9a5ce3ea1339e255ce078346d6dd0ef3_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

9a5ce3ea1339e255ce078346d6dd0ef3_JaffaCakes118
Size

500KB
MD5

9a5ce3ea1339e255ce078346d6dd0ef3
SHA1

24f55a887f02f1018a94212192f3ed9a71813c0d
SHA256

533a1afbe6fde892155eaa61a6bd0f612779290701cc6c391c4063ec6187c75d
SHA512

0c665ccd925711934841d77574850e9402bec35b6ff340bd671d48fa962d4efdbd125c96fa4c29d1251516523f77ad3bfd81d72a8b1b32f16ce03f68aac2caa6
SSDEEP

6144:V2N8aCbpt5e3JVAfqX+2Rr+nxQDBO03fHEe:w87z5mvAfLfaE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
9a5ce3ea1339e255ce078346d6dd0ef3_JaffaCakes118

Files

9a5ce3ea1339e255ce078346d6dd0ef3_JaffaCakes118
.dll windows:4 windows x86 arch:x86

79104f3cccf87ce5b357c629421e05f5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
GetUserDefaultUILanguage

ole32

OleInitialize
OleUninitialize
IsValidIid
CreateOleAdviseHolder
CoGetTreatAsClass
StgOpenStorage
OleCreateLink
StgIsStorageFile

version

GetFileVersionInfoW
VerInstallFileA
GetFileVersionInfoA
GetFileVersionInfoSizeW
VerFindFileW
VerInstallFileW

user32

VRipOutput
SwitchToThisWindow
wsprintfW
DdeNameService
FlashWindow
OpenWindowStationA
DialogBoxParamW

shell32

SHEnumerateUnreadMailAccountsW
ExtractAssociatedIconW
SHParseDisplayName
DragQueryFileAorW
SHLoadNonloadedIconOverlayIdentifiers
SHSetUnreadMailCountW

winspool.drv

StartDocDlgW
EnumPrintProcessorsW
SetPrinterA
DeletePrinterConnectionA
DocumentPropertiesA
FindClosePrinterChangeNotification
DevicePropertySheets
SetPrinterDataExA
SetJobA

comctl32

ImageList_BeginDrag
DSA_Create
FlatSB_SetScrollRange
CreateStatusWindowW
ImageList_Merge
ImageList_GetIcon
ImageList_GetImageCount
CreatePropertySheetPageA
ImageList_SetFilter
FlatSB_GetScrollRange
ImageList_GetBkColor

msimg32

DllInitialize
GradientFill
vSetDdrawflag
TransparentBlt
AlphaBlend

shlwapi

IntlStrEqWorkerW
PathFindNextComponentW
SHOpenRegStreamA
UrlHashA
PathStripPathW
SHAutoComplete
SHSetThreadRef
PathAppendW

winmm

joyGetNumDevs
waveOutUnprepareHeader
mciGetDeviceIDFromElementIDW
midiOutSetVolume
mciDriverNotify
mciGetErrorStringA
joyGetPos
mixerClose
mciGetDriverData
waveInGetID
mmioRenameA
midiStreamPause
aux32Message

gdiplus

GdipGetGenericFontFamilyMonospace
GdipDisposeImage
GdipGetPathWorldBounds
GdipDrawPath
GdipSetImageAttributesOutputChannel
GdipClosePathFigure

comdlg32

PrintDlgA
FindTextW
ReplaceTextW
FindTextA
LoadAlterBitmap
PrintDlgExW
GetFileTitleA
ChooseFontW

Exports

Exports

CreatePaint

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xbsl
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vgic
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79104f3cccf87ce5b357c629421e05f5

Headers

File Characteristics

Imports

kernel32

ole32

version

user32

shell32

winspool.drv

comctl32

msimg32

shlwapi

winmm

gdiplus

comdlg32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 187KB

.data Size: 512B - Virtual size: 112B

.data Size: 2KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 3KB

.xbsl Size: 296KB - Virtual size: 296KB

.vgic Size: 8KB - Virtual size: 8KB

.text
Size: 188KB - Virtual size: 187KB

.data
Size: 512B - Virtual size: 112B

.data
Size: 2KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 3KB

.xbsl
Size: 296KB - Virtual size: 296KB

.vgic
Size: 8KB - Virtual size: 8KB