08a343e719f2bdcb372b80a89184ec57_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

08a343e719f2bdcb372b80a89184ec57_JaffaCakes118
Size

443KB
MD5

08a343e719f2bdcb372b80a89184ec57
SHA1

a5b90ebb86bb9448f5de9d6957d3f7bff5a66e56
SHA256

a96b3b8ba59982d364123c81d08a2ad07efffe0e6c0d3cda5e59c7b235641f47
SHA512

4699e482c9dbc25d9ec24c210daf13b3152664e4f2007ff2c531374d98695dd13f2f4384b6887eea4eb5a35bd212ffa9f949727d0189437abd73bacff5cb9097
SSDEEP

12288:RRz/azNQO15sNsjlNBVF9uZj/5ANkSD5O:RRz/2C6+B/5AC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
08a343e719f2bdcb372b80a89184ec57_JaffaCakes118

Files

08a343e719f2bdcb372b80a89184ec57_JaffaCakes118
.dll windows:6 windows x86 arch:x86

4028328557669218c3e09adaca7c1802

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dsound.pdb

Imports

msvcrt

floor
_CIsin
free
malloc
_XcptFilter
_controlfp
ceil
_CIlog
_initterm
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_aligned_free
_aligned_malloc
memmove
_CIlog10
memcpy
_isnan
_CItan
_CIpow
_CIcos
_ftol2
__CxxFrameHandler3
memset
_ftol2_sse
_CIsqrt
_CIatan2
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_vsnprintf
_vsnwprintf

kernel32

GetTickCount
QueryPerformanceCounter
WaitForSingleObject
ResetEvent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
InterlockedCompareExchange64
OutputDebugStringA
GetThreadTimes
CloseHandle
GetFullPathNameW
GetModuleFileNameW
GetModuleHandleW
lstrcmpiW
GetFileSize
SetFilePointer
ReadFile
CreateFileW
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
DuplicateHandle
GetCurrentProcess
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
LoadLibraryA
lstrlenA
lstrlenW
lstrcmpW
LoadLibraryW
ReleaseMutex
QueryPerformanceFrequency
DisableThreadLibraryCalls
CreateMutexW
GetCurrentThreadId
GetCurrentProcessId
LocalFree
GetSystemPowerStatus
InitializeCriticalSection
LeaveCriticalSection
SetEvent
EnterCriticalSection
InterlockedIncrement
DeleteCriticalSection
InterlockedDecrement
SetThreadPriority
GetCurrentThread
CreateThread
CreateEventW
WaitForMultipleObjects
Sleep
ReleaseSemaphore
OpenProcess
GetExitCodeThread
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
MulDiv
InterlockedExchange
SwitchToThread
InterlockedCompareExchange
GetProcessHeap
GetSystemInfo
HeapSize
CreateSemaphoreW
GetProcessTimes

user32

GetParent
CharUpperW
GetWindowPlacement
IsWindow
GetWindowThreadProcessId
LoadStringW
GetForegroundWindow

advapi32

GetTraceEnableLevel
RegOpenKeyExA
RegCreateKeyW
RegOpenKeyExW
RegQueryValueExA
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
RegCreateKeyA
GetTraceEnableFlags
RegCloseKey
RegSetValueExW
RegSetValueExA
RegQueryValueExW

ole32

CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoCreateInstance
CLSIDFromString
PropVariantClear
CoTaskMemFree

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime
waveOutGetDevCapsW
waveOutGetNumDevs
waveInGetNumDevs
waveInGetDevCapsW

powrprof

PowerReadACValue
PowerGetActiveScheme
CallNtPowerInformation
PowerReadDCValue

Exports

Exports

DirectSoundCaptureCreate
DirectSoundCaptureCreate8
DirectSoundCaptureEnumerateA
DirectSoundCaptureEnumerateW
DirectSoundCreate
DirectSoundCreate8
DirectSoundEnumerateA
DirectSoundEnumerateW
DirectSoundFullDuplexCreate
DllCanUnloadNow
DllGetClassObject
GetDeviceID

Sections

.text
Size: 415KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4028328557669218c3e09adaca7c1802

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

winmm

powrprof

Exports

Exports

Sections

.text Size: 415KB - Virtual size: 415KB

RT_CODE Size: 512B - Virtual size: 284B

.data Size: 13KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 415KB - Virtual size: 415KB

RT_CODE
Size: 512B - Virtual size: 284B

.data
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 10KB - Virtual size: 10KB