13f1c203e499715809677ea472c1b8b9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

13f1c203e499715809677ea472c1b8b9_JaffaCakes118
Size

208KB
MD5

13f1c203e499715809677ea472c1b8b9
SHA1

e8832856c74ddf947f66defc6c151fbab42be8bb
SHA256

05366543a0cd4b92b56d93a2b7a13924f781ddef064b15555633c3c183c154d7
SHA512

10473837ce5799d2e8d8e2434730d8a316f5f604632d4f27d5a6b2104231148d6d543836270d5c86bb2d7a34ec22b4464babffc22d778da8861dc86081f4d4c3
SSDEEP

3072:URYQPqx5VoE33Es8DTbwOBp70JyCIyNtx6Bu/yGLW5zUO7OSdtoGQFTqOWE:0YQShoIADTbwOD7uyYNyBurAzUOoGk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
13f1c203e499715809677ea472c1b8b9_JaffaCakes118

Files

13f1c203e499715809677ea472c1b8b9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

aa683cb9faa253be12381e91c907ced4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedIncrement
GetVersionExA
lstrcmpW
GlobalFindAtomA
GlobalGetAtomNameA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
GetThreadLocale
GetCurrentProcess
CreateFileA
GetCPInfo
GetOEMCP
HeapReAlloc
RtlUnwind
RaiseException
VirtualAlloc
GetCommandLineA
ExitProcess
HeapSize
HeapDestroy
HeapCreate
VirtualFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
WritePrivateProfileStringA
GlobalFlags
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GlobalFree
FormatMessageA
LocalFree
GetCurrentProcessId
GlobalAddAtomA
CloseHandle
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
GetModuleFileNameA
EnumResourceLanguagesA
GetLocaleInfoA
FindResourceA
LoadResource
LockResource
SizeofResource
lstrcmpA
GlobalAlloc
FreeLibrary
GlobalDeleteAtom
GlobalLock
GlobalUnlock
GetModuleHandleA
SetLastError
lstrlenA
CompareStringA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
CreateDirectoryA
lstrcpyA
CopyFileA
VirtualQuery
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryA
Sleep

user32

GetSysColorBrush
LoadCursorA
DestroyMenu
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
CopyRect
GetWindowRect
GetClassNameA
PtInRect
RegisterWindowMessageA
GetWindowTextA
SetWindowPos
ShowWindow
SetWindowLongA
GetDlgCtrlID
IsWindow
SetWindowTextA
GetDlgItem
GetWindow
UnregisterClassA
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
wsprintfA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
ClientToScreen
GetDC
ReleaseDC
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetSysColor

gdi32

CreateBitmap
GetStockObject
OffsetViewportOrgEx
GetDeviceCaps
RestoreDC
SetBkColor
SetTextColor
CreateSolidBrush
Ellipse
DeleteDC
SetMapMode
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SaveDC
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
SetViewportExtEx

shlwapi

PathFindExtensionA
PathFindFileNameA

oleacc

LresultFromObject
CreateStdAccessibleObject

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

??0Dllclass@@QAE@XZ
??1Dllclass@@QAE@XZ
??4Dllclass@@QAEAAV0@ABV0@@Z
?Add@Dllclass@@QAEHHH@Z
?DLLArg@@3HA
?Sub@Dllclass@@QAEHHH@Z
DLLfun2
DrawEllipse
micros

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aa683cb9faa253be12381e91c907ced4

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shlwapi

oleacc

winspool.drv

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 32KB - Virtual size: 29KB

.data Size: 8KB - Virtual size: 22KB

.rsrc Size: 16KB - Virtual size: 14KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 32KB - Virtual size: 29KB

.data
Size: 8KB - Virtual size: 22KB

.rsrc
Size: 16KB - Virtual size: 14KB

.reloc
Size: 20KB - Virtual size: 18KB