4c547b4adf04d0e549206e26e617ad21_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4c547b4adf04d0e549206e26e617ad21_JaffaCakes118
Size

572KB
MD5

4c547b4adf04d0e549206e26e617ad21
SHA1

65ae8cf4fe12e708fcddac4ccbe0ea0ad504d388
SHA256

5e3dbb095a3ffb5428124921e0878c7dd1eba5a92ae1ae93625c3e569eb0b999
SHA512

2af87705487cff6fe1c0d90b256624530a6aa844bc39e119086a3d58416bd24ccfa31e46dfee8d4f1dad7fb19f31fcc09cdca438e440687cae3a076d6959a233
SSDEEP

6144:VJVAfqX+2Rr+nxQDBO03fHEera3bpt5eHd:VvAfLfaEkAz5+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
4c547b4adf04d0e549206e26e617ad21_JaffaCakes118

Files

4c547b4adf04d0e549206e26e617ad21_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9a30e75c82eff20dfe0e0897d34cb07c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
lstrcmpA
InitializeCriticalSectionAndSpinCount
CompareFileTime
VerLanguageNameW
VerLanguageNameA

ole32

OleUninitialize
OleInitialize
OleFlushClipboard
HICON_UserUnmarshal
CreateStdProgressIndicator
ReadClassStm
OleCreateFromFile
OleCreateEx
HICON_UserMarshal

oleacc

CreateStdAccessibleProxyW
AccessibleObjectFromPoint
WindowFromAccessibleObject
AccessibleObjectFromEvent
AccessibleChildren
LresultFromObject
GetRoleTextW
LIBID_Accessibility
DllCanUnloadNow

shlwapi

IsCharSpaceA
StrFormatByteSizeA
StrCmpLogicalW
SHRegCloseUSKey
SHRegGetPathW

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
GetClipboardSequenceNumber
EnumDisplaySettingsExA
CreateAcceleratorTableA
DdeCreateDataHandle
CreateDesktopA
MB_GetString

winmm

midiInUnprepareHeader
waveOutClose
midiInGetDevCapsW
mmGetCurrentTask
mciGetErrorStringA
WOWAppExit
joyGetDevCapsA
midiOutGetNumDevs
mixerGetLineInfoW

shell32

IsLFNDrive
DAD_DragEnterEx2
IsLFNDriveW
ExtractIconExW
SHSimpleIDListFromPath
Shell_NotifyIconA
SHShellFolderView_Message

gdiplus

GdipCreateFromHWND
GdipGetLineBlend
GdipSetAdjustableArrowCapFillState
GdipSetPathGradientTransform
GdipDrawClosedCurve2I
GdipDrawRectangleI
GdipGetPenUnit
GdipGetDpiY

msimg32

vSetDdrawflag
AlphaBlend
TransparentBlt

winspool.drv

AddFormA
DeletePrintProvidorW
FindClosePrinterChangeNotification
GetPrinterDataA
QuerySpoolMode
GetPrinterDriverDirectoryA
AdvancedDocumentPropertiesW
DeletePortA
DeletePrinterKeyW
AddPrinterDriverExA
DeletePrintProcessorA
WritePrinter
AddPrintProcessorA
AddPrintProvidorW

comdlg32

PrintDlgExA
ChooseFontA
dwOKSubclass
FindTextW
GetFileTitleW
GetSaveFileNameA
LoadAlterBitmap

oledlg

OleUIBusyW
OleUICanConvertOrActivateAs
OleUIUpdateLinksW
OleUIConvertW
OleUIChangeIconW
OleUIInsertObjectA

gdi32

ExtSelectClipRgn
STROBJ_bEnum
GetCharABCWidthsI
DdEntry32
RealizePalette
SetRectRgn
GetCharacterPlacementW
EngComputeGlyphSet
GetTextAlign

imagehlp

RemoveRelocations
SymFromAddr
SymUnloadModule64
SymGetModuleBase64
SymLoadModule
SymFindFileInPath
SymLoadModule64
SymGetSymPrev
ImageEnumerateCertificates

oleaut32

VarCyNeg
VarUI2FromR8
CreateDispTypeInfo
VariantCopyInd
VarI1FromUI1
GetRecordInfoFromGuids
VarTokenizeFormatString
VarBstrFromCy
LPSAFEARRAY_Size
OleLoadPictureFileEx

comctl32

ImageList_SetIconSize
DrawStatusTextW
ImageList_GetImageInfo
FlatSB_SetScrollProp
CreateToolbarEx
FlatSB_EnableScrollBar
DPA_DestroyCallback
ShowHideMenuCtl

version

GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
VerFindFileW
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

WmiQueryAllDataMultipleA
SetEntriesInAuditListA
AccessCheckByTypeResultList
FlushTraceA
OpenEncryptedFileRawA
LsaICLookupNames
ReportEventW
MD5Init
LsaSetSystemAccessAccount

Exports

Exports

CreatePaint

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 647B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eebc
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jgmo
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a30e75c82eff20dfe0e0897d34cb07c

Headers

File Characteristics

Imports

kernel32

ole32

oleacc

shlwapi

user32

winmm

shell32

gdiplus

msimg32

winspool.drv

comdlg32

oledlg

gdi32

imagehlp

oleaut32

comctl32

version

advapi32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 187KB

.data Size: 512B - Virtual size: 112B

.data Size: 512B - Virtual size: 4KB

.data Size: 1024B - Virtual size: 647B

.rdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 72KB - Virtual size: 71KB

.eebc Size: 296KB - Virtual size: 296KB

.jgmo Size: 8KB - Virtual size: 8KB

.text
Size: 188KB - Virtual size: 187KB

.data
Size: 512B - Virtual size: 112B

.data
Size: 512B - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 647B

.rdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 72KB - Virtual size: 71KB

.eebc
Size: 296KB - Virtual size: 296KB

.jgmo
Size: 8KB - Virtual size: 8KB