ed3b65b173f12527d874cc1e2f8e6b19_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ed3b65b173f12527d874cc1e2f8e6b19_JaffaCakes118
Size

94KB
MD5

ed3b65b173f12527d874cc1e2f8e6b19
SHA1

6e03c75ff58717deadfd0b875af98e5637738972
SHA256

7a6c877b03f9cdceb64c47067f5eb09d31ad4393f22256a8c69d602a9e11b31a
SHA512

c04fcce2beb37a7627c041001d88a0445a8c782b383e5af5ff147feafc0d3c68dd631a97d897ac0862c0d09239961df157b277b6b1d26c650f32ba238c2b7535
SSDEEP

1536:7/RIGXRSo70vVqCH56LNVF/lGuDXjieH6gQaSmrgcCfQsexjdLVkKq1wkumsxk:7R7ookohDX8gQaSmrglQsexjdLVs1wkx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ed3b65b173f12527d874cc1e2f8e6b19_JaffaCakes118

Files

ed3b65b173f12527d874cc1e2f8e6b19_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fae0d2ebdf58d48fdffb7520bd60abc4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr71

_strcmpi
_strnicmp
_onexit
__dllonexit
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
_beginthreadex
wcstombs
atoi
realloc
strncat
??0exception@@QAE@ABV0@@Z
strrchr
free
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_except_handler3
strncpy
strcat
_CxxThrowException
memcmp
__CxxFrameHandler
memmove
strstr
ceil
memcpy
strcmp
malloc
strchr
memset
??3@YAXPAX@Z
strlen
??2@YAPAXI@Z
strcpy

kernel32

CreateMutexA
OpenEventA
ReleaseMutex
SetUnhandledExceptionFilter
FreeConsole
lstrcmpiA
GetCurrentThreadId
SetErrorMode
SetFileAttributesA
GetModuleHandleA
LoadLibraryExA
DeviceIoControl
FindResourceA
LoadResource
SizeofResource
GetLastError
CreateToolhelp32Snapshot
Process32First
LocalSize
CreatePipe
GetStartupInfoA
PeekNamedPipe
WaitForMultipleObjects
TerminateProcess
DisconnectNamedPipe
GlobalAlloc
GlobalFree
GlobalSize
lstrlenA
GetPrivateProfileSectionNamesA
GetProcAddress
LoadLibraryA
lstrcatA
lstrcpyA
GetWindowsDirectoryA
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
CreateEventA
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
InitializeCriticalSection
DeleteCriticalSection
VirtualFree
VirtualAlloc
LeaveCriticalSection
EnterCriticalSection
InterlockedExchange
CancelIo
Sleep
ResetEvent
SetLastError
DeleteFileA
ReadFile
SetFilePointer
CreateFileA
LocalFree
CreateDirectoryA
GetFileAttributesA
CreateProcessA
GetDriveTypeA
GetDiskFreeSpaceExA
GetVolumeInformationA
FindNextFileA
LocalReAlloc
FindFirstFileA
LocalAlloc
RemoveDirectoryA
GetFileSize
WriteFile
MoveFileA
GetSystemDirectoryA
GetCurrentProcess
WriteProcessMemory
VirtualAllocEx
OpenProcess
MoveFileExA
GetTickCount
HeapFree
HeapAlloc
GetProcessHeap
GetLocalTime
GlobalLock
MapViewOfFile
CreateFileMappingA
GlobalUnlock
UnmapViewOfFile

user32

wsprintfA
GetCursorInfo
TranslateMessage
GetMessageA
CharNextA
GetWindowTextA
GetActiveWindow
GetKeyNameTextA
CallNextHookEx
PostMessageA
OpenDesktopA
GetUserObjectInformationA
OpenInputDesktop
SetThreadDesktop
CloseDesktop
SetProcessWindowStation
CreateWindowExA
IsWindow
CloseWindow
EnumWindows
GetWindowThreadProcessId
ExitWindowsEx
GetCursorPos
SetRect
GetDesktopWindow
GetDC
ReleaseDC
DispatchMessageA
SystemParametersInfoA
SendMessageA
BlockInput
GetSystemMetrics
EmptyClipboard
SetClipboardData
mouse_event
SetCursorPos
WindowFromPoint
SetCapture
MapVirtualKeyA
keybd_event
OpenClipboard
GetClipboardData
CloseClipboard
DestroyCursor
LoadCursorA
SetWindowsHookExA
UnhookWindowsHookEx

winmm

waveOutClose
waveOutUnprepareHeader
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutPrepareHeader
waveOutOpen
waveOutGetNumDevs
waveInAddBuffer
waveOutWrite
waveInStart
waveInGetNumDevs
waveInOpen
waveInPrepareHeader

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

ICCompressorFree
ICSendMessage
ICOpen
ICSeqCompressFrameEnd
ICSeqCompressFrameStart
ICClose
ICSeqCompressFrame

Exports

Exports

DoResetSsdt
HeiComeOn
LetMeIn
ServiceMain

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fae0d2ebdf58d48fdffb7520bd60abc4

Headers

File Characteristics

Imports

msvcr71

kernel32

user32

winmm

msvcp71

avicap32

msvfw32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 5KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 5KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 5KB - Virtual size: 5KB