c0c6b65d2bbbea6efd36307fd510a389_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

c0c6b65d2bbbea6efd36307fd510a389_JaffaCakes118
Size

345KB
MD5

c0c6b65d2bbbea6efd36307fd510a389
SHA1

af3ab06b8e70604f801ad4568a75781b743c84ff
SHA256

301fc85bb18e275a9a4dfc45cde3b0cf92cd15503d3daf613f3b5f024cfa9cd1
SHA512

120388efdf4cd057c1c76d1009b6a72a5f9fc220e275b78fb3529909afa4c7725a80c65f8ff4ec76a8f15ef001d68d1b6631e76e62ff468c9c7d2a17b73da2de
SSDEEP

6144:D6A+sCjMzulTqoPBj5NpNZGYHw0nDqK4KdFSsW0rCANYNKzk0TdQT3su2+08N/:DQB9NZGpGmK4KdFSsW0rCANYNKzkQdQz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0c6b65d2bbbea6efd36307fd510a389_JaffaCakes118

Files

c0c6b65d2bbbea6efd36307fd510a389_JaffaCakes118
.dll windows:6 windows x64 arch:x64

e456d6ddf6a5b901ebf6f84c338275dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
GetConsoleTitleW
SetCalendarInfoA
GetCalendarInfoA
BindIoCompletionCallback
SetFileApisToOEM
lstrcpynW
lstrcmpiW
GetNamedPipeInfo
SetFileShortNameW
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
CreateFileMappingW
GetTickCount
CreateThread
Sleep
CreateMutexA
WaitForSingleObject
ReleaseMutex
CreatePipe
GetLastError
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CloseHandle
OutputDebugStringA
ReadFile
GetFullPathNameA
GetFileSize
FindNextFileW
FindFirstFileW
FindClose
CreateFileW
SearchPathW
RtlCaptureStackBackTrace
InitializeSListHead

gdi32

GetRgnBox
CombineRgn
CreateBitmap
CreateDIBPatternBrushPt
CreateEnhMetaFileW
CreateICW
GetEnhMetaFileHeader
CreateRectRgn
DeleteDC
DeleteObject
CreateEllipticRgn
AngleArc
DeleteColorSpace
CreateColorSpaceA
GdiGetBatchLimit
GetRegionData

advapi32

GetKernelObjectSecurity
CopySid
GetAce
GetFileSecurityW
AccessCheckAndAuditAlarmA
EnumServicesStatusExW
CloseTrace
OpenTraceA
SaferCreateLevel
SaferCloseLevel
SaferGetLevelInformation
SaferSetLevelInformation
GetTrusteeTypeA
AddAuditAccessAceEx

shlwapi

StrCmpIW
UrlGetLocationA
StrRChrIA
AssocGetPerceivedType
HashData
SHDeleteValueA
PathIsDirectoryW
SHDeleteValueW
SHRegCreateUSKeyA
SHRegOpenUSKeyW
SHRegDeleteUSValueA
SHRegCloseUSKey
StrStrIW

imm32

ImmGetIMEFileNameA
ImmGetCompositionStringA
ImmGetCompositionFontA
ImmEscapeW
ImmGetImeMenuItemsA
ImmGetCompositionWindow
ImmRegisterWordW
ImmUnregisterWordW
ImmGetRegisterWordStyleA
ImmGetConversionListA

winmm

joyGetNumDevs
joySetCapture
joySetThreshold
timeGetDevCaps
joyReleaseCapture
joyGetThreshold
mixerGetLineControlsA
mixerGetNumDevs
midiOutGetID
midiOutGetErrorTextA
mmioGetInfo
midiOutGetDevCapsW
midiOutGetNumDevs
waveOutGetID
waveOutGetErrorTextW
waveOutGetNumDevs
mciGetDeviceIDA
mmioClose
mmioOpenA
mmioStringToFOURCCW
mciGetDeviceIDFromElementIDA

rpcrt4

MesDecodeBufferHandleCreate
MesHandleFree
MesDecodeIncrementalHandleCreate
MesEncodeIncrementalHandleCreate
I_RpcMapWin32Status
MesEncodeFixedBufferHandleCreate

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memset
memmove
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memcpy
memchr
memcmp

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_initterm_e
_crt_atexit
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_execute_onexit_table
_register_onexit_function
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

_wcsnicmp
isxdigit
strncpy
strncat
wcsncat
wcsncpy
toupper
isspace

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-convert-l1-1-0

_itoa
strtoul
_ultoa
_ultow
_ltow
_ltoa

api-ms-win-crt-utility-l1-1-0

rand
srand

Sections

.text
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e456d6ddf6a5b901ebf6f84c338275dc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

advapi32

shlwapi

imm32

winmm

rpcrt4

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

Sections

.text Size: 313KB - Virtual size: 313KB

.rdata Size: 26KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 3KB - Virtual size: 3KB

.reloc Size: 512B - Virtual size: 80B

.text
Size: 313KB - Virtual size: 313KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 80B