aa054899f7ca53d4055798125f777008_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

aa054899f7ca53d4055798125f777008_JaffaCakes118
Size

572KB
MD5

aa054899f7ca53d4055798125f777008
SHA1

b6762beb155020ad7118ce67cdf2304b7fa47b5c
SHA256

4d446547a8316ca8424aeba6e4901be6cef1be7af7f51ed4f5697581a647e540
SHA512

be29a4c15d40c8b36201f5052d7a0234cb610ce17c57f2d4d8facf615309216a3bab50232e42f2704ae7a06a2eb2126179f68f95c274d3af44e6c26f9072aacb
SSDEEP

6144:VJVAfqX+2Rr+nxQDBO03fHEera3bpt5eH5:VvAfLfaEkAz5S

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
aa054899f7ca53d4055798125f777008_JaffaCakes118

Files

aa054899f7ca53d4055798125f777008_JaffaCakes118
.dll windows:4 windows x86 arch:x86

9a30e75c82eff20dfe0e0897d34cb07c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
VirtualAlloc
VirtualProtect
GetProcAddress
lstrcmpA
InitializeCriticalSectionAndSpinCount
CompareFileTime
VerLanguageNameW
VerLanguageNameA

ole32

OleUninitialize
OleInitialize
OleFlushClipboard
HICON_UserUnmarshal
CreateStdProgressIndicator
ReadClassStm
OleCreateFromFile
OleCreateEx
HICON_UserMarshal

oleacc

CreateStdAccessibleProxyW
AccessibleObjectFromPoint
WindowFromAccessibleObject
AccessibleObjectFromEvent
AccessibleChildren
LresultFromObject
GetRoleTextW
LIBID_Accessibility
DllCanUnloadNow

shlwapi

IsCharSpaceA
StrFormatByteSizeA
StrCmpLogicalW
SHRegCloseUSKey
SHRegGetPathW

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
GetClipboardSequenceNumber
EnumDisplaySettingsExA
CreateAcceleratorTableA
DdeCreateDataHandle
CreateDesktopA
MB_GetString

winmm

midiInUnprepareHeader
waveOutClose
midiInGetDevCapsW
mmGetCurrentTask
mciGetErrorStringA
WOWAppExit
joyGetDevCapsA
midiOutGetNumDevs
mixerGetLineInfoW

shell32

IsLFNDrive
DAD_DragEnterEx2
IsLFNDriveW
ExtractIconExW
SHSimpleIDListFromPath
Shell_NotifyIconA
SHShellFolderView_Message

gdiplus

GdipCreateFromHWND
GdipGetLineBlend
GdipSetAdjustableArrowCapFillState
GdipSetPathGradientTransform
GdipDrawClosedCurve2I
GdipDrawRectangleI
GdipGetPenUnit
GdipGetDpiY

msimg32

vSetDdrawflag
AlphaBlend
TransparentBlt

winspool.drv

AddFormA
DeletePrintProvidorW
FindClosePrinterChangeNotification
GetPrinterDataA
QuerySpoolMode
GetPrinterDriverDirectoryA
AdvancedDocumentPropertiesW
DeletePortA
DeletePrinterKeyW
AddPrinterDriverExA
DeletePrintProcessorA
WritePrinter
AddPrintProcessorA
AddPrintProvidorW

comdlg32

PrintDlgExA
ChooseFontA
dwOKSubclass
FindTextW
GetFileTitleW
GetSaveFileNameA
LoadAlterBitmap

oledlg

OleUIBusyW
OleUICanConvertOrActivateAs
OleUIUpdateLinksW
OleUIConvertW
OleUIChangeIconW
OleUIInsertObjectA

gdi32

ExtSelectClipRgn
STROBJ_bEnum
GetCharABCWidthsI
DdEntry32
RealizePalette
SetRectRgn
GetCharacterPlacementW
EngComputeGlyphSet
GetTextAlign

imagehlp

RemoveRelocations
SymFromAddr
SymUnloadModule64
SymGetModuleBase64
SymLoadModule
SymFindFileInPath
SymLoadModule64
SymGetSymPrev
ImageEnumerateCertificates

oleaut32

VarCyNeg
VarUI2FromR8
CreateDispTypeInfo
VariantCopyInd
VarI1FromUI1
GetRecordInfoFromGuids
VarTokenizeFormatString
VarBstrFromCy
LPSAFEARRAY_Size
OleLoadPictureFileEx

comctl32

ImageList_SetIconSize
DrawStatusTextW
ImageList_GetImageInfo
FlatSB_SetScrollProp
CreateToolbarEx
FlatSB_EnableScrollBar
DPA_DestroyCallback
ShowHideMenuCtl

version

GetFileVersionInfoA
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
VerFindFileW
GetFileVersionInfoSizeA
VerQueryValueA

advapi32

WmiQueryAllDataMultipleA
SetEntriesInAuditListA
AccessCheckByTypeResultList
FlushTraceA
OpenEncryptedFileRawA
LsaICLookupNames
ReportEventW
MD5Init
LsaSetSystemAccessAccount

Exports

Exports

CreatePaint

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 647B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eebc
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.jgmo
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a30e75c82eff20dfe0e0897d34cb07c

Headers

File Characteristics

Imports

kernel32

ole32

oleacc

shlwapi

user32

winmm

shell32

gdiplus

msimg32

winspool.drv

comdlg32

oledlg

gdi32

imagehlp

oleaut32

comctl32

version

advapi32

Exports

Exports

Sections

.text Size: 188KB - Virtual size: 187KB

.data Size: 512B - Virtual size: 112B

.data Size: 512B - Virtual size: 4KB

.data Size: 1024B - Virtual size: 647B

.rdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 72KB - Virtual size: 71KB

.eebc Size: 296KB - Virtual size: 296KB

.jgmo Size: 8KB - Virtual size: 8KB

.text
Size: 188KB - Virtual size: 187KB

.data
Size: 512B - Virtual size: 112B

.data
Size: 512B - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 647B

.rdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 72KB - Virtual size: 71KB

.eebc
Size: 296KB - Virtual size: 296KB

.jgmo
Size: 8KB - Virtual size: 8KB