3c751e52376b57d700a24fe287d7528a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c751e52376b57d700a24fe287d7528a_JaffaCakes118
Size

566KB
MD5

3c751e52376b57d700a24fe287d7528a
SHA1

19ced353237cceea9b86e040fd6d99bf46214bb0
SHA256

69a43476dcaf11cd78f9b0b5e911c7421daec739c16b3fd8944577c6dd09c4a4
SHA512

ac21e7fdcbc1a20732ada6478c9de999b5f18eb95d8d808cad6bb40116c35a83b7bf18afdaf68175f0a76efd9de385b3fbeab054e5bf800b45354586c06d12e4
SSDEEP

12288:aHleWkwEF+Uu1KwYtK2DjQNR9Utm7xFAWgGL:aHsWkwc+t1KwYtKEsPUtm7rHbL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c751e52376b57d700a24fe287d7528a_JaffaCakes118

Files

3c751e52376b57d700a24fe287d7528a_JaffaCakes118
.exe windows:5 windows x86 arch:x86

315c33cfef0f58d050fe071d70dd168b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

mfc42u

ord4419
ord3592
ord4621
ord641
ord324
ord1761
ord4294
ord3087
ord1165
ord4704
ord2859
ord3658
ord3614
ord3621
ord755
ord2406
ord5871
ord2235
ord860
ord2854
ord470
ord6451
ord2371
ord3232
ord6278
ord6279
ord5852
ord5679
ord858
ord861
ord1594
ord1257
ord6138
ord5856
ord500
ord1930
ord4263
ord3290
ord6150
ord2522
ord4360
ord4051
ord5467
ord4116
ord2381
ord5080
ord1703
ord1708
ord6051
ord1768
ord5230
ord6365
ord5275
ord5058
ord5244
ord2436
ord807
ord3516
ord554
ord6060
ord2112
ord5879
ord4143
ord6142
ord4215
ord2576
ord3649
ord2430
ord6266
ord2858
ord4753
ord1637
ord1143
ord4273
ord5706
ord941
ord538
ord2755
ord2756
ord1868
ord266
ord2006
ord6391
ord5451
ord3293
ord4477
ord1773
ord2785
ord2950
ord2853
ord5648
ord5013
ord5100
ord4915
ord4997
ord4724
ord4663
ord4484
ord4339
ord4332
ord4641
ord5016
ord4486
ord4506
ord4956
ord971
ord2050
ord4639
ord2540
ord5504
ord5952
ord4032
ord3263
ord3348
ord4616
ord420
ord720
ord6325
ord4376
ord4382
ord2363
ord4487
ord5820
ord1722
ord4128
ord4292
ord2644
ord1662
ord1196
ord2066
ord3111
ord6398
ord6399
ord535
ord3517
ord616
ord5286
ord3397
ord2127
ord567
ord818
ord5092
ord6139
ord5977
ord2634
ord3739
ord2621
ord956
ord801
ord541
ord3871
ord5579
ord5682
ord1197
ord4199
ord1814
ord3999
ord4413
ord4953
ord4354
ord3359
ord335
ord649
ord4340
ord599
ord2719
ord1240
ord2722
ord2721
ord2539
ord421
ord2996
ord4598
ord819
ord5859
ord568
ord4124
ord3437
ord4315
ord6077
ord3810
ord1915
ord4689
ord5936
ord1995
ord5726
ord3943
ord2177
ord2176
ord4209
ord3102
ord5613
ord989
ord3440
ord3189
ord4156
ord6449
ord520
ord788
ord5192
ord1262
ord5906
ord4028
ord922
ord925
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord2293
ord2294
ord4050
ord2356
ord6330
ord1775
ord6237
ord5947
ord3093
ord815
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord5303
ord5710
ord3733
ord326
ord459
ord561
ord2550
ord4604
ord6350
ord1211
ord5496
ord2028
ord986
ord6133
ord5910
ord4154
ord2613
ord6113
ord1131
ord5712
ord5713
ord1202
ord2717
ord3756
ord2885
ord2447
ord4692
ord5285
ord1886
ord4249
ord2680
ord2002
ord3182
ord4599
ord5497
ord2986
ord3509
ord6340
ord5623
ord1003
ord3444
ord3782
ord3245
ord4691
ord6332
ord5573
ord3167
ord5650
ord4381
ord3449
ord3193
ord6171
ord3256
ord3275
ord4617
ord4424
ord748
ord456
ord1215
ord4854
ord4819
ord4950
ord4417
ord2394
ord5019
ord1984
ord3792
ord5492
ord5273
ord6323
ord640
ord2397
ord2548
ord1633
ord323
ord1258
ord4622
ord4651
ord3257
ord3076
ord3122
ord3611
ord5438
ord4401
ord5237
ord705
ord5861
ord406
ord6256
ord1971
ord6381
ord5180
ord5436
ord665
ord350
ord354
ord962
ord750
ord603
ord1985
ord1961
ord273
ord1255
ord1252
ord2247
ord5200
ord458
ord2007
ord4820
ord4855
ord4951
ord5084
ord3061
ord3055
ord4410
ord4994
ord5015
ord4485
ord4488
ord5728
ord4996
ord3876
ord3136
ord4910
ord4634
ord4511
ord5014
ord4944
ord2163
ord2429
ord1740
ord4270
ord3605
ord656
ord3870
ord1937
ord4268
ord4583
ord4335
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord5236
ord3743
ord1719
ord5256
ord4426
ord560
ord813
ord4884
ord4343
ord5070
ord4717
ord6037
ord3251
ord2970
ord4282
ord4458
ord3520
ord6089
ord5878
ord5046
ord1634
ord2081
ord1941
ord3523
ord6090
ord4029
ord4444
ord4679
ord1874
ord4245
ord2432
ord1687
ord5000
ord4464
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5471
ord3398
ord2874
ord2873
ord4149
ord4072
ord5233
ord5281
ord2641
ord1658
ord4430
ord5248
ord4421
ord747
ord733
ord439
ord450
ord436
ord736
ord4989
ord4331
ord5491
ord2096
ord4454
ord4141
ord5660
ord5652
ord3249
ord1863
ord5571
ord434
ord2386
ord6005
ord5956
ord353
ord4442
ord1834
ord4237
ord5468
ord5278
ord674
ord366
ord4451
ord4146
ord4407
ord5024
ord1233
ord4901
ord4584
ord4869
ord5848
ord3476
ord5640
ord2244
ord6228
ord6226
ord6144
ord2560
ord6264
ord6267
ord3220
ord3252
ord3907
ord2536
ord2535
ord2503
ord978
ord1724
ord5847
ord2878
ord2390
ord2410
ord6220
ord6222

msvcrt

?terminate@@YAXXZ
_onexit
_controlfp
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_ltoa
malloc
free
wcsrchr
wcschr
wcscat
wcslen
_wtol
_ftol
wcscpy
_ltow
_itow
_wcsupr
wcstok
swscanf
wcstod
_wcsicmp
_CxxThrowException
wcscmp
_wtoi
_fcvt
_EH_prolog
__CxxFrameHandler

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyW
RegQueryValueW
RegCloseKey
RegQueryValueExA

kernel32

ExitProcess
FindClose
GetVersionExW
LoadLibraryW
GetModuleHandleW
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
GetStartupInfoW
OpenFileMappingW
lstrcmpW
FindFirstFileW
SetCurrentDirectoryW
lstrcpyW
lstrcpynW
lstrcatW
LoadLibraryA
GetProcAddress
FreeLibrary
VirtualAlloc
VirtualFree
GetUserDefaultLCID
GetTickCount
lstrlenW
FindResourceW
LoadResource
LockResource
CreateFileMappingW
CloseHandle
FindNextFileW
GetWindowsDirectoryW
GetCurrentDirectoryW
DeleteFileW
GetFileAttributesW
GetTempFileNameW
GetTempPathW
MoveFileW
MulDiv
GetLocaleInfoW
CopyFileW
GetDiskFreeSpaceW
GlobalFree
GlobalUnlock
GlobalLock
GlobalSize
GlobalFlags
GetFullPathNameW

gdi32

SelectPalette
GetDeviceCaps
RealizePalette
CreatePalette
CreateMetaFileW
CreateFontIndirectW
SelectObject
DeleteObject
StretchDIBits
DeleteMetaFile
CreateRectRgnIndirect
GetObjectW
DeleteDC
BitBlt
SetBkColor
GetPixel
CreateBitmap
CreateCompatibleDC

user32

SetRect
ClientToScreen
IsClipboardFormatAvailable
GetDesktopWindow
GetKeyState
CloseClipboard
PeekMessageW
OpenClipboard
CheckMenuRadioItem
GetSysColor
GetSubMenu
CheckMenuItem
AppendMenuW
CreatePopupMenu
GetMenu
SetActiveWindow
ReleaseCapture
SetFocus
SetCapture
GetMenuItemID
GetMenuItemCount
EnableMenuItem
InSendMessage
SetForegroundWindow
LoadStringW
MessageBeep
SetTimer
KillTimer
BringWindowToTop
UpdateWindow
RegisterWindowMessageW
SetMenu
EnableWindow
DestroyMenu
IsWindow
GetCursorPos
LoadMenuW
CopyRect
SetCursor
LoadCursorW
GetWindowDC
GetWindowLongW
SetWindowLongW
AdjustWindowRect
GetSystemMetrics
GetSystemMenu
IsZoomed
SystemParametersInfoW
IsIconic
GetWindow
InvalidateRect
PtInRect
wsprintfW
EndPaint
BeginPaint
GetUpdateRect
GetClipboardData
LoadBitmapW
OffsetRect
GetDlgItem
ScreenToClient
GetDlgCtrlID
WinHelpW
GetDC
GetClientRect
ReleaseDC
GetActiveWindow
MessageBoxW
GetWindowRect
SetWindowPos
PostMessageW
SendMessageW
SetRectEmpty
IsRectEmpty
GetMenuState
RegisterClipboardFormatW
ModifyMenuW
DeleteMenu

oleaut32

SysStringLen
SysAllocString
OleCreateFontIndirect
SysFreeString
VariantCopy
VariantClear
SysAllocStringLen
VariantInit

ole32

StgCreateDocfile
CoGetMalloc
StgOpenStorage
OleCreate
WriteClassStg
OleSetClipboard
CLSIDFromProgID
CoCreateInstance

comdlg32

GetFileTitleW

shell32

ShellExecuteW
SHGetSpecialFolderLocation
DragFinish
DragQueryFileW
SHGetPathFromIDListW

imgcmn

?GetColor@CPagePropSheet@@QAEFXZ
?GetYRes@CPagePropSheet@@QAEJXZ
?GetXRes@CPagePropSheet@@QAEJXZ
?IsICMEnabled@@YGHXZ
?UpdateVersion@@YGJH@Z
??1CVariantHandler@@QAE@XZ
?GetShort@CVariantHandler@@QAEJAAFABFH@Z
?SetVariant@CVariantHandler@@QAEXABUtagVARIANT@@@Z
??0CVariantHandler@@QAE@XZ
?GetLong@CVariantHandler@@QAEJAAJABJH@Z
?GetBool@CVariantHandler@@QAEJAAHABHH@Z
??0CPagePropSheet@@QAE@PBGPAVCWnd@@@Z
??1CPagePropSheet@@UAE@XZ
?GetFileType@CPagePropSheet@@QAEFXZ
?GetCompOpts@CPagePropSheet@@QAEJXZ
?GetCompType@CPagePropSheet@@QAEFXZ
?GetHeight@CPagePropSheet@@QAEJXZ
?GetWidth@CPagePropSheet@@QAEJXZ
?AddFileTypePage@CPagePropSheet@@QAEXXZ
?SetDefaultResolution@CPagePropSheet@@QAEXJJ@Z
?SetDefaultColor@CPagePropSheet@@QAEXF@Z
?DoModal@CPagePropSheet@@UAEHXZ
?HidePal4@CPagePropSheet@@QAEXXZ
?SetDefaultCompOpts@CPagePropSheet@@QAEXJ@Z
?SetDefaultCompType@CPagePropSheet@@QAEXF@Z
?AddCompressionPage@CPagePropSheet@@QAEXXZ
?SetDefaultFileType@CPagePropSheet@@QAEXF@Z
?AddSizePage@CPagePropSheet@@QAEXXZ
?AddResolutionPage@CPagePropSheet@@QAEXXZ
?AddColorPage@CPagePropSheet@@QAEXXZ

Exports

Exports

??_FCPagePropSheet@@QAEXXZ

Sections

.text
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 259KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gdata
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

315c33cfef0f58d050fe071d70dd168b

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

oleaut32

ole32

comdlg32

shell32

imgcmn

Exports

Exports

Sections

.text Size: 244KB - Virtual size: 243KB

.data Size: 5KB - Virtual size: 5KB

.rsrc Size: 259KB - Virtual size: 259KB

.gdata Size: 56KB - Virtual size: 56KB

.text
Size: 244KB - Virtual size: 243KB

.data
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 259KB - Virtual size: 259KB

.gdata
Size: 56KB - Virtual size: 56KB