235c6e43dbdd89c83eee148b696d6656_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

235c6e43dbdd89c83eee148b696d6656_JaffaCakes118
Size

252KB
MD5

235c6e43dbdd89c83eee148b696d6656
SHA1

755630eba5bf1e935ad181e6fa586aeae9d494ed
SHA256

ebae0458ec09a7d67ddaaa1987e08f47d4ea9b00f846eca8a47fab3b283d2e1b
SHA512

ca22515937babecc4eebfac769c8182e047fddaa84e7505c156c66ac92bca69eeb07fa608ce58896d38a63e8f9e4c0c2d7d8fddeadd16c0570a72c07dce4b359
SSDEEP

3072:P9NmvrPXHJewBWExR6NQJKyQ2YDixS6MeKeErnCxbhw6rNGKFdL2FbXoKVjWUD7d:Pizs5EgHLJGd3VdaYUDNZH64Vb

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BaDBoYv4.2.dll
unpack001/BaDBoYv4.2.exe

Files

235c6e43dbdd89c83eee148b696d6656_JaffaCakes118
.zip
BaDBoYv4.2.dll
.dll windows:4 windows x86 arch:x86

79bfab709a9cc119011034bfb3995264

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualProtect
IsBadWritePtr
IsBadReadPtr
GetProcAddress
GetModuleHandleA
ExitProcess
GetLastError
GetFileSize
CloseHandle
ReadFile
CreateFileA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
LoadLibraryA
FreeLibrary
OutputDebugStringA
lstrcmpiA
GetModuleFileNameA
OpenProcess
WriteProcessMemory
VirtualProtectEx
ReadProcessMemory
GetCurrentProcessId
GetPrivateProfileStringA
GetLocaleInfoW
SetEndOfFile
GetOEMCP
GetACP
SetStdHandle
IsBadCodePtr
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetVersionExA
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
MultiByteToWideChar
RtlUnwind
RaiseException
HeapFree
GetCommandLineA
GetVersion
HeapAlloc
HeapReAlloc
LCMapStringA
LCMapStringW
GetCPInfo
CompareStringA
CompareStringW
TerminateProcess
GetCurrentProcess
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
WriteFile
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetEnvironmentVariableA

user32

MessageBoxA
GetAsyncKeyState

winmm

timeGetTime

opengl32

glColor3f
glGetFloatv
glDisable
glEnable
glColor4f
glClearColor

Exports

Exports

CreateInterface

Sections

.text
Size: 416KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BaDBoYv4.2.exe
.exe windows:4 windows x86 arch:x86

4f4f42aaa8936db76e48fd9fc976a785

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersion
GetProcAddress
GetModuleHandleA
GlobalFree
ReadProcessMemory
GlobalAlloc
OpenProcess
CloseHandle
SetThreadContext
SuspendThread
Sleep
ResumeThread
WriteProcessMemory
VirtualProtectEx
GetThreadContext
GetExitCodeThread
WaitForSingleObject
CreateRemoteThread
ExitProcess
LoadLibraryA
Process32Next
Process32First
CreateToolhelp32Snapshot
Thread32Next
Thread32First
FindFirstFileA
TerminateProcess
GetModuleFileNameA
GetStringTypeA
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStartupInfoA
GetCommandLineA
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc

user32

DialogBoxParamA
EndDialog
GetAsyncKeyState
MessageBoxA
GetDlgItemTextA

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_help.url
_read.txt
main.cfg
menu.txt
name.cfg
rates.cfg

Sharing

General

Malware Config

Signatures

Files

79bfab709a9cc119011034bfb3995264

Headers

File Characteristics

Imports

kernel32

user32

winmm

opengl32

Exports

Exports

Sections

.text Size: 416KB - Virtual size: 414KB

.reloc Size: 24KB - Virtual size: 20KB

4f4f42aaa8936db76e48fd9fc976a785

Headers

File Characteristics

Imports

kernel32

user32

Sections

.text Size: 16KB - Virtual size: 14KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 104KB - Virtual size: 103KB

.text
Size: 416KB - Virtual size: 414KB

.reloc
Size: 24KB - Virtual size: 20KB

.text
Size: 16KB - Virtual size: 14KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 104KB - Virtual size: 103KB