291a766c16020d1ca87e8b6c441d80a7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

291a766c16020d1ca87e8b6c441d80a7_JaffaCakes118
Size

244KB
MD5

291a766c16020d1ca87e8b6c441d80a7
SHA1

81c2f47c93b311f62f99d3fcee741ce9dd719313
SHA256

6f3e86e172994a9e67c7eaed4d85eab097f7481d0a11af3af41a75f22d95acd1
SHA512

37d9311ebe0c0b45216d82d5ade3249a9ca0e8fe33f8f09b8fded29d893b0ef2ce4ac6cf7c4cdf6c0644244e94e79af5f01df973e6dc7d3756b99cb5acee77e0
SSDEEP

6144:XAzbA7IhL5H3dvUf79+pnsMJJTbCa/BO:wzb48NDTbCa/B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
291a766c16020d1ca87e8b6c441d80a7_JaffaCakes118

Files

291a766c16020d1ca87e8b6c441d80a7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

92e5146d28ebbb1804c25ba89a7735b7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
HeapFree
RtlUnwind
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
HeapSize
TerminateProcess
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
HeapDestroy
GetCurrentProcess
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
FlushFileBuffers
SetFilePointer
WriteFile
GetOEMCP
GetCPInfo
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcatA
lstrcmpW
GetModuleHandleA
lstrcpyA
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
lstrcmpA
GetModuleFileNameA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpynA
LocalFree
RaiseException
DeleteCriticalSection
InitializeCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceA
FreeLibrary
CloseHandle
InterlockedDecrement
GetProcAddress
CreateEventA
LoadLibraryA
GetLastError
FormatMessageA
GetCurrentThreadId
WaitForSingleObject
lstrlenA
lstrcmpiA
WideCharToMultiByte
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
GetVersionExA
HeapCreate
InterlockedExchange

user32

GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
DestroyMenu
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowPos
ClientToScreen
CopyRect
GetWindowLongA
GetWindow
SetWindowLongA
GetDlgCtrlID
GetWindowRect
PtInRect
GetFocus
SetWindowTextA
GetClassNameA
GetKeyState
ValidateRect
PostQuitMessage
LoadCursorA
GetSystemMetrics
SetPropA
SendMessageA
GetDlgItem
CallWindowProcA
GetPropA
MessageBoxA
SetWindowsHookExA
UnhookWindowsHookEx
GetWindowTextA
GetWindowTextLengthA
CallNextHookEx
DispatchMessageA
TranslateMessage
PeekMessageA
FindWindowA
RegisterWindowMessageA
UnregisterClassA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetParent
GetLastActivePopup
IsWindowEnabled
EnableWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu

gdi32

DeleteDC
GetStockObject
SelectObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DeleteObject
SetViewportOrgEx

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

ord17

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantChangeType
VariantInit

Exports

Exports

MM_InitWrapper

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92e5146d28ebbb1804c25ba89a7735b7

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

oleaut32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 86KB

.rdata Size: 24KB - Virtual size: 20KB

.data Size: 8KB - Virtual size: 19KB

.rsrc Size: 100KB - Virtual size: 98KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 88KB - Virtual size: 86KB

.rdata
Size: 24KB - Virtual size: 20KB

.data
Size: 8KB - Virtual size: 19KB

.rsrc
Size: 100KB - Virtual size: 98KB

.reloc
Size: 20KB - Virtual size: 16KB