fcbf4e20549d47d5e68475b99f743493_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

fcbf4e20549d47d5e68475b99f743493_JaffaCakes118
Size

423KB
MD5

fcbf4e20549d47d5e68475b99f743493
SHA1

8ca8fa4f6e13ff84510e3dfae2487fc622d9db11
SHA256

5aac1dcf1e716a4f79323b4220b76e9c6a5a9cca59f785ce2888051d7418a65f
SHA512

c0c81ec94746a51f0ad32cdf4bf82adad7efe6f220c3a9a089d32b2e7634632d88487730326002d3f64d85c9e09b75383555e311dc427b1e8bcd777f362f8507
SSDEEP

12288:q40WW/VHfjmCZYSnbZkzKApJr3bj6D2k1SdWuMcheoHaw/+JY+Dv:q40Dd/bZWrrrj6zSd1ZGv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fcbf4e20549d47d5e68475b99f743493_JaffaCakes118

Files

fcbf4e20549d47d5e68475b99f743493_JaffaCakes118
.dll windows:5 windows x86 arch:x86

197401c2f4043bc40642113d3eff2730

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Source\Aselia\Client DLL\Client DLL\Release\ultima.pdb

Imports

kernel32

GetCommandLineW
GetCurrentThreadId
Sleep
GetLastError
LocalFree
SizeofResource
HeapFree
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
HeapSize
LockResource
HeapReAlloc
RaiseException
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
DecodePointer
HeapDestroy
DeleteCriticalSection
GetProcessHeap
GetSystemTimeAsFileTime
GetTickCount
ExitProcess
WriteFile
PeekNamedPipe
CreateFileW
CloseHandle
WaitNamedPipeW
lstrlenW
GetModuleFileNameW
MultiByteToWideChar
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
GetVersionExW
GetModuleHandleA
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
WaitForSingleObject
IsDebuggerPresent
Module32NextW
VerifyVersionInfoW
GetCurrentProcessId
VerSetConditionMask
Module32FirstW
GetLocalTime
Process32FirstW
Process32NextW
GetFileAttributesA
ReadFile
CreateToolhelp32Snapshot
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
SetEndOfFile
GetConsoleCP
FlushFileBuffers
SetStdHandle
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
OutputDebugStringW
TryEnterCriticalSection
SwitchToThread
GetExitCodeThread
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
FreeLibrary
LoadLibraryExW
WideCharToMultiByte
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
DeleteFileW
GetModuleFileNameA
GetCurrentThread
GetACP
GetStdHandle
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
LCMapStringW
GetStringTypeW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW

user32

SetWindowsHookExA
GetAsyncKeyState
CallNextHookEx
GetCursorPos
SetWindowLongW
ShowWindow
GetWindowLongW
ReleaseDC
UnhookWindowsHookEx
FindWindowA
MessageBoxA
UpdateWindow
GetDC
GetClientRect

gdi32

CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
GetObjectW
DeleteObject
BitBlt

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

CommandLineToArgvW

shlwapi

PathFindExtensionW

gdiplus

GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipGetImageEncodersSize
GdipFree
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdipCloneImage
GdipGetImageEncoders
GdipLoadImageFromFile
GdiplusShutdown
GdiplusStartup

Sections

.text
Size: 268KB - Virtual size: 267KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 4.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

197401c2f4043bc40642113d3eff2730

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

gdiplus

Sections

.text Size: 268KB - Virtual size: 267KB

.rdata Size: 90KB - Virtual size: 89KB

.data Size: 46KB - Virtual size: 4.1MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 16KB

.text
Size: 268KB - Virtual size: 267KB

.rdata
Size: 90KB - Virtual size: 89KB

.data
Size: 46KB - Virtual size: 4.1MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 16KB