9bdb0893dc2e4fd084dd0e17d1a3d49e_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9bdb0893dc2e4fd084dd0e17d1a3d49e_JaffaCakes118
Size

1.2MB
MD5

9bdb0893dc2e4fd084dd0e17d1a3d49e
SHA1

c59aeb8711f4e4faf1b3084d00312aecac037fd0
SHA256

9152d4e32266c54bf8e11ec7db98d375602d5cb5ef2338169c779fab65242674
SHA512

fccee7a3e0590b12cbc9f974c9972e6243b9c6324fb952d90cd516ef57bf4ffa4f04e758429e4d04fd9e0733fbac605ba484490d3285f9b3ccf0b86563acd01e
SSDEEP

12288:3+55C77GpqmO0Q5m/PMnt44caH8WuCsXghj2wQi8UuDdUuDuHrTgQAw:3p7FmoIPMH8oZhXQiYDJDi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9bdb0893dc2e4fd084dd0e17d1a3d49e_JaffaCakes118

Files

9bdb0893dc2e4fd084dd0e17d1a3d49e_JaffaCakes118
.dll windows:5 windows x86 arch:x86

8dccf7caa632393eb9b63472e360e42a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imagehlp

ImageDirectoryEntryToData

kernel32

DuplicateHandle
GetCurrentProcess
OpenProcess
Module32Next
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
FindClose
FindFirstFileA
HeapFree
ReadFile
HeapAlloc
GetProcessHeap
GetFileInformationByHandle
CreateFileA
GetSystemDirectoryA
LocalFree
Thread32Next
SuspendThread
ResumeThread
Thread32First
Sleep
TerminateThread
TerminateProcess
FreeLibrary
LoadLibraryA
GetVersionExA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThreadId
GetCurrentProcessId
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SizeofResource
LockResource
GetTempPathA
LoadResource
SetLastError
WriteFile
CreateDirectoryA
VirtualQuery
ExitProcess
ReadProcessMemory
GetFileAttributesA
VirtualAlloc
GetPrivateProfileStringA
GetPrivateProfileIntA
FreeResource
WriteProcessMemory
DeleteFileA
GetTickCount
CreateThread
lstrcatA
GetCurrentDirectoryA
InitializeCriticalSection
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
GetTimeZoneInformation
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
InterlockedExchange
SetConsoleCtrlHandler
CloseHandle
CreateFileW
GetModuleHandleA
GetProcAddress
VirtualProtect
IsBadReadPtr
GetLastError
FlushInstructionCache
FindResourceA
InitializeCriticalSectionAndSpinCount
HeapSize
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStartupInfoA
RaiseException
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
DeleteCriticalSection
FatalAppExitA
VirtualFree
HeapReAlloc
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetHandleCount
GetFileType

user32

SendMessageA
MessageBoxA
CreateWindowExA
PostMessageA
GetWindowTextA
DefWindowProcA
DispatchMessageA
TranslateMessage
PostQuitMessage
LoadImageA
GetWindowThreadProcessId
GetAsyncKeyState
GetActiveWindow
FindWindowA
GetMessageA
RegisterClassExA
GetSystemMetrics
ShowWindow
UpdateWindow
InvalidateRect

advapi32

SetEntriesInAclA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegQueryValueExA
GetSecurityInfo
GetUserNameA
SetSecurityInfo

shell32

ShellExecuteA

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetConnectA

d3d9

Direct3DCreate9

Exports

Exports

?Is_KBD_Disabled@@YAHXZ
?T3_KBD_Disable@@YAHHH@Z

Sections

.text
Size: 293KB - Virtual size: 292KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 79KB - Virtual size: 3.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mydata
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 496KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8dccf7caa632393eb9b63472e360e42a

Headers

DLL Characteristics

File Characteristics

Imports

imagehlp

kernel32

user32

advapi32

shell32

wininet

d3d9

Exports

Exports

Sections

.text Size: 293KB - Virtual size: 292KB

.rdata Size: 279KB - Virtual size: 279KB

.data Size: 79KB - Virtual size: 3.2MB

.idata Size: 6KB - Virtual size: 6KB

.mydata Size: 512B - Virtual size: 260B

.rsrc Size: 496KB - Virtual size: 496KB

.reloc Size: 45KB - Virtual size: 44KB

.text
Size: 293KB - Virtual size: 292KB

.rdata
Size: 279KB - Virtual size: 279KB

.data
Size: 79KB - Virtual size: 3.2MB

.idata
Size: 6KB - Virtual size: 6KB

.mydata
Size: 512B - Virtual size: 260B

.rsrc
Size: 496KB - Virtual size: 496KB

.reloc
Size: 45KB - Virtual size: 44KB