9cecbdf9d71a2ad529888e0c550fd2ed_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9cecbdf9d71a2ad529888e0c550fd2ed_JaffaCakes118
Size

1.5MB
MD5

9cecbdf9d71a2ad529888e0c550fd2ed
SHA1

38861a0dc88b9624829114568202c527b9f6dc75
SHA256

ba4db9ddcaaa74d8abea456a683ac745048ed94fe367441836188bc809ff6889
SHA512

82a176eda5ba1a2102d1253ad1b02a50b9778d72f42a610e2c5ffb4d7084dd7b5f1a704c87268d22f5abc78f30708b330dc4d2356121d35bfd9aaaec1364cdcf
SSDEEP

24576:PXRXcVvoA1D1u6fbd+m/UdhY73l+gDNy2CLVuSbnYXSu5l+gbUy2CLVuSbnYXSWv:PXuoA1D1u6IQ3l+GNQsYnYP5l+2UQsYK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9cecbdf9d71a2ad529888e0c550fd2ed_JaffaCakes118

Files

9cecbdf9d71a2ad529888e0c550fd2ed_JaffaCakes118
.dll windows:6 windows x86 arch:x86

d1749abf79593ca6e3ddc2321e6a8512

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\ayywaresuperior\ayywaresuperior.pdb

Imports

kernel32

CreateDirectoryA
GetVolumeInformationA
CloseHandle
Sleep
GetCurrentProcess
CreateThread
VirtualProtect
DisableThreadLibraryCalls
FreeLibraryAndExitThread
GetModuleHandleA
GetProcAddress
GetTickCount
SizeofResource
FindResourceA
K32GetModuleInformation
GetStdHandle
SetConsoleTextAttribute
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleW
LoadResource
GetTickCount64
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitializeSListHead

user32

FindWindowA
ScreenToClient
GetCursorPos
GetForegroundWindow
GetKeyNameTextA
GetAsyncKeyState
GetKeyState

gdi32

AddFontResourceA

msvcp140

?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?good@ios_base@std@@QBE_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uncaught_exception@std@@YA_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?is@?$ctype@D@std@@QBE_NFD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?eof@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?id@?$ctype@D@std@@2V0locale@2@A

winmm

PlaySoundA

urlmon

URLDownloadToFileA

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
strchr
memchr
_purecall
strstr
__std_exception_destroy
memcpy
__std_exception_copy
memset
_CxxThrowException
memmove
memcmp
__CxxFrameHandler3

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
terminate
_invalid_parameter_noinfo_noreturn
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_configure_narrow_argv
_cexit

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-math-l1-1-0

fmaxf
_libm_sse2_atan_precise
_libm_sse2_cos_precise
_libm_sse2_sin_precise
_CIatan2
ceil
_libm_sse2_sqrt_precise
roundf
_except1
_libm_sse2_acos_precise
_libm_sse2_pow_precise
copysignf

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-stdio-l1-1-0

ftell
fseek
ferror
_get_stream_buffer_pointers
fopen_s
__stdio_common_vsprintf_s
__acrt_iob_func
setvbuf
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
puts
__stdio_common_vfprintf
fclose
fwrite
ungetc
_fseeki64
fflush
fgetc
fsetpos
fread
fputc
fgetpos

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
remove
_lock_file

api-ms-win-crt-convert-l1-1-0

atof
mbstowcs_s
strtoul
_itoa
atoi

api-ms-win-crt-time-l1-1-0

clock
_time64
strftime
_localtime64

api-ms-win-crt-string-l1-1-0

isspace
strncmp
strcpy_s
isalpha
isdigit

Exports

Exports

?ReflectiveLoader@@YGKXZ

Sections

.text
Size: 514KB - Virtual size: 513KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 939KB - Virtual size: 939KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1749abf79593ca6e3ddc2321e6a8512

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

msvcp140

winmm

urlmon

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

Exports

Exports

Sections

.text Size: 514KB - Virtual size: 513KB

.rdata Size: 939KB - Virtual size: 939KB

.data Size: 8KB - Virtual size: 586KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 28KB - Virtual size: 27KB

.text
Size: 514KB - Virtual size: 513KB

.rdata
Size: 939KB - Virtual size: 939KB

.data
Size: 8KB - Virtual size: 586KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 28KB - Virtual size: 27KB