
ord5078
ord1566
ord2076
ord3670
ord3944
ord3069
ord1310
ord2078
ord4208
ord3618
ord5076
ord4118
ord1781
ord4176
ord3651
ord1364
ord3362
ord4753
ord1862
ord4017
ord4195
ord1190
ord2897
ord2021

msvcrtd

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
calloc
_CxxThrowException
memmove
qsort
_getcwd
_chdir
_splitpath
__p__commode
_fcvt
_mbsicmp
memcmp
time
localtime
srand
rand
_ftol
_setmbcp
_ltoa
_stricmp
_strrev
_itoa
strlen
isspace
strchr
atol
strcat
__p__fmode
__set_app_type
_except_handler3
_chkesp
_controlfp
__CxxFrameHandler
strcmp
strcpy
abs
fgets
fseek
ftell
rewind
fread
free
sprintf
memset
strncpy
fwrite
memcpy
fopen
fputs
fclose
isalpha
malloc
atoi

kernel32

GetDiskFreeSpaceA
GetLastError
GetModuleHandleA
GetStartupInfoA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
GetDriveTypeA
GetFileAttributesA
CreateProcessA
SetFileAttributesA
CreateThread
WaitForSingleObject
GetExitCodeThread
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
GetPrivateProfileStringA
GetLocalTime
DeleteFileA
RemoveDirectoryA
CopyFileA
FindFirstFileA
FindClose
GetLocaleInfoA
SetVolumeLabelA
CreateDirectoryA
SetFilePointer
GetCurrentDirectoryA
Sleep

user32

GetWindowDC
SetCursor
GetSystemMetrics
wsprintfA
ReleaseDC
SystemParametersInfoA
LoadImageA
GetSysColorBrush
CopyRect
GetClassNameA
DestroyMenu
GetForegroundWindow
SendMessageA
LoadCursorA
GetParent
GetDesktopWindow
IsWindow
RegisterWindowMessageA

gdi32

CreateRectRgn
CombineRgn
DeleteObject
GetObjectA
GetStockObject
GetDIBits

advapi32

RegQueryInfoKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegFlushKey
RegCloseKey
CryptDecrypt
CryptEncrypt
CryptHashData
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextA
CryptCreateHash
RegSetValueExA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA

comctl32

_TrackMouseEvent

mfco42d

ord846
ord327
ord332
ord2062
ord646

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy
SysFreeString

extuis284md

?NcFrameImpl_GetForceEmptyNcBorder@CExtNcFrameImpl@@UBE?AVCRect@@XZ
?NcFrameImpl_IsForceEmpty@CExtNcFrameImpl@@UBE_NXZ
?NcFrameImpl_IsDwmCaptionReplacement@CExtNcFrameImpl@@UBE_NXZ
?NcFrameImpl_IsDwmBased@CExtNcFrameImpl@@UBE_NXZ
?NcFrameImpl_IsSupported@CExtNcFrameImpl@@UBE_NXZ
?NcFrameImpl_GetScTipText@CExtNcFrameImpl@@UBEPBDI@Z
?NcFrameImpl_GetMinMaxInfo@CExtNcFrameImpl@@UBE_NPAUtagMINMAXINFO@@@Z
?NcFrameImpl_SetupRgn@CExtNcFrameImpl@@UAEXPAUtagWINDOWPOS@@@Z
?NcFrameImpl_DelayRgnAdjustment@CExtNcFrameImpl@@UAEXXZ
?NcFrameImpl_ReCacheScButtonRects@CExtNcFrameImpl@@UBEXXZ
?NcFrameImpl_GetIcon@CExtNcFrameImpl@@UBEXAAVCExtCmdIcon@@@Z
?NcFrameImpl_GetNcScRect@CExtNcFrameImpl@@UBE?AVCRect@@I@Z
?NcFrameImpl_GetNcHtRect@CExtNcFrameImpl@@UBE?AVCRect@@I_N00PAUtagMINMAXINFO@@PBUtagRECT@@@Z
?NcFrameImpl_GetFrameWindow@CExtNcFrameImpl@@UAEPAVCWnd@@XZ
?NcFrameImpl_GetInitialStyleEx@CExtNcFrameImpl@@UBEKXZ
?NcFrameImpl_GetInitialStyle@CExtNcFrameImpl@@UBEKXZ
?NcFrameImpl_NcLock@CExtNcFrameImpl@@UBEX_N@Z
?NcFrameImpl_IsNcLocked@CExtNcFrameImpl@@UBE_NXZ
??1CExtControlBar@@UAE@XZ
??1CExtMenuControlBar@@UAE@XZ
??1CExtLabel@@UAE@XZ
?NcFrameImpl_GetWindowPlacement@CExtNcFrameImpl@@UBE_NAAUtagWINDOWPLACEMENT@@@Z
?InstallPaintManager@CExtPaintManagerAutoPtr@CExtPaintManager@@QAE_NPAUCRuntimeClass@@@Z
?classCExtPaintManagerOffice2007_R2_Obsidian@CExtPaintManagerOffice2007_R2_Obsidian@@2UCRuntimeClass@@A
?PaintManagerStateLoad@CExtPaintManagerAutoPtr@CExtPaintManager@@QAE_NPBD00PAUHKEY__@@_N@Z
?g_PaintManager@@3VCExtPaintManagerAutoPtr@CExtPaintManager@@A
??0CExtControlBar@@QAE@XZ
??0CExtMenuControlBar@@QAE@XZ
??0CExtLabel@@QAE@XZ
??0CExtStatusControlBar@@QAE@XZ
?SetInitDesiredSizeVertical@CExtControlBar@@QAEXVCSize@@@Z
?NcFrameImpl_IsActive@CExtNcFrameImpl@@UAE_NXZ
?ProfileBarStateLoad@CExtControlBar@@SA_NPAVCFrameWnd@@PBD11PAUtagWINDOWPLACEMENT@@_N3PAUHKEY__@@3@Z
?SetPaneControl@CExtStatusControlBar@@QAE_NPAUHWND__@@I_N@Z
?SetPaneWidth@CExtStatusControlBar@@QAEXHH@Z
?AddPane@CExtStatusControlBar@@QAE_NIH@Z
?SetIndicators@CExtStatusControlBar@@QAEHPBIH@Z
?UpdateFromMenu@CExtCmdManager@@QAE_NPBDI_N1@Z
?ProfileSetup@CExtCmdManager@@QAE_NPBDPAUHWND__@@PAVCExtCmdProfile@@@Z
??CCExtCmdManagerAutoPtr@CExtCmdManager@@QAEPAV1@XZ
?g_CmdManager@@3VCExtCmdManagerAutoPtr@CExtCmdManager@@A
?ProfileWndRemove@CExtCmdManager@@QAE_NPAUHWND__@@_NPA_N@Z
?PaintManagerStateSave@CExtPaintManagerAutoPtr@CExtPaintManager@@QAE_NPBD00PAUHKEY__@@_N@Z
?ProfileBarStateSave@CExtControlBar@@SA_NPAVCFrameWnd@@PBD11PAUtagWINDOWPLACEMENT@@_N3PAUHKEY__@@3@Z
?GetMenu@CExtMenuControlBar@@QAEPAVCMenu@@XZ
?DoFrameBarCheckUpdate@CExtControlBar@@SAXPAVCFrameWnd@@PAVCCmdUI@@_N@Z
?DoFrameBarCheckCmd@CExtControlBar@@SAHPAVCFrameWnd@@I_N@Z
??0CExtNcFrameImpl@@QAE@XZ
??1CExtNcFrameImpl@@UAE@XZ
?PreSubclassWindow@CExtNcFrameImpl@@UAEXXZ
?PostNcDestroy@CExtNcFrameImpl@@UAEXXZ
?Create@CExtNCSB_ScrollContainer@@UAE_NPAVCWnd@@@Z
?OnInstantiateAndCreateScrollBar@CExtNCSB_ScrollContainer@@UAEPAVCExtScrollBar@@_N@Z
?PostNcDestroy@CExtNCSB_ScrollContainer@@MAEXXZ
?WindowProc@CExtNCSB_ScrollContainer@@MAEJIIJ@Z
?PreSubclassWindow@CExtNCSB_ScrollContainer@@MAEXXZ
??0CExtNCSB_ScrollContainer@@QAE@PAUHWND__@@W4e_mode_t@0@@Z
?GetScrollBarInContainer@CExtNCSB_ScrollContainer@@QBEPAVCExtScrollBar@@XZ
??1CExtMemoryDC@@UAE@XZ
?__Flush@CExtMemoryDC@@QAEXH@Z
??CCExtPaintManagerAutoPtr@CExtPaintManager@@QAEPAV1@XZ
??0CExtMemoryDC@@QAE@PAVCDC@@PBVCRect@@K@Z
??1CExtNCSB_ScrollContainer@@UAE@XZ
?NcFrameImpl_FilterWindowProc@CExtNcFrameImpl@@UAE_NAAJIIJ@Z
?NcFrameImpl_PreWindowProc@CExtNcFrameImpl@@UAE_NAAJIIJ@Z
?NcFrameImpl_PostWindowProc@CExtNcFrameImpl@@UAEXAAJIIJ@Z
?NcFrameImpl_OnQueryQuickWindowPlacement@CExtNcFrameImpl@@UBE_NXZ
?NcFrameImpl_RecalcNcFrame@CExtNcFrameImpl@@UAE_NXZ
?NcFrameImpl_OnQuerySystemCommandEnabled@CExtNcFrameImpl@@UAE_NI@Z
?NcFrameImpl_CheckCursor@CExtNcFrameImpl@@UAEXVCPoint@@J_N@Z
?NcFrameImpl_GetPM@CExtNcFrameImpl@@UAEPAVCExtPaintManager@@XZ
?NcFrameImpl_OnNcPaint@CExtNcFrameImpl@@UAEXAAVCDC@@_N@Z
?SetInitDesiredSizeHorizontal@CExtControlBar@@QAEXVCSize@@@Z
?NcFrameImpl_AdjustVistaDwmCompatibilityIssues@CExtNcFrameImpl@@UAEXXZ
?NcFrameImpl_SetWindowPlacement@CExtNcFrameImpl@@UAE_NABUtagWINDOWPLACEMENT@@@Z
?NcFrameImpl_CalcWindowRect@CExtNcFrameImpl@@UAEXPAUtagRECT@@I@Z
??1CExtStatusControlBar@@UAE@XZ

wininet

HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA
InternetConnectA
InternetSetOptionA
HttpOpenRequestA
HttpAddRequestHeadersA
InternetReadFile
InternetCloseHandle
InternetOpenA

Sections

.text
Size: 428KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 524KB - Virtual size: 523KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2812ace3b7109e258ee2747a653c8fcc

Headers

File Characteristics

Imports

version

mfc42d

msvcrtd

kernel32

user32

gdi32

advapi32

shell32

comctl32

mfco42d

ole32

oleaut32

extuis284md

wininet

Sections

.text Size: 428KB - Virtual size: 424KB

.rdata Size: 40KB - Virtual size: 38KB

.data Size: 12KB - Virtual size: 13KB

.idata Size: 20KB - Virtual size: 16KB

.rsrc Size: 524KB - Virtual size: 523KB

.reloc Size: 20KB - Virtual size: 17KB

.text
Size: 428KB - Virtual size: 424KB

.rdata
Size: 40KB - Virtual size: 38KB

.data
Size: 12KB - Virtual size: 13KB

.idata
Size: 20KB - Virtual size: 16KB

.rsrc
Size: 524KB - Virtual size: 523KB

.reloc
Size: 20KB - Virtual size: 17KB