23e6a286815795b891cb1bf5514f3603_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

23e6a286815795b891cb1bf5514f3603_JaffaCakes118
Size

273KB
MD5

23e6a286815795b891cb1bf5514f3603
SHA1

14d086ee12d3baab3d1c45827d3d1d69416a4746
SHA256

b80bc9820865464a211183a67d5aef80d5cb3dddbdc10a6a14ee7f9deea17346
SHA512

588787b27c94f55a13e2e6b5fc88ea838681d09b5c79b73bfa31b8c0fc51831423f603cf21cbf0a6f1c519cbb1c8c057677c30c81f6da131c53d065827c03af9
SSDEEP

6144:3HIVa2keFNxsmpMzIHcdiXkEphCDR7N+ySozLl8RetTKFgTQTnc:3o3NfMEyhDiySkUeoFgTQI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
23e6a286815795b891cb1bf5514f3603_JaffaCakes118

Files

23e6a286815795b891cb1bf5514f3603_JaffaCakes118
.dll windows:4 windows x86 arch:x86

c89cffadc45d1db38c0cab1caf66401c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

LoadRegTypeLi
LoadTypeLi
OleCreateFontIndirect
SysAllocStringLen
SysFreeString
SysStringByteLen
SysStringLen
VarCyInt
VarDecFromR4
VarUI4FromStr
VariantClear
VariantInit

user32

IsChild
InvalidateRgn
InvalidateRect
GetWindowWord
GetWindowTextLengthA
GetWindowTextA
GetWindowRect
GetWindowLongA
GetWindow
GetSysColor
GetDlgItem
GetDlgCtrlID
GetDesktopWindow
GetDC
GetCursorPos
GetClientRect
IsWindow
LoadCursorA
LoadStringA
MessageBoxA
PtInRect
RegisterClassExA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
GetClassNameA
GetClassInfoExA
GetCapture
GetActiveWindow
EndPaint
EndDialog
DialogBoxIndirectParamA
DestroyWindow
DestroyAcceleratorTable
DefWindowProcA
CreateWindowExA
CreateAcceleratorTableA
ClipCursor
CharNextA
CallWindowProcA
BeginPaint
SendMessageA
SetCursor
SetWindowContextHelpId
SetWindowLongA
SetWindowPlacement
SetWindowPos
SetWindowTextA
SwitchToThisWindow
ToAscii
UnhookWindowsHookEx
keybd_event
wsprintfA

ddraw

DirectDrawCreateClipper

comctl32

ord17

kernel32

lstrcmpiA
lstrcmpA
lstrcpynA
VirtualProtect
VirtualFree
VirtualAlloc
SizeofResource
SetLastError
lstrlenA
QueryPerformanceCounter
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryExA
LoadLibraryA
LeaveCriticalSection
IsProcessorFeaturePresent
IsDBCSLeadByte
InterlockedIncrement
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
InitializeCriticalSection
HeapFree
HeapAlloc
GlobalUnlock
GlobalLock
GlobalHandle
GlobalFree
GlobalAlloc
GetVersionExA
GetTickCount
GetThreadLocale
lstrlenW
RaiseException
WideCharToMultiByte
DeleteCriticalSection
DisableThreadLibraryCalls
EnterCriticalSection
ExitProcess
FindResourceA
FlushInstructionCache
FreeLibrary
GetACP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetProcessPriorityBoost
GetSystemTimeAsFileTime

shell32

WOWShellExecute
SHLoadNonloadedIconOverlayIdentifiers
SHGetSpecialFolderLocation
SHFreeNameMappings
SHExtractIconsW
SHCreateProcessAsUserW
SHBindToParent
DragAcceptFiles

gdi32

SetBkMode
SelectObject
SaveDC
RestoreDC
GetStockObject
GetObjectA
GetDeviceCaps
SetMetaFileBitsEx
DeleteObject
DeleteDC
DPtoLP
CreateSolidBrush
CreatePenIndirect
CreateCompatibleBitmap
BitBlt
ExtFloodFill
SetTextColor
SetWindowOrgEx

advapi32

RegSetValueExA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey

Exports

Exports

CreateNPatchMesh
CreateVolumeTextureFromFileA
FileInfo
GeneratePMesh
LoadSurfaceFromSurface
ReadFileExtensions
SHDot
SHRotateZ
SaveMeshHierarchyToFileW
SaveSurfaceToFileInMemory
StartDecompressBuffer
Vec4Transform
VecStopFeedLoad
mpegSplitSeekTime

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c89cffadc45d1db38c0cab1caf66401c

Headers

File Characteristics

Imports

oleaut32

user32

ddraw

comctl32

kernel32

shell32

gdi32

advapi32

Exports

Exports

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 125KB - Virtual size: 125KB

.data Size: 43KB - Virtual size: 43KB

.rsrc Size: 50KB - Virtual size: 50KB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 125KB - Virtual size: 125KB

.data
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 50KB - Virtual size: 50KB

.reloc
Size: 2KB - Virtual size: 2KB