286fb924ad5808c8abf6b49e0f60c9c1_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

286fb924ad5808c8abf6b49e0f60c9c1_JaffaCakes118
Size

107KB
MD5

286fb924ad5808c8abf6b49e0f60c9c1
SHA1

84b893367b8ce4e5f9a27968a6eef70bcc8b15cc
SHA256

59a1ef9d7fead9b87cbf55739c68254b3e015cab8b87798a08450e9ff055742b
SHA512

d4e84865d3d84f9c6949b49184dec5406a84535ab3d56b12f54c50ab186a719a28d807abe0bccb63bbcf9072201a77b809b98c9bbf6ab6fe2c433eb1b983e8a7
SSDEEP

3072:0pQjRJypRTY2TvB9osacVTjiN75yNmh2m5sHHI:EQjRJyPjB9osFQNOmh2m5sHH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
286fb924ad5808c8abf6b49e0f60c9c1_JaffaCakes118

Files

286fb924ad5808c8abf6b49e0f60c9c1_JaffaCakes118
.dll windows:5 windows x86 arch:x86

5973849e526e38e800f3d132db2b086f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

imm32.pdb

Imports

advapi32

CheckTokenMembership
FreeSid
RegCreateKeyW
RegSetValueExW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid

gdi32

CreateFontIndirectW
GetObjectW
CreateDCW
GetTextExtentPoint32W
SetBkColor
CreateCompatibleBitmap
GetDIBits
CreateDIBitmap
TranslateCharsetInfo
PatBlt
Rectangle
SelectObject
GetStockObject
BitBlt
DeleteObject
DeleteDC
CreateCompatibleDC
GetTextMetricsW
ExtTextOutW

kernel32

IsBadWritePtr
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleFileNameW
lstrcmpiW
CreateThread
Sleep
TlsGetValue
TlsSetValue
TlsAlloc
OpenFileMappingW
GetCurrentProcessId
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetLastError
lstrlenA
IsDBCSLeadByte
GetProfileIntW
lstrcmpW
SetLastError
lstrcpynW
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
InterlockedDecrement
GetLocaleInfoW
HeapAlloc
LocalSize
LocalReAlloc
LocalFlags
LocalUnlock
LocalLock
GetFullPathNameW
lstrlenW
OpenFile
_lclose
GetThreadLocale
GetSystemDirectoryW
LocalAlloc
GetACP
FreeLibrary
BaseCheckAppcompatCache
GetModuleHandleW
LoadLibraryW
GetProcAddress
MultiByteToWideChar
HeapFree
InterlockedIncrement
GetCurrentThreadId
WideCharToMultiByte
LocalFree
IsDBCSLeadByteEx
GetSystemDefaultLCID

ntdll

RtlUnwind
RtlIsThreadWithinLoaderCallout
RtlDllShutdownInProgress
RtlUnicodeToMultiByteSize
wcstol
_wcsicmp
wcsncpy
RtlIntegerToUnicodeString
wcscat
RtlUnicodeStringToInteger
wcscpy
RtlDeleteCriticalSection
NtQuerySystemInformation
RtlEnterCriticalSection
RtlLeaveCriticalSection
wcslen
RtlInitializeCriticalSection
NtQueryVirtualMemory

user32

SendMessageW
wsprintfW
GetClassInfoW
GetFocus
User32InitializeImmEntryTable
CharUpperW
UnloadKeyboardLayout
LoadBitmapW
ReleaseDC
GetDC
GetClientRect
SetWindowLongW
GetWindowLongW
DrawTextExW
GetWindowRect
GetSystemMetrics
MessageBeep
SetCapture
ScreenToClient
GetCursorPos
SetCursor
LoadCursorW
SendMessageTimeoutW
GetDesktopWindow
IsWindowUnicode
CharNextW
CharNextA
MapWindowPoints
GetForegroundWindow
ClientToScreen
GetKeyboardState
ToUnicode
ToAsciiEx
DestroyWindow
MapVirtualKeyW
CreateWindowExW
ShowWindow
UpdateWindow
MonitorFromWindow
GetMonitorInfoW
SystemParametersInfoW
GetClassInfoExW
LoadIconW
RegisterClassExW
GetParent
GetCapture
DrawEdge
BeginPaint
EndPaint
InvalidateRect
DefWindowProcW
ReleaseCapture
SetWindowPos
GetWindow
LoadKeyboardLayoutW
GetWindowThreadProcessId
GetKeyboardLayoutList
SendMessageA
PostMessageW
PostMessageA
WCSToMBEx
GetKeyboardLayout
IsWindow
keybd_event

Exports

Exports

CtfAImmActivate
CtfAImmDeactivate
CtfAImmIsIME
CtfImmCoUninitialize
CtfImmDispatchDefImeMessage
CtfImmEnterCoInitCountSkipMode
CtfImmGenerateMessage
CtfImmGetGuidAtom
CtfImmHideToolbarWnd
CtfImmIsCiceroEnabled
CtfImmIsCiceroStartedInThread
CtfImmIsGuidMapEnable
CtfImmIsTextFrameServiceDisabled
CtfImmLastEnabledWndDestroy
CtfImmLeaveCoInitCountSkipMode
CtfImmRestoreToolbarWnd
CtfImmSetAppCompatFlags
CtfImmSetCiceroStartInThread
CtfImmTIMActivate
GetKeyboardLayoutCP
ImmActivateLayout
ImmAssociateContext
ImmAssociateContextEx
ImmCallImeConsoleIME
ImmConfigureIMEA
ImmConfigureIMEW
ImmCreateContext
ImmCreateIMCC
ImmCreateSoftKeyboard
ImmDestroyContext
ImmDestroyIMCC
ImmDestroySoftKeyboard
ImmDisableIME
ImmDisableIme
ImmDisableTextFrameService
ImmEnumInputContext
ImmEnumRegisterWordA
ImmEnumRegisterWordW
ImmEscapeA
ImmEscapeW
ImmFreeLayout
ImmGenerateMessage
ImmGetAppCompatFlags
ImmGetCandidateListA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetCandidateWindow
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmGetCompositionStringA
ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmGetConversionListA
ImmGetConversionListW
ImmGetConversionStatus
ImmGetDefaultIMEWnd
ImmGetDescriptionA
ImmGetDescriptionW
ImmGetGuideLineA
ImmGetGuideLineW
ImmGetHotKey
ImmGetIMCCLockCount
ImmGetIMCCSize
ImmGetIMCLockCount
ImmGetIMEFileNameA
ImmGetIMEFileNameW
ImmGetImeInfoEx
ImmGetImeMenuItemsA
ImmGetImeMenuItemsW
ImmGetOpenStatus
ImmGetProperty
ImmGetRegisterWordStyleA
ImmGetRegisterWordStyleW
ImmGetStatusWindowPos
ImmGetVirtualKey
ImmIMPGetIMEA
ImmIMPGetIMEW
ImmIMPQueryIMEA
ImmIMPQueryIMEW
ImmIMPSetIMEA
ImmIMPSetIMEW
ImmInstallIMEA
ImmInstallIMEW
ImmIsIME
ImmIsUIMessageA
ImmIsUIMessageW
ImmLoadIME
ImmLoadLayout
ImmLockClientImc
ImmLockIMC
ImmLockIMCC
ImmLockImeDpi
ImmNotifyIME
ImmPenAuxInput
ImmProcessKey
ImmPutImeMenuItemsIntoMappedFile
ImmReSizeIMCC
ImmRegisterClient
ImmRegisterWordA
ImmRegisterWordW
ImmReleaseContext
ImmRequestMessageA
ImmRequestMessageW
ImmSendIMEMessageExA
ImmSendIMEMessageExW
ImmSendMessageToActiveDefImeWndW
ImmSetActiveContext
ImmSetActiveContextConsoleIME
ImmSetCandidateWindow
ImmSetCompositionFontA
ImmSetCompositionFontW
ImmSetCompositionStringA
ImmSetCompositionStringW
ImmSetCompositionWindow
ImmSetConversionStatus
ImmSetHotKey
ImmSetOpenStatus
ImmSetStatusWindowPos
ImmShowSoftKeyboard
ImmSimulateHotKey
ImmSystemHandler
ImmTranslateMessage
ImmUnlockClientImc
ImmUnlockIMC
ImmUnlockIMCC
ImmUnlockImeDpi
ImmUnregisterWordA
ImmUnregisterWordW
ImmWINNLSEnableIME
ImmWINNLSGetEnableStatus
ImmWINNLSGetIMEHotkey

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5973849e526e38e800f3d132db2b086f

Headers

File Characteristics

PDB Paths

Imports

advapi32

gdi32

kernel32

ntdll

user32

Exports

Exports

Sections

.text Size: 83KB - Virtual size: 82KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 19KB - Virtual size: 19KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 83KB - Virtual size: 82KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 19KB - Virtual size: 19KB

.reloc
Size: 3KB - Virtual size: 3KB