1baa7129b5bbae50c878643e11f085bc_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

1baa7129b5bbae50c878643e11f085bc_JaffaCakes118
Size

489KB
MD5

1baa7129b5bbae50c878643e11f085bc
SHA1

76bdce1f1c871828e7fd14c326e5c6c9d94c860d
SHA256

e0a882cd86b05d893bcb62c15493f44c2eedf6310f41b1b1c8da559a9f2daf19
SHA512

73e1730fb112e9e791b1b6c3b5bd86a9b07e600cb1a192f85cf92de5ec66a2c9180e091c69785ad0a0ce2afe15ba4d5ef92d7424ffc4c0073f1383088835c093
SSDEEP

12288:q14C5qAA9btlqoa2VTETx7ByEs0Y6/LBjRMitBS9UqdZ:rijqhlTMvs0Y6VdMitM9UqdZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
1baa7129b5bbae50c878643e11f085bc_JaffaCakes118

Files

1baa7129b5bbae50c878643e11f085bc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

41ae569105cfb4478257569d3aa094a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\818\beauty\tube\Feed\bottom\ago.pdb

Imports

kernel32

VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
GetCurrentProcessId
VirtualAlloc
GetTickCount
QueryPerformanceCounter
HeapReAlloc
WriteFile
LCMapStringA
LCMapStringW
InitializeCriticalSection
LoadLibraryA
HeapSize
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
GetLocaleInfoW
CloseHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
CreateFileA
GetVersion
GetWindowsDirectoryW
TlsAlloc
VirtualProtect
FindNextFileW
CreateEventW
FindFirstFileW
FindClose
GetCurrentDirectoryW
OpenMutexW
GetTempPathW
LoadLibraryW
TlsSetValue
SetEvent
GetCurrentProcess
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
GetLastError
GetCPInfo
DeleteCriticalSection
GetProcAddress
GetModuleHandleA
ExitProcess
TlsGetValue
TlsFree
SetLastError
GetACP
GetOEMCP
Sleep
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte

user32

DefWindowProcW
GetScrollPos
EndDeferWindowPos
SetClipboardData
SendMessageW
CheckRadioButton
SendDlgItemMessageW
ReleaseDC
EndPaint
DestroyWindow
MapVirtualKeyW
SetTimer
LoadImageW
DrawTextW
SetForegroundWindow
CallNextHookEx
SetParent
ExitWindowsEx
EnumWindows
GetClassInfoExW
InflateRect
IntersectRect
GetWindowLongW

gdi32

MoveToEx
SetBkColor
LineTo
SetTextColor
GetClipBox
SetBkMode
CreateBitmap
GetCharWidthW
IntersectClipRect

ole32

CoUninitialize
OleSetContainedObject
OleInitialize
CoSuspendClassObjects
OleUninitialize
StgCreateDocfile
CoInitialize
OleCreate

advapi32

CloseServiceHandle
OpenProcessToken
DeleteService
StartServiceCtrlDispatcherW
GetTokenInformation
RegEnumKeyW
RegQueryValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
AllocateAndInitializeSid
SetServiceStatus
SetEntriesInAclW
FreeSid
RegOpenKeyExW
RegisterServiceCtrlHandlerW
ControlService
AdjustTokenPrivileges
RegCloseKey
RegSetValueExW
CreateServiceW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

comctl32

ImageList_Remove
ImageList_GetImageCount
ImageList_Destroy
ImageList_SetIconSize
ImageList_AddMasked
ImageList_SetBkColor
ImageList_SetDragCursorImage

dhcpsapi

DhcpSetClientInfo
DhcpGetSubnetInfo
DhcpGetClientInfo
DhcpGetServerBindingInfo
DhcpCreateClientInfo
DhcpEnumSubnets
DhcpDeleteClientInfo
DhcpGetVersion
DhcpEnumSubnetClients
DhcpRpcFreeMemory

Exports

Exports

Dance
Eveningrun
ExerciseBeat
Hundredcharacter
Listenstood
Mastersimple
Suddenold

Sections

.text
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41ae569105cfb4478257569d3aa094a2

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

ole32

advapi32

comdlg32

comctl32

dhcpsapi

Exports

Exports

Sections

.text Size: 284KB - Virtual size: 281KB

.rdata Size: 164KB - Virtual size: 162KB

.data Size: 8KB - Virtual size: 66KB

.reloc Size: 12KB - Virtual size: 8KB

.text
Size: 284KB - Virtual size: 281KB

.rdata
Size: 164KB - Virtual size: 162KB

.data
Size: 8KB - Virtual size: 66KB

.reloc
Size: 12KB - Virtual size: 8KB