1697d0f7597ca0d647b9f37954823f6a_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1697d0f7597ca0d647b9f37954823f6a_JaffaCakes118
Size

124KB
MD5

1697d0f7597ca0d647b9f37954823f6a
SHA1

9828432e974c201043c49fc4f079bcc537b2d461
SHA256

50c09b6b5274c3f844eaeb0265927e13e612f8c7f91c4cee6ccaca44e696693d
SHA512

b745afa89471afc410b6a8eae0e82c91f449e8c6592dc5423850e1112b7aa5c819bd1901a4a2e613eebef12903dd210564d889ad2a077a4223548686f4b5a6e7
SSDEEP

3072:dEm8QRlA3aNkRAyTddoNxARag44LJ3Jh9ypXcdJ9XfUfCwhw:dESeZqxJspJip

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1697d0f7597ca0d647b9f37954823f6a_JaffaCakes118

Files

1697d0f7597ca0d647b9f37954823f6a_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b060f687462edb4c933fe5696ff0aa82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateDirectoryW
DeleteFileW
GetTempFileNameW
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
ReadFile
SetFilePointer
GetFileAttributesW
SetFileAttributesW
GetLongPathNameW
HeapAlloc
HeapFree
CancelWaitableTimer
RegisterWaitForSingleObject
SetWaitableTimer
CreateWaitableTimerW
lstrlenW
CancelIo
GetProcessHeap
RaiseException
VirtualAlloc
GetSystemInfo
VirtualQuery
GetTempPathW
DeleteCriticalSection
lstrcmpiW
HeapDestroy
lstrcpynW
lstrlenA
SizeofResource
LoadResource
FindResourceW
GlobalUnlock
GlobalLock
GlobalAlloc
FlushInstructionCache
GetOverlappedResult
EnterCriticalSection
CreateFileW
LeaveCriticalSection
CreateThread
lstrcmpW
SetErrorMode
LoadLibraryW
GetProcAddress
FreeLibrary
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCurrentThreadId
InterlockedCompareExchange
InterlockedExchange
SetLastError
Sleep
InitializeCriticalSection
ResetEvent
DisableThreadLibraryCalls
CloseHandle
SetEvent
WaitForSingleObject
CreateEventW
GetLastError
InitializeCriticalSectionAndSpinCount
GetTickCount
GetCommandLineA
LoadLibraryA
VirtualProtect

user32

IsChild
GetClientRect
DestroyAcceleratorTable
SetWindowLongW
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetDC
GetFocus
TranslateMessage
LoadStringW
RegisterWindowMessageW
RedrawWindow
CreateAcceleratorTableW
CharNextW
GetWindowLongW
DestroyWindow
DefWindowProcW
ReleaseDC
GetWindowTextLengthW
wsprintfW
LoadCursorW
GetClassInfoExW
CreateWindowExW
ShowWindow
SetFocus
GetParent
GetWindow
SetWindowTextW
GetWindowTextW
RegisterClassExW
DispatchMessageW

advapi32

ImpersonateLoggedOnUser
CryptAcquireContextW
CryptGetProvParam
CryptReleaseContext
RegDeleteKeyW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
CryptGetKeyParam
CryptGetUserKey
SetServiceStatus
RevertToSelf
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
DuplicateToken
FreeSid
OpenProcessToken
OpenThreadToken
CryptDestroyKey

gdi32

SetWindowExtEx
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
CreateMetaFileW
SaveDC
SetWindowOrgEx
RestoreDC
CloseMetaFile

ole32

OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CoTaskMemFree
CoImpersonateClient
CoRevertToSelf
CoDisconnectObject
CoRevokeClassObject
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc

msvcrt

realloc
wcschr
memcpy
_vsnwprintf
_wcsnicmp
_adjust_fdiv
_initterm
free
_except_handler3
__CxxFrameHandler
malloc

msvcp60

??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b060f687462edb4c933fe5696ff0aa82

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

msvcrt

msvcp60

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 1024B - Virtual size: 34KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 1024B - Virtual size: 34KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 4KB - Virtual size: 3KB