0d0ac65fc43622caf9d9ff0bc5367a63_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

0d0ac65fc43622caf9d9ff0bc5367a63_JaffaCakes118
Size

572KB
MD5

0d0ac65fc43622caf9d9ff0bc5367a63
SHA1

cb9abd5495b90b1647dc2bc5613f200a9789c040
SHA256

48f94c397f0262bfca0f5da61c508a2c6ffd5ef7307e8fa9c79271e6615dc5fc
SHA512

10ec0a6affb6403acf5bd31a545601048ae0472a0b098bc071a0565b6f5bc735b5ab1c3727de7de3dcbe4d0ff77eed438ed98dce3d69e22ad27081aafb2fb26f
SSDEEP

6144:VJVAfqX+2Rr+nxQDBO03fHEera3bpt5eHV:VvAfLfaEkAz56

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
0d0ac65fc43622caf9d9ff0bc5367a63_JaffaCakes118

Files

0d0ac65fc43622caf9d9ff0bc5367a63_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9a30e75c82eff20dfe0e0897d34cb07c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
lstrcmpA
InitializeCriticalSectionAndSpinCount
CompareFileTime
VerLanguageNameW
VerLanguageNameA

ole32

OleUninitialize
OleInitialize
OleFlushClipboard
HICON_UserUnmarshal
CreateStdProgressIndicator
ReadClassStm
OleCreateFromFile
OleCreateEx
HICON_UserMarshal

oleacc

CreateStdAccessibleProxyW
AccessibleObjectFromPoint
WindowFromAccessibleObject
AccessibleObjectFromEvent
AccessibleChildren
LresultFromObject
GetRoleTextW
LIBID_Accessibility
DllCanUnloadNow

shlwapi

IsCharSpaceA
StrFormatByteSizeA
StrCmpLogicalW
SHRegCloseUSKey
SHRegGetPathW

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
GetClipboardSequenceNumber
EnumDisplaySettingsExA
CreateAcceleratorTableA
DdeCreateDataHandle
CreateDesktopA
MB_GetString

winmm

midiInUnprepareHeader
waveOutClose
midiInGetDevCapsW
mmGetCurrentTask
mciGetErrorStringA
WOWAppExit
joyGetDevCapsA
midiOutGetNumDevs
mixerGetLineInfoW

shell32

IsLFNDrive
DAD_DragEnterEx2
IsLFNDriveW
ExtractIconExW
SHSimpleIDListFromPath
Shell_NotifyIconA
SHShellFolderView_Message

gdiplus

GdipCreateFromHWND
GdipGetLineBlend
GdipSetAdjustableArrowCapFillState
GdipSetPathGradientTransform
GdipDrawClosedCurve2I
GdipDrawRectangleI
GdipGetPenUnit
GdipGetDpiY

msimg32

vSetDdrawflag
AlphaBlend
TransparentBlt

winspool.drv

AddFormA
DeletePrintProvidorW
FindClosePrinterChangeNotification
GetPrinterDataA
QuerySpoolMode
GetPrinterDriverDirectoryA
AdvancedDocumentPropertiesW
DeletePortA
DeletePrinterKeyW
AddPrinterDriverExA
DeletePrintProcessorA
WritePrinter
AddPrintProcessorA
AddPrintProvidorW

comdlg32

PrintDlgExA
ChooseFontA
dwOKSubclass
FindTextW
GetFileTitleW
GetSaveFileNameA
LoadAlterBitmap

oledlg

OleUIBusyW
OleUICanConvertOrActivateAs
OleUIUpdateLinksW
OleUIConvertW
OleUIChangeIconW
OleUIInsertObjectA

gdi32

ExtSelectClipRgn
STROBJ_bEnum
GetCharABCWidthsI
DdEntry32
RealizePalette
SetRectRgn
GetCharacterPlacementW
EngComputeGlyphSet
GetTextAlign

imagehlp

RemoveRelocations
SymFromAddr
SymUnloadModule64
SymGetModuleBase64
SymLoadModule
SymFindFileInPath
SymLoadModule64
SymGetSymPrev
ImageEnumerateCertificates

oleaut32

VarCyNeg
VarUI2FromR8
CreateDispTypeInfo
VariantCopyInd
VarI1FromUI1
GetRecordInfoFromGuids
VarTokenizeFormatString
VarBstrFromCy
LPSAFEARRAY_Size
OleLoadPictureFileEx

comctl32

ImageList_SetIconSize
DrawStatusTextW
ImageList_GetImageInfo
FlatSB_SetScrollProp
CreateToolbarEx
FlatSB_EnableScrollBar
DPA_DestroyCallback
ShowHideMenuCtl

version

GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
VerFindFileW
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

WmiQueryAllDataMultipleA
SetEntriesInAuditListA
AccessCheckByTypeResultList
FlushTraceA
OpenEncryptedFileRawA
LsaICLookupNames
ReportEventW
MD5Init
LsaSetSystemAccessAccount

Exports

Exports

CreatePaint

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 647B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eebc
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jgmo
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a30e75c82eff20dfe0e0897d34cb07c

Headers

File Characteristics

Imports

kernel32

ole32

oleacc

shlwapi

user32

winmm

shell32

gdiplus

msimg32

winspool.drv

comdlg32

oledlg

gdi32

imagehlp

oleaut32

comctl32

version

advapi32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 187KB

.data Size: 512B - Virtual size: 112B

.data Size: 512B - Virtual size: 4KB

.data Size: 1024B - Virtual size: 647B

.rdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 72KB - Virtual size: 71KB

.eebc Size: 296KB - Virtual size: 296KB

.jgmo Size: 8KB - Virtual size: 8KB

.text
Size: 188KB - Virtual size: 187KB

.data
Size: 512B - Virtual size: 112B

.data
Size: 512B - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 647B

.rdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 72KB - Virtual size: 71KB

.eebc
Size: 296KB - Virtual size: 296KB

.jgmo
Size: 8KB - Virtual size: 8KB