JaffaCakes118_4703e89c0ec5ce23bbafe0d495ef6020

Sharing

Copy URL

Twitter E-mail

General

Target

JaffaCakes118_4703e89c0ec5ce23bbafe0d495ef6020
Size

198KB
MD5

4703e89c0ec5ce23bbafe0d495ef6020
SHA1

7ca4c5ba768ef8a617acf0e5691ddc4312649232
SHA256

4cb383c189fe2400fe074f104d109ba2db8f76b0e0d3833fa033649f726d9a7c
SHA512

51667038eca90cb221fd2a28e23b58907b35ab506b1ca7b8b056631af4a6f3f74c3eb4fa7b1d06d7f3c726bde1c9e387a4392cb564ee36e41a043d599b06143c
SSDEEP

3072:kiULt2ABkPm97ff1+jUks+zzvm089iBkGRq0j27QxjUVEDm:It2EkPm97f9+jDzC0UiBkfQUVd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
JaffaCakes118_4703e89c0ec5ce23bbafe0d495ef6020

Files

JaffaCakes118_4703e89c0ec5ce23bbafe0d495ef6020
.exe windows:4 windows x86 arch:x86

243530e35f55b6aca0e79b08305a9ad0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord860
ord2822
ord927
ord2606
ord925
ord535
ord940
ord942
ord858
ord2910
ord5568
ord861
ord538
ord540
ord2810
ord800
ord823
ord825

msvcrt

wcslen
wcsncpy
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
memset
free
malloc
_wcsicmp
wcstoul
wcscpy
wcscmp
memcmp
_wtol
_wcsnicmp
wcsspn
wcscspn
_ftol
_wtoi
__CxxFrameHandler
strstr
sprintf
strlen
strcmp
memcpy
_initterm
_controlfp
__getmainargs
isspace
isalnum
_wcsdup
rand
iswdigit
strcpy
_acmdln
exit
_XcptFilter
strcat
strrchr
strncpy
__dllonexit
_onexit
_exit

kernel32

CreateThread
CloseHandle
MultiByteToWideChar
GetLastError
CreateFileW
WriteFile
GetTempFileNameW
GetTempPathW
WaitForSingleObject
CreateProcessW
OpenEventW
GetEnvironmentVariableW
CreateFileMappingW
CreateEventW
SetEvent
MapViewOfFile
UnmapViewOfFile
lstrlenA
lstrlenW
GetStartupInfoA
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
CreateFileA
DeviceIoControl
GetFileSize
DebugBreak
InterlockedDecrement
GetModuleFileNameW
OutputDebugStringW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CopyFileW
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
DeleteFileW
DeleteCriticalSection
HeapDestroy
InitializeCriticalSection
WideCharToMultiByte
GetVersionExW
GetTickCount
GetCurrentThreadId
LoadLibraryW
GetProcAddress
FreeLibrary
SetLastError
CreateMutexW
OpenFileMappingW
ResetEvent

user32

FindWindowW
CharNextW
RegisterClassExW
LoadCursorW
UpdateWindow
ShowWindow
CreateWindowExW
DispatchMessageW
TranslateMessage
GetMessageW
PostThreadMessageW
wvsprintfW
IsWindow
GetClassInfoExW
wsprintfW
CallWindowProcW
GetWindowLongW
SetWindowLongW
PostMessageW
SetTimer
SendMessageW
KillTimer
DestroyWindow
PostQuitMessage
DefWindowProcW

advapi32

RegOpenKeyExW
RegEnumValueA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteExW
SHGetFolderPathW

ole32

CoTaskMemFree
CoInitialize
CreateBindCtx
CoUninitialize
CoTaskMemAlloc

oleaut32

SysFreeString
SysAllocString

urlmon

RevokeBindStatusCallback
RegisterBindStatusCallback
CreateURLMoniker
URLDownloadToFileW

msvcp60

?find_first_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
?c_str@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEPBGXZ
?size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??Hstd@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
?length@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?empty@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE_NXZ
?length@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??A?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAGI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?find_last_not_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1_Winit@std@@QAE@XZ
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??A?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEABDI@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?data@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ

wintrust

WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

crypt32

CertGetNameStringW

wininet

HttpOpenRequestW
InternetOpenUrlW
InternetCrackUrlW
InternetOpenW
InternetConnectW
HttpSendRequestW
HttpQueryInfoW
InternetReadFile
InternetCloseHandle

shlwapi

StrStrIW
PathFileExistsW
StrCmpW
PathFindFileNameW
PathAppendW
PathRemoveFileSpecW

Sections

.text
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

243530e35f55b6aca0e79b08305a9ad0

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

advapi32

shell32

ole32

oleaut32

urlmon

msvcp60

wintrust

crypt32

wininet

shlwapi

Sections

.text Size: 72KB - Virtual size: 70KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 88KB - Virtual size: 88KB

.text
Size: 72KB - Virtual size: 70KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 88KB - Virtual size: 88KB