0b566f936866a97917fe225f45ce3350_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0b566f936866a97917fe225f45ce3350_JaffaCakes118
Size

1.8MB
MD5

0b566f936866a97917fe225f45ce3350
SHA1

5403c19270ec2c2d063d7dc50641bbfc47dea25d
SHA256

2023900798bea6c53cbe751c64da7d8835a25dca4c878460fe3e544c78ee645f
SHA512

b735edde170fead1bc4b2eb95ff6572a4f24f35b7526c93bd5650aea21c77ec22e08cb1776429b93b5209516719c82b54e053055e60005d762d90160d34f261a
SSDEEP

49152:UHQ3CD9N5wwa3XVOSqSR6l/xOlw0etrlwXTgPX2DcMV:YD9N54xqS0xOG0e/8geDc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b566f936866a97917fe225f45ce3350_JaffaCakes118

Files

0b566f936866a97917fe225f45ce3350_JaffaCakes118
.dll windows:6 windows x86 arch:x86

bc81bc679220ff9174e46d933692f4a3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
CloseHandle
CreateThread
ExitProcess
GetTickCount
GetModuleHandleA
GetProcAddress
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalAlloc
GlobalLock
GlobalUnlock
VirtualProtect
FindFirstFileA
FindNextFileA
CreateDirectoryA
GetCurrentProcess
K32GetModuleInformation
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
FlushInstructionCache
MultiByteToWideChar

user32

SetWindowLongA
FindWindowA
wvsprintfA
wvsprintfW
CallWindowProcA
GetCursorPos
GetClientRect
SetCursor
ClientToScreen
SetClipboardData
GetClipboardData
EmptyClipboard
SetCursorPos
GetAsyncKeyState
CloseClipboard
OpenClipboard
GetKeyState

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xlength_error@std@@YAXPBD@Z

d3dx9_43

D3DXCreateFontA
D3DXCreateTextureFromFileInMemoryEx

imm32

ImmSetCompositionWindow
ImmGetContext

vcruntime140

_except_handler4_common
_CxxThrowException
memcpy
memset
__std_exception_copy
__std_type_info_destroy_list
_purecall
memmove
memchr
strchr
strstr
__CxxFrameHandler3
__std_terminate
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_cexit
terminate
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_onexit_function
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_seh_filter_dll

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf
fflush
fclose
fseek
__stdio_common_vsprintf_s
ftell
__stdio_common_vfprintf
_wfopen
fread
__stdio_common_vsscanf
fputc
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fwrite
fgetc

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-math-l1-1-0

_libm_sse2_sin_precise
_libm_sse2_pow_precise
_libm_sse2_cos_precise
_libm_sse2_sqrt_precise
_libm_sse2_atan_precise
ceil
floor
_except1
_libm_sse2_asin_precise
_libm_sse2_acos_precise
_CIfmod
_CIatan2
_dtest
fmaxf

api-ms-win-crt-string-l1-1-0

_stricmp
strncpy
isprint

Sections

.text
Size: 590KB - Virtual size: 590KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.0MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc81bc679220ff9174e46d933692f4a3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

d3dx9_43

imm32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

Sections

.text Size: 590KB - Virtual size: 590KB

.rdata Size: 109KB - Virtual size: 109KB

.data Size: 1.0MB - Virtual size: 1.1MB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 32KB - Virtual size: 32KB

.text
Size: 590KB - Virtual size: 590KB

.rdata
Size: 109KB - Virtual size: 109KB

.data
Size: 1.0MB - Virtual size: 1.1MB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 32KB - Virtual size: 32KB