0e3c356ddfe8913ca0cef07f9909c3ad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

0e3c356ddfe8913ca0cef07f9909c3ad_JaffaCakes118
Size

263KB
MD5

0e3c356ddfe8913ca0cef07f9909c3ad
SHA1

fe71834b3bcda84a39547730e49300ca5285c77b
SHA256

2f5c9cc4ba64b41d7b9f490535b5e4f24b8a705b5e4dcfd7553302b273437a6e
SHA512

96a7d0bc9959f588785414fc4c10bad6b71286565898eed73d676db68263a5a7b18120a800e7fbd07eea91638301b06e54a681abad1380c05452093e3b4f8f43
SSDEEP

6144:IuWkFYE62Y7SHTg4y5Id7OY9iNuCGPy+SPYKD4cx:BIOH09XSiVF+VKkc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0e3c356ddfe8913ca0cef07f9909c3ad_JaffaCakes118

Files

0e3c356ddfe8913ca0cef07f9909c3ad_JaffaCakes118
.exe windows:8 windows x86 arch:x86

4858b49b3011d46a23df9cba2359009b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

user32

GetFocus
TranslateMessage
IsDialogMessageW
wsprintfW
SendMessageW
SetFocus
UpdateWindow
GetDlgItemTextW
SetWindowTextW
GetKeyState
GetWindowRect
CallNextHookEx
CheckDlgButton
CheckRadioButton
PostMessageW
AdjustWindowRectEx
EndDialog
SetTimer
ReleaseDC
GetDC
IsWindowEnabled
KillTimer
wsprintfA
DialogBoxParamW

kernel32

SetStdHandle
GetProcAddress
HeapDestroy
WideCharToMultiByte
CloseHandle
TlsSetValue
GetEnvironmentStringsW
LoadLibraryW
TlsGetValue
lstrcpyW
WriteFile
WaitForSingleObject
HeapReAlloc
GetLocaleInfoA
HeapAlloc
GetStdHandle
FreeEnvironmentStringsW
GetTickCount
GetFileType
SetFilePointer
HeapFree
QueryPerformanceCounter
GlobalAlloc
FreeLibrary
GetStartupInfoW
HeapCreate
GetProcessHeap
RtlUnwind
LoadLibraryA
DeleteCriticalSection
LocalFree
GetStringTypeW
lstrlenA
SetHandleCount
VirtualAlloc
VirtualFree
GetSystemInfo
InitializeCriticalSection
GetSystemDirectoryW
FlushFileBuffers
MultiByteToWideChar
CompareFileTime
LCMapStringW
GetEnvironmentStrings
VirtualQuery
GetWindowsDirectoryW
lstrlenW
GetVersionExW
GetLastError
SetLastError
SetUnhandledExceptionFilter
VirtualAlloc
CloseHandle
ExitProcess
GetCurrentProcessId
HeapSize
UnhandledExceptionFilter
WaitForMultipleObjects
GetFullPathNameW
SetEndOfFile

rtm

RtmHoldDestination
BestMatchInTable
RtmGetEntityMethods
RtmGetInstanceInfo
RtmRegisterEntity
RtmLockNextHop
RtmCreateNextHopEnum
DestroyTable
RtmDeregisterEntity
RtmReleaseEntities
MgmGetFirstMfe
RtmGetAddressFamilyInfo
MgmGetMfeStats
RtmGetFirstRoute
RtmGetNextHopInfo
RtmDeleteRoute
RtmDequeueRouteChangeMessage
RtmDereferenceHandles
RtmBlockSetRouteEnable
RtmDeleteRouteToDest
RtmLockRoute
RtmGetEntityInfo
RtmReleaseNextHopInfo
RtmGetMostSpecificDestination
RtmAddNextHop
MgmInitialize
RtmDeregisterFromChangeNotification
RtmReleaseEntityInfo
RtmGetNetworkCount
RtmReleaseRoutes
DumpTable
RtmLookupIPDestination
MgmGetMfe
RtmDeleteRouteTable
RtmReleaseRouteInfo
RtmGetInstances
RtmMarkDestForChangeNotification
EnumOverTable
RtmGetOpaqueInformationPointer
MgmTakeInterfaceOwnership
RtmGetRegisteredEntities
RtmAddRoute
RtmGetNextHopPointer
MgmRegisterMProtocol
RtmGetNextRoute
RtmGetDestInfo
RtmGetEnumNextHops
RtmWriteAddressFamilyConfig

advapi32

RegSetValueExW
RegEnumKeyW
RegDeleteKeyW
RegNotifyChangeKeyValue
RegCloseKey
RegOpenKeyExW
RegEnumValueW

ole32

CoInitialize
CoCreateInstance

pdh

PdhOpenQuery
PdhBrowseCountersHW
PdhAdd009CounterW
PdhRemoveCounter
PdhExpandWildCardPathHA
PdhGetCounterInfoW
PdhExpandCounterPathW
PdhBrowseCountersW
PdhVbUpdateLog
PdhFormatFromRawValue
PdhValidatePathA
PdhTranslateLocaleCounterW
PdhEnumMachinesHA
PdhGetCounterInfoA
PdhComputeCounterStatistics
PdhAddCounterW
PdhGetLogFileTypeA
PdhLookupPerfNameByIndexA
PdhEnumObjectItemsHA
PdhEnumObjectsW
PdhEnumObjectsHA
PdhValidatePathW
PdhOpenLogW
PdhVbGetDoubleCounterValue
PdhReadRawLogRecord
PdhListLogFileHeaderW
PdhMakeCounterPathW
PdhCollectQueryDataEx
PdhCollectQueryData
PdhGetDefaultPerfObjectHW
PdhGetDllVersion
PdhVbCreateCounterPathList
PdhExpandWildCardPathHW
PdhEnumMachinesA
PdhLookupPerfNameByIndexW
PdhEnumObjectsHW
PdhTranslateLocaleCounterA
PdhOpenLogA
PdhVbAddCounter
PdhUpdateLogW
PdhAddCounterA
PdhVbGetOneCounterPath
PdhVerifySQLDBA
PdhGetRawCounterArrayW
PdhVbGetLogFileSize
PdhUpdateLogFileCatalog
PdhOpenQueryA
PdhCloseQuery
PdhGetDataSourceTimeRangeW
PdhEnumLogSetNamesA
PdhSelectDataSourceW
PdhGetDataSourceTimeRangeH

Sections

.text
Size: 177KB - Virtual size: 177KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4858b49b3011d46a23df9cba2359009b

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

rtm

advapi32

ole32

pdh

Sections

.text Size: 177KB - Virtual size: 177KB

.data Size: 51KB - Virtual size: 51KB

.rsrc Size: 33KB - Virtual size: 564KB

.text
Size: 177KB - Virtual size: 177KB

.data
Size: 51KB - Virtual size: 51KB

.rsrc
Size: 33KB - Virtual size: 564KB