fe84a45b4db8251b9b10690cc8d222d2_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

fe84a45b4db8251b9b10690cc8d222d2_JaffaCakes118
Size

1.0MB
MD5

fe84a45b4db8251b9b10690cc8d222d2
SHA1

2a84da29f6e8b9db2b402049ff60ecc35f664670
SHA256

e2efc3b623e0d652ba97969fe3e6d34e5206307d30f0d8a8c95a49f425c24997
SHA512

df3391235eb107338945254a491f5ebe45a91abe10420ed31d5bdba50203ca80b6bd4399c9c1bf7e3b64fec011512365cb67a2ad46f7cd4be7b2965f7527e504
SSDEEP

12288:QL4m1HQandrA1u15OAN271HpcP2wRyjOfWUgfNFT4ndrA1t+5OAN2f7aaIt+j70C:EFndkUjeK3u5fYndkYj5adjT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fe84a45b4db8251b9b10690cc8d222d2_JaffaCakes118

Files

fe84a45b4db8251b9b10690cc8d222d2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

9f94b23bd6de67945077caf592f71298

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_ReplaceIcon
_TrackMouseEvent
ImageList_AddMasked

gdi32

GetTextExtentPoint32A
DeleteObject
DeleteDC
SetTextColor
SetBkColor
StretchBlt
CreateBitmap
CreateFontIndirectA
GetObjectA
GetStockObject
FrameRgn
FillRgn
CreateSolidBrush
CombineRgn
CreateRectRgn
CreatePolygonRgn
CreateRoundRectRgn
CreateCompatibleDC
SelectObject
BitBlt
CreateCompatibleBitmap

kernel32

GetModuleHandleA
GetVersion
GetWindowsDirectoryA
GetQueuedCompletionStatus
CreateIoCompletionPort
GetSystemInfo
PostQueuedCompletionStatus
TerminateThread
WaitForSingleObject
GetLastError
WritePrivateProfileStringA
GetPrivateProfileStringA
GetFileAttributesA
LoadLibraryA
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GlobalFree
GlobalAlloc
CloseHandle
lstrcpy
CreateThread
GetCurrentDirectoryA
GetStartupInfoA

mfc42

ord858
ord537
ord535
ord2818
ord6334
ord939
ord941
ord4710
ord690
ord1988
ord4224
ord5207
ord389
ord3874
ord3092
ord1679
ord4396
ord3370
ord3640
ord693
ord2358
ord2292
ord2301
ord2363
ord3996
ord6111
ord2642
ord6907
ord6007
ord3998
ord6675
ord3286
ord3301
ord1175
ord3571
ord3619
ord4275
ord1641
ord1146
ord640
ord2405
ord5785
ord1640
ord323
ord2379
ord5875
ord4123
ord755
ord470
ord1168
ord3721
ord6197
ord2859
ord6453
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord561
ord815
ord797
ord686
ord2621
ord1134
ord4853
ord1679
ord4396
ord3723
ord6199
ord2118
ord6146
ord5885
ord5710
ord2763
ord4160
ord3289
ord5655
ord4163
ord6625
ord823
ord2915
ord1679
ord1679
ord3654
ord2438
ord2648
ord2863
ord1644
ord6215
ord2645
ord3706
ord4234
ord5787
ord1200
ord6143
ord4129
ord801
ord541
ord384
ord2289
ord6888
ord2764
ord2862
ord2096
ord354
ord665
ord940
ord4243
ord6403
ord5572
ord6242
ord1929
ord2860
ord3797
ord3089
ord1679
ord4396
ord3729
ord804
ord4267
ord6379
ord6785
ord2086
ord1871
ord2864
ord3295
ord6154
ord2530
ord4366
ord2876
ord5471
ord4121
ord2389
ord5086
ord1710
ord1715
ord5234
ord6369
ord5279
ord5064
ord5248
ord2444
ord3730
ord554
ord807
ord4268
ord2452
ord2453
ord6605
ord5440
ord6383
ord5450
ord6394
ord6648
ord3742
ord818
ord1233
ord2841
ord2152
ord3573
ord2380
ord2107
ord4284
ord6696
ord2820
ord3811
ord4441
ord4837
ord3798
ord5290
ord4353
ord6374
ord5163
ord2385
ord258
ord4398
ord1776
ord2876
ord1016
ord1679
ord1679
ord1016
ord1679
ord3597
ord4425
ord5280
ord4407
ord1775
ord6052
ord2514
ord2302
ord2370
ord825
ord2414
ord795
ord3663
ord3626
ord324
ord567
ord540
ord860
ord641
ord616
ord800
ord3582
ord4424
ord4627
ord1011
ord1016
ord2876
ord2876
ord3830
ord3402
ord2976
ord3081
ord2985
ord3262
ord3136
ord1776
ord1016
ord1016
ord1016
ord258
ord2124
ord2446
ord5261
ord1727
ord5065
ord1016
ord6376
ord2055
ord1679
ord4376
ord6270
ord258
ord1576

msvcrt

_setmbcp
__CxxFrameHandler
_mbscmp
atoi
_except_handler3
fclose
fopen
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp

shell32

ShellExecuteA
Shell_NotifyIcon

user32

IsWindow
TrackPopupMenu
SetMenuDefaultItem
DrawIconEx
SetWindowRgn
WindowFromPoint
RedrawWindow
GetIconInfo
SetWindowLongA
GetWindowLongA
InvalidateRect
EnableWindow
SendMessageA
MessageBeep
LoadCursorA
GetSysColor
SystemParametersInfoA
SetForegroundWindow
IsWindowVisible
LoadMenuA
GetSubMenu
GetCursorPos
IsIconic
GetSystemMetrics
DrawIcon
wvsprintfA
LoadIconA
GetDC
wsprintfA
LoadImageA
CopyIcon
InflateRect
SetCursor
ReleaseDC
KillTimer
SetTimer
GetClientRect

ws2_32

gethostbyname
gethostname
WSAStartup
WSAIoctl
setsockopt
inet_ntoa
WSASend
closesocket
shutdown
WSACleanup
listen
bind
htons
htonl
WSASocketA
WSAGetLastError
WSARecv
getpeername
WSAAccept

comdlg32

GetSaveFileNameA

Sections

.text
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 304KB - Virtual size: 304KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mackt
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

vtpfjbk
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9f94b23bd6de67945077caf592f71298

Headers

File Characteristics

Imports

comctl32

gdi32

kernel32

mfc42

msvcrt

shell32

user32

ws2_32

comdlg32

Sections

.text Size: 352KB - Virtual size: 352KB

.rdata Size: 304KB - Virtual size: 304KB

.mackt Size: 8KB - Virtual size: 8KB

.rsrc Size: 288KB - Virtual size: 288KB

vtpfjbk Size: 72KB - Virtual size: 72KB

.text
Size: 352KB - Virtual size: 352KB

.rdata
Size: 304KB - Virtual size: 304KB

.mackt
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 288KB - Virtual size: 288KB

vtpfjbk
Size: 72KB - Virtual size: 72KB