3b0d8055be7c61c04e43825942f8a1a6_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

3b0d8055be7c61c04e43825942f8a1a6_JaffaCakes118
Size

532KB
MD5

3b0d8055be7c61c04e43825942f8a1a6
SHA1

909e3a7cd000be3fc62ea1f37d2ae5e1769c2150
SHA256

33fe29556c4d3174aa546cf5391982b192e7863651b9c3cdddc17e193edefaa8
SHA512

a5f8236a9e61158a47670e779500a19ba3b2e5020bb8ec1a765a22799980c045e42307bab041af1d2d4740312e545668e63f817421a108a1f3a39aa1080fc70e
SSDEEP

12288:WKyToFEbQlzoWB5twXV2TXpkaNlRd3/pFjd8m5DVoP:WKyTiEczoWi4VJ8+DVoP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3b0d8055be7c61c04e43825942f8a1a6_JaffaCakes118

Files

3b0d8055be7c61c04e43825942f8a1a6_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1215080f07d0df9c2abbcfe1eea085ee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

SHGetSpecialFolderPathA
ShellExecuteA

wininet

HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCloseHandle
InternetConnectA
InternetOpenA

iphlpapi

GetAdaptersInfo

mfc71

ord5491
ord4081
ord3830
ord2168
ord6090
ord6065
ord5089
ord384
ord3204
ord1084
ord3684
ord3596
ord4118
ord2719
ord6120
ord5915
ord1402
ord5073
ord6275
ord5214
ord760
ord572
ord589
ord4078
ord6037
ord330
ord3989
ord3401
ord1279
ord5637
ord602
ord347
ord1929
ord2263
ord3641
ord3441
ord709
ord501
ord4648
ord4394
ord4692
ord5203
ord1966
ord2020
ord605
ord356
ord354
ord4115
ord4580
ord1968
ord1425
ord5731
ord3835
ord865
ord577
ord774
ord293
ord2131
ord1482
ord1263
ord1930
ord280
ord287
ord783
ord2130
ord300
ord6020
ord6018
ord2654
ord3952
ord4085
ord5710
ord2451
ord1486
ord2264
ord2346
ord3287
ord3163
ord4100
ord2094
ord3244
ord1955
ord3174
ord747
ord559
ord3255
ord758
ord567
ord5640
ord5641
ord2075
ord2234
ord1580
ord2233
ord5642
ord5727
ord5331
ord6297
ord5320
ord6286
ord908
ord1916
ord3423
ord2160
ord1545
ord1377
ord2086
ord4232
ord2991
ord3164
ord587
ord5833
ord6172
ord6178
ord4125
ord2095
ord1591
ord4240
ord3317
ord741
ord1397
ord6266
ord1933
ord1484
ord4099
ord2091
ord1570
ord4237
ord3229
ord657
ord1931
ord1483
ord4098
ord2089
ord1547
ord4234
ord3171
ord591
ord1554
ord3195
ord620
ord1587
ord3307
ord731
ord1550
ord3178
ord599
ord1576
ord1575
ord3249
ord671
ord1652
ord1596
ord2985
ord3326
ord6173
ord2097
ord1649
ord1593
ord4242
ord3319
ord743
ord2092
ord1641
ord1571
ord4238
ord2958
ord3230
ord658
ord1654
ord1598
ord2987
ord3328
ord754
ord1638
ord1559
ord3215
ord643
ord1647
ord1589
ord3315
ord739
ord1646
ord1588
ord3312
ord736
ord1643
ord1581
ord3292
ord715
ord2090
ord1637
ord1558
ord4236
ord3214
ord642
ord2098
ord1650
ord1594
ord4243
ord2983
ord3324
ord748
ord1635
ord1543
ord3157
ord583
ord1645
ord1586
ord3304
ord730
ord1644
ord1584
ord3298
ord1636
ord1548
ord3172
ord592
ord1639
ord1568
ord3227
ord656
ord1640
ord1569
ord3228
ord2370
ord1395
ord2794
ord5613
ord2328
ord1265
ord777
ord2327
ord4032
ord282
ord2932
ord1264
ord2594
ord4036
ord4037
ord4033
ord4034
ord2319
ord1260
ord259
ord1283
ord2371
ord6017
ord1971
ord2938
ord4109
ord1092
ord3233
ord423
ord660
ord4063
ord866
ord5466
ord1979
ord3454
ord3348
ord2074
ord3474
ord2802
ord3563
ord5658
ord5991
ord4761
ord5994
ord3406
ord3430
ord3488
ord4001
ord4123
ord502
ord5647
ord5059
ord3551
ord3139
ord3571
ord3676
ord3583
ord3680
ord3587
ord3799
ord2876
ord3651
ord3302
ord5634
ord326
ord2882
ord2873
ord5746
ord2495
ord4104
ord5871
ord3473
ord3574
ord3437
ord2272
ord1054
ord1101
ord1262
ord2468
ord2248
ord5403
ord2469
ord566
ord757
ord3333
ord4261
ord4481
ord2838
ord5566
ord5213
ord5230
ord4568
ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord3683
ord4541
ord2164
ord3762
ord3761
ord3934
ord911
ord383
ord781
ord6288
ord1439
ord629
ord4035
ord6067
ord1903
ord2372
ord2933
ord299
ord6118
ord1489
ord297
ord784
ord2321
ord4262
ord4486
ord3949
ord2644
ord3709
ord3719
ord3718
ord2533
ord2646
ord2540
ord2862
ord2714
ord4307
ord2835
ord2731
ord2537
ord5200
ord1599
ord1655
ord1656
ord1964
ord5175
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4282
ord4722
ord3403
ord4185
ord1908
ord5152
ord4244
ord1401
ord3946
ord1617
ord1620
ord5912
ord1551
ord1670
ord1671
ord4890
ord4735
ord4212
ord5182
ord304
ord2322
ord3397
ord651
ord416
ord310
ord578
ord2367
ord2902
ord876
ord1063
ord1280
ord3161
ord2368
ord1934
ord3210
ord1564
ord265
ord764
ord762
ord1187
ord1191
ord266
ord752
ord1207

msvcr71

_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
__security_error_handler
??1type_info@@UAE@XZ
memset
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
strtol
_mbslen
_mbsicmp
_amsg_exit
__getmainargs
vsprintf
_vscprintf
vswprintf
_vscwprintf
sprintf
_mbsnbcpy
atoi
strtoul
_time64
wcslen
_localtime64
_mbscmp
_mbslwr
__RTDynamicCast
_except_handler3
memmove
_purecall
_CxxThrowException
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
??1exception@@UAE@XZ
malloc
fopen
fgets
fclose
__CxxFrameHandler
free
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
?terminate@@YAXXZ
_wcsdup
_setmbcp
_controlfp

kernel32

SetWaitableTimer
WaitForMultipleObjects
ResumeThread
ResetEvent
GetCurrentProcess
CreateWaitableTimerA
LocalFree
lstrlenA
lstrcpyA
CreateEventA
CreateThread
WaitForSingleObject
InterlockedDecrement
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetEvent
OpenProcess
SetPriorityClass
CloseHandle
GetCurrentProcessId
GetSystemTimeAsFileTime
GlobalAlloc
GlobalFree
MulDiv
GlobalUnlock
GlobalLock
LockResource
FreeResource
SizeofResource
LoadResource
FindResourceA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
RaiseException
GetLastError
lstrcmpiA
lstrlenW
CreateDirectoryA
GetModuleFileNameA
GetModuleHandleA
GetVolumeInformationA
TerminateThread
CreateProcessA
TerminateProcess
GetCommandLineA
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedIncrement
CreateFileA
GetCurrentThreadId
lstrcpynA
lstrcmpA
FindResourceExA
WriteProcessMemory
VirtualProtect
SetLastError
FindResourceW
FindResourceExW
GetPrivateProfileStringA
ExitProcess
GetStartupInfoA
QueryPerformanceCounter
GetTickCount

user32

LoadBitmapW
LoadIconA
LoadIconW
LoadStringW
LoadCursorW
LoadImageA
LoadImageW
WindowFromPoint
GetSubMenu
SetRect
CreatePopupMenu
AppendMenuA
EnableMenuItem
SetMenuDefaultItem
GetMenuItemID
IsIconic
IsZoomed
IsRectEmpty
DestroyMenu
CallWindowProcA
MapWindowPoints
SetTimer
KillTimer
SetScrollPos
EnableScrollBar
SetFocus
LoadMenuA
DestroyCursor
SetParent
GetComboBoxInfo
GetSystemMetrics
ReleaseCapture
LoadCursorA
SetCapture
SetCursor
UnhookWindowsHookEx
SystemParametersInfoA
UpdateWindow
GetCapture
GetMenuItemRect
UnionRect
TrackPopupMenuEx
TrackPopupMenu
FrameRect
SetMenuItemInfoA
SetMenuItemBitmaps
GetMenuItemInfoA
GetMenuDefaultItem
OffsetRect
InflateRect
GetMenuItemCount
GetMenuState
IsMenu
InsertMenuItemA
GetWindowTextA
SetWindowsHookExA
GetKeyboardState
SetKeyboardState
CallNextHookEx
GetDlgCtrlID
PostMessageA
IsWindowVisible
GetKeyState
IsWindowEnabled
GetActiveWindow
CopyImage
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
GetDesktopWindow
DestroyIcon
FindWindowExA
IsWindow
GetCursorPos
GetWindow
GetClassNameA
SetWindowRgn
PtInRect
GetSystemMenu
DrawStateA
CopyRect
ClientToScreen
ScreenToClient
ValidateRect
GetClientRect
DrawTextA
GetWindowRect
ShowWindow
RedrawWindow
LoadStringA
EnableWindow
PostThreadMessageA
GetSysColor
InvalidateRect
RegisterClassExA
CreateWindowExA
GetParent
SetWindowLongA
GetWindowLongA
BeginPaint
EndPaint
FillRect
GetDC
SendMessageA
LoadBitmapA
GetWindowDC
ReleaseDC
SetWindowPos
PeekMessageA
TranslateMessage
DispatchMessageA
GetWindowThreadProcessId
DrawFocusRect
GetAsyncKeyState
SetRectEmpty

gdi32

CreateFontIndirectA
GetDeviceCaps
CreateSolidBrush
GetObjectA
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
StretchBlt
DeleteDC
SetPixel
GetStockObject
GetTextColor
CreateFontA
GetTextMetricsA
CreateRectRgnIndirect
ExtCreatePen
PatBlt
TextOutA
SetTextColor
SetBkMode
SetBkColor
GetBkMode
GetBkColor
GetDIBits
SetMapMode
GetMapMode
CreateBitmap
DPtoLP
SetStretchBltMode
CreateRectRgn
GetTextExtentPoint32A
CreateEllipticRgn
CreateDIBitmap
LineTo
CreatePen
MoveToEx
CreateBrushIndirect
Rectangle
GetPixel
SetBitmapBits
DeleteObject
GetBitmapBits
CombineRgn

msimg32

AlphaBlend

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA

comctl32

ImageList_AddMasked
ord17
ImageList_GetIconSize
ImageList_Draw
ImageList_DrawEx
ImageList_GetImageInfo
_TrackMouseEvent
ImageList_GetImageCount
ImageList_GetIcon

shlwapi

PathFileExistsA
PathAppendA

ole32

OleRun
CoInitialize
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CoInitializeEx

oleaut32

SafeArrayLock
VariantInit
SysAllocString
VariantClear
SysAllocStringLen
SafeArrayDestroy
SafeArrayUnlock
SysFreeString
SafeArrayGetLBound
SafeArrayGetUBound
VariantChangeType
VariantCopy
SysStringLen
OleLoadPicture
SysStringByteLen
SysAllocStringByteLen

msvcp71

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIABV12@I@Z

imagehlp

ImageDirectoryEntryToData

Sections

.text
Size: 392KB - Virtual size: 388KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 541B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1215080f07d0df9c2abbcfe1eea085ee

Headers

File Characteristics

Imports

shell32

wininet

iphlpapi

mfc71

msvcr71

kernel32

user32

gdi32

msimg32

advapi32

comctl32

shlwapi

ole32

oleaut32

msvcp71

imagehlp

Sections

.text Size: 392KB - Virtual size: 388KB

.rdata Size: 104KB - Virtual size: 103KB

.data Size: 8KB - Virtual size: 10KB

.tls Size: 4KB - Virtual size: 541B

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 392KB - Virtual size: 388KB

.rdata
Size: 104KB - Virtual size: 103KB

.data
Size: 8KB - Virtual size: 10KB

.tls
Size: 4KB - Virtual size: 541B

.rsrc
Size: 20KB - Virtual size: 19KB