f0b834d7f71823484d16c32fc4f4c6f9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

f0b834d7f71823484d16c32fc4f4c6f9_JaffaCakes118
Size

48KB
MD5

f0b834d7f71823484d16c32fc4f4c6f9
SHA1

b79f5ae1ecffa6ad285c92b0953fb2a2db86517b
SHA256

8a30061ab2c178e5437a1e7225214342e04741fa5641fc0e4f6980de5c679196
SHA512

d86e519b388baaa91ead04af6f0a10d6b4fb14a39017858e2523cb83c2a816f47f94b3206beb8f0996473098d9aa36416ec68ff24d4790f453db57dc5bb88f26
SSDEEP

768:GHndBXhSmtBISK7jkB1DD5MwIxtrjleNtSTWr7FBvyWotfK/2fNWVvj:Cnd1hvtBI7iR1MwILrBCtSTWr7yk2fsj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f0b834d7f71823484d16c32fc4f4c6f9_JaffaCakes118

Files

f0b834d7f71823484d16c32fc4f4c6f9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

e7f0028f65177cbc39ec073bcaa60ddf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MapViewOfFile
CreateFileMappingA
CreateFileA
CreateEventA
PulseEvent
WriteFile
OpenMutexA
GetModuleFileNameA
GetWindowsDirectoryA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
FreeLibraryAndExitThread
GetDriveTypeA
GetLogicalDriveStringsA
VirtualFree
VirtualProtect
VirtualAlloc
Process32Next
GetFileSize
CreateToolhelp32Snapshot
Module32Next
Module32First
GetCurrentProcessId
VirtualQuery
GetSystemInfo
GetProcAddress
Thread32Next
Thread32First
QueryDosDeviceA
OpenProcess
TerminateProcess
WideCharToMultiByte
lstrlenW
GetVersionExA
FindNextFileA
FindFirstFileA
MultiByteToWideChar
GetLastError
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
CreateThread
WaitForSingleObject
GetTempPathA
GetTempFileNameA
CreateProcessA
Sleep
OpenEventA
WinExec
CopyFileA
CreateMutexA
LoadLibraryA
CloseHandle
Process32First
FreeLibrary

user32

SetWindowsHookExA
GetDesktopWindow
SendMessageA
GetDlgItem
ShowWindow
IsWindow
EnumDesktopWindows
GetWindowTextA
GetClassNameA
GetClientRect
CallNextHookEx
GetDC
GetWindowDC
IsRectEmpty
EnumChildWindows
GetWindowThreadProcessId
UnhookWindowsHookEx
PrintWindow
GetWindowRect
EnumWindows

gdi32

DeleteObject
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegEnumValueA
RegCloseKey

ole32

CoInitializeEx
CoInitialize
CreateStreamOnHGlobal
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
SysStringLen
VariantClear

msvcp60

?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

wininet

HttpEndRequestA
InternetCloseHandle
InternetReadFile
HttpSendRequestA
HttpAddRequestHeadersA
HttpOpenRequestA
InternetConnectA
InternetOpenA
InternetCrackUrlA
HttpSendRequestExA
InternetWriteFile
DeleteUrlCacheEntry

urlmon

URLDownloadToFileA

ws2_32

closesocket
setsockopt
WSACleanup

shell32

SHGetFolderPathA

psapi

GetProcessImageFileNameA

shlwapi

PathFileExistsA

msvcrt

_mbsupr
_CxxThrowException
_mbscmp
free
wcscmp
malloc
_mbsstr
memmove
_mbslwr
wcsstr
_mbsnbicmp
_snprintf
memset
_ismbcprint
_memicmp
memcmp
clock
_mbsrchr
_mbsnbcpy
_mbstok
_mbsicmp
abs
_ltoa
printf
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
atoi
strlen
__CxxFrameHandler
strcat
strcpy
_mbschr
sprintf
??2@YAPAXI@Z
memcpy

gdiplus

GdipGetImageEncodersSize
GdiplusStartup
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipGetImageEncoders
GdipFree
GdipCloneImage

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

Exports

Exports

?GetOS@Utility@@SAKXZ
DUMMY

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e7f0028f65177cbc39ec073bcaa60ddf

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp60

wininet

urlmon

ws2_32

shell32

psapi

shlwapi

msvcrt

gdiplus

iphlpapi

rpcrt4

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 43KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 44KB - Virtual size: 43KB

.reloc
Size: 3KB - Virtual size: 2KB