17349e27099b43fd249d4047c2c0c382_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

17349e27099b43fd249d4047c2c0c382_JaffaCakes118
Size

659KB
MD5

17349e27099b43fd249d4047c2c0c382
SHA1

771100dbdd2d76a52f5c8c29e9d4220291356a98
SHA256

e70f6cc1c99486bf04b1afbc6ac8cc375e2479c7a811b42f4148889baf06a286
SHA512

cf2db64249d5ad8435ae382275ab5cbcd0673c6533ba4090f5f330597c65856334cfc32222dee251b487879976f8a3c820d560a28ea351527d8c60b98e64cf10
SSDEEP

12288:1xOKNZvg35P0CIqfss3NTBizEMARGTqUQ4Oehv/5jx6:10KNZvaP0ZsdTByxLuUQs9hjg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
17349e27099b43fd249d4047c2c0c382_JaffaCakes118

Files

17349e27099b43fd249d4047c2c0c382_JaffaCakes118
.exe windows:5 windows x86 arch:x86

49aaa276f47796e0cd19da0f46bb0034

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_pclose
tmpfile
fscanf
getenv
strrchr
strtoul
fputs
getc
fclose
freopen
ferror
strftime
fread
fopen
ungetc
strerror
feof
_iob
__mb_cur_max
strchr
_amsg_exit
isleadbyte
_errno
wcscpy
_strcmpi
exit
fflush
tmpnam
_localtime64
_time64
isalnum
ispunct
tolower
strncpy
isalpha
isdigit
isupper
iscntrl
toupper
islower
??3@YAXPAX@Z
strpbrk
isxdigit
atan2
sqrt
cos
modf
ldexp
pow
log
tanh
sinh
tan
fmod
srand
cosh
acos
floor
frexp
log10
atan
exp
fabs
asin
sin
strtod
strncat
strcspn
_popen
fgets
setvbuf
fwrite
ftell
fseek
clearerr
rename
_mktime64
memchr
_gmtime64
__setusermatherr
__p__commode
_setjmp3
system
remove
setlocale
clock
_isatty
_write
_lseeki64
_fileno
__pioinfo
__badioinfo
_controlfp
?terminate@@YAXXZ
_itoa
fprintf
_snprintf
_wcsicmp
ceil
memcmp
strstr
rand
wcsncpy
strcpy
strcmp
calloc
towlower
wcstoul
wcstol
isspace
_purecall
wcscmp
_wrename
iswdigit
realloc
wcsstr
_wtoi
??_V@YAXPAX@Z
??_U@YAPAXI@Z
??2@YAPAXI@Z
strlen
memmove
memcpy
wcslen
sprintf
free
malloc
memset
mbtowc
__set_app_type
__p__fmode
_initterm
_wcmdln
_XcptFilter
_exit
_cexit
__wgetmainargs
iswctype
_onexit
_lock
__dllonexit
_unlock
abs
localeconv
longjmp
strcoll
strcat
_except_handler3

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

urlmon

ObtainUserAgentString
UrlMkSetSessionOption

wininet

HttpQueryInfoW
InternetOpenW
InternetSetOptionW
InternetConnectW
HttpOpenRequestW
InternetOpenUrlW
InternetReadFile
InternetCrackUrlW
InternetCloseHandle

shlwapi

PathIsDirectoryW

kernel32

SystemTimeToFileTime
VirtualFree
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
OutputDebugStringA
GetModuleFileNameA
GetVersion
GetSystemInfo
VirtualAlloc
VirtualProtect
GetFullPathNameW
GetExitCodeProcess
CreateProcessW
lstrcmpW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
HeapFree
lstrcpyW
GetProcessHeap
HeapAlloc
SetEndOfFile
lstrcpynA
LockResource
SetCurrentDirectoryW
FlushInstructionCache
GetCurrentThreadId
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
lstrcmpiW
RaiseException
TerminateProcess
OpenProcess
GetCurrentProcess
GetVersionExW
RemoveDirectoryW
FindClose
FindNextFileW
SetFileAttributesW
FindFirstFileW
GetTempPathW
LocalFree
LocalAlloc
GetModuleFileNameW
VirtualQuery
GetCommandLineW
GetLastError
SetFileTime
WriteFile
CreateDirectoryW
LocalFileTimeToFileTime
GetCurrentDirectoryW
ReadFile
WideCharToMultiByte
FormatMessageA
FreeLibrary
LoadLibraryA
GetProcAddress
GetModuleHandleA
SetFilePointer
CreateFileW
DeleteFileW
GetFileAttributesW
OutputDebugStringW
DebugBreak
Sleep
GetExitCodeThread
CreateThread
CloseHandle
WaitForSingleObject
GetTickCount
lstrlenA
MultiByteToWideChar
lstrlenW
InterlockedIncrement
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection

user32

GetWindowTextLengthW
GetWindowTextW
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
GetDlgItem
GetClassNameW
GetSysColor
RedrawWindow
GetClassInfoExW
CreateWindowExW
RegisterWindowMessageW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture
ReleaseCapture
FillRect
InvalidateRgn
CallWindowProcW
InvalidateRect
GetDC
ReleaseDC
DestroyAcceleratorTable
DefWindowProcW
LoadCursorW
IsWindowVisible
CreateAcceleratorTableW
RegisterClassExW
SetWindowTextW
EndDialog
SetRect
GetKeyState
ShowWindow
SetParent
MessageBoxA
PostQuitMessage
MessageBoxW
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
MapWindowPoints
SetWindowPos
LoadIconW
PostMessageW
SetWindowLongW
CreateDialogIndirectParamW
DestroyWindow
IsWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetDesktopWindow
UpdateWindow
SendMessageW
FindWindowExW
GetClientRect
wsprintfW
CharNextW
wvsprintfW
LoadStringW
CharLowerW
KillTimer
SetTimer
UnregisterClassA

gdi32

GetDeviceCaps
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
BitBlt
DeleteDC
GetStockObject
GetObjectW

advapi32

RegDeleteValueA
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegDeleteKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumValueA
RegEnumKeyExA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA

shell32

SHGetFolderPathW
ShellExecuteW

ole32

CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleLockRunning
StringFromGUID2
OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree

oleaut32

LoadRegTypeLi
SysAllocString
VarUI4FromStr
SysFreeString
VariantClear
DispCallFunc
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocStringLen
OleCreateFontIndirect
SysStringLen
LoadTypeLi
SafeArrayCreateVector
VarBstrCmp
VariantChangeType
SysAllocStringByteLen
VariantInit
SysStringByteLen

Sections

.text
Size: 225KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

ATL
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49aaa276f47796e0cd19da0f46bb0034

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

version

urlmon

wininet

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 225KB - Virtual size: 225KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 3KB

ATL Size: 512B - Virtual size: 8B

.rsrc Size: 380KB - Virtual size: 380KB

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 225KB - Virtual size: 225KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 3KB

ATL
Size: 512B - Virtual size: 8B

.rsrc
Size: 380KB - Virtual size: 380KB

.reloc
Size: 12KB - Virtual size: 12KB