b039d2a89ea91a0c118605b3db13e6e2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b039d2a89ea91a0c118605b3db13e6e2_JaffaCakes118
Size

229KB
MD5

b039d2a89ea91a0c118605b3db13e6e2
SHA1

b70c40c9705a2929535f1636ad201833e0175e7e
SHA256

c0e4bb732d7893e9e650e8dac6f7911b58a631f8ca709e1ab85b76dad6497038
SHA512

1ee550bb466d256f8c185d7e87db65e06cbb127aa8451b49b8f501f6a0735422439d7b956961ac2a5052bb8840156f7dd77a8c254e84a49a66d08c9c53cc679f
SSDEEP

6144:bejcBZbfGOVrR3DL+74Yo9hJSLc8HHcAMwXA:bejcjbfGGt0Ddc8cIA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b039d2a89ea91a0c118605b3db13e6e2_JaffaCakes118

Files

b039d2a89ea91a0c118605b3db13e6e2_JaffaCakes118
.dll windows:6 windows x86 arch:x86

3e2905f2ae331b77c9e8fd9b5c009736

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount64
GetModuleHandleA
GetProcAddress
GetTickCount
CreateThread
GetCurrentProcess
Sleep
K32GetModuleInformation
CreateDirectoryA
VirtualProtect
HeapAlloc
GetProcessHeap
IsBadReadPtr
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
CloseHandle

user32

GetAsyncKeyState
GetKeyState
CallWindowProcA
SetWindowLongA
ScreenToClient
FindWindowA
GetCursorPos

msvcp140

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
_Xtime_get_ticks
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z

winmm

PlaySoundA

vcruntime140

__std_terminate
memmove
__CxxFrameHandler3
_purecall
strstr
__std_exception_destroy
__std_exception_copy
memset
_CxxThrowException
memchr
_except_handler4_common
memcpy
__std_type_info_destroy_list

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
terminate
_invalid_parameter_noinfo_noreturn
_seh_filter_dll
_configure_narrow_argv
_wassert
_cexit
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-math-l1-1-0

_libm_sse2_cos_precise
_libm_sse2_log10_precise
roundf
_libm_sse2_acos_precise
floor
_libm_sse2_pow_precise
_fdtest
_libm_sse2_asin_precise
_libm_sse2_sin_precise
ceil
_except1
_libm_sse2_sqrt_precise
_CIatan2

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
fflush
__stdio_common_vsprintf
fclose
fgetc
fputc
fgetpos
setvbuf
ungetc
_get_stream_buffer_pointers
_fseeki64
fread
fwrite
fsetpos

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-string-l1-1-0

_stricmp

api-ms-win-crt-convert-l1-1-0

mbstowcs_s

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e2905f2ae331b77c9e8fd9b5c009736

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

msvcp140

winmm

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

Sections

.text Size: 182KB - Virtual size: 181KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 214KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 182KB - Virtual size: 181KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 214KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 13KB - Virtual size: 13KB