2ba44acc3d24eaee90fc938890963bcd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

2ba44acc3d24eaee90fc938890963bcd_JaffaCakes118
Size

96KB
MD5

2ba44acc3d24eaee90fc938890963bcd
SHA1

8478125882b37ec0a26fe41fe4bad42f72090823
SHA256

7e67b62f3b05e2981a38af3d38ee907de3f7f4b84c3547c2575060db2a5d1f92
SHA512

89ef0211ad5748955e31560206df2107fc020a883ec3111ab1af0c601e8c165ed3d3da67146709ab2ef7774e528ed8151fc1c045e3244bf0280613b2de15393d
SSDEEP

1536:kU0oDHG5424FI9e9X2V1+xGcSC2JnQISjTRqiTR+MksqIwd9uw:kU0oDHG542l8Jk+yC2JnQIARqiTR+MkB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2ba44acc3d24eaee90fc938890963bcd_JaffaCakes118

Files

2ba44acc3d24eaee90fc938890963bcd_JaffaCakes118
.dll windows:6 windows x86 arch:x86

8c90b54edf302ee5238e3025fe256add

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

syncui.pdb

Imports

msvcrt

iswalpha
wcschr
memcpy
_XcptFilter
malloc
free
_initterm
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
_vsnwprintf
_except_handler4_common
memset

gdi32

DeleteObject
GetDeviceCaps
GetLayout
ExtTextOutW
GetTextMetricsW
SetViewportOrgEx
GetTextExtentPointW
GetStockObject
CreateSolidBrush
GetNearestColor
SetTextColor
SetBkColor
GetBkColor
SetBkMode
SetTextAlign
SetLayout
SelectObject
CreateFontIndirectW
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
GetPixel

user32

SendMessageW
EnableWindow
GetProcessDefaultLayout
IsRectEmpty
DrawFocusRect
GetSystemMetrics
GetSysColor
GetSysColorBrush
FillRect
DrawTextW
PeekMessageW
SetCursor
DestroyIcon
SetRect
GetDesktopWindow
LoadStringW
DrawTextExW
SystemParametersInfoW
GetDC
LoadIconW
GetAncestor
CharUpperBuffW
CharLowerW
DrawFrameControl
IntersectRect
OffsetRect
CreatePopupMenu
SetMenuItemInfoW
CheckMenuRadioItem
InsertMenuItemW
DeleteMenu
GetMenuItemCount
LoadBitmapW
CreateWindowExW
CreateDialogParamW
DialogBoxParamW
GetDlgItem
ClientToScreen
GetKeyState
UnionRect
GetMenuItemInfoW
EndPaint
DrawEdge
BeginPaint
SetFocus
UnregisterClassW
TrackPopupMenu
DestroyMenu
ScreenToClient
CharPrevW
DefWindowProcW
RegisterClassExW
IsWindowEnabled
GetFocus
ShowCaret
HideCaret
SetForegroundWindow
SwitchToThisWindow
GetLastActivePopup
RegisterClipboardFormatW
InsertMenuW
CheckRadioButton
CharNextW
GetParent
UpdateWindow
InvalidateRect
DefDlgProcW
SetWindowTextW
GetWindowTextW
CharUpperW
LoadCursorW
EndDialog
SetWindowLongW
ReleaseDC
DeferWindowPos
MapWindowPoints
GetWindowRect
EndDeferWindowPos
BeginDeferWindowPos
DestroyWindow
IsWindow
SendDlgItemMessageW
SetDlgItemTextW
ShowWindow
GetClientRect
PostMessageW
DispatchMessageW
TranslateMessage
SetWindowPos
GetWindowLongW

shell32

SHChangeNotify
ord42
SHGetDataFromIDListW
SHBindToParent
SHCreateItemFromParsingName
ord155
SHCreateItemFromIDList
SHGetKnownFolderIDList
SHOpenFolderAndSelectItems
SHParseDisplayName
ord66
ord64
ord70
DragQueryFileW
SHGetPathFromIDListW
ord102
SHCreateShellItemArrayFromDataObject
ord47
SHGetFileInfoW
SHGetFolderPathW

shlwapi

ord217
StrRetToBufW
PathSkipRootW
ord157
PathMakeSystemFolderW
ord199
ord413
ord219
StrDupW
SHStrDupW
PathIsSystemFolderW
StrTrimW
ord456
ord156
PathIsUNCW
StrChrW
ord354
PathRemoveBackslashW
PathCommonPrefixW
PathIsDirectoryW
PathRemoveFileSpecW
PathFindFileNameW
ord158
PathAppendW
StrFormatByteSizeW
PathGetDriveNumberW
StrCmpIW
PathCombineW
ord388
PathIsPrefixW
ord213
StrStrW
StrToIntExW
ord12

synceng

CloseBriefcase
OpenBriefcase
DestroyFolderTwinList
CreateFolderTwinList
DestroyRecList
DestroyTwinList
CreateTwinList
IsFolderTwin
AddFolderTwin
DeleteTwin
GetFolderTwinStatus
GetVolumeDescription
CreateRecList
AddAllTwinsToTwinList
ReleaseTwinHandle
GetObjectTwinHandle
AddTwinToTwinList
CountSourceFolderTwins
EndReconciliation
ReconcileItem
BeginReconciliation
AnyTwins
ClearBriefcaseCache
FindBriefcaseClose
AddObjectTwin
FindFirstBriefcase
FindNextBriefcase
SaveBriefcase

kernel32

MoveFileW
LoadLibraryW
GetModuleFileNameW
DeactivateActCtx
ActivateActCtx
ReleaseActCtx
CreateActCtxW
GetModuleHandleW
FindResourceExW
LoadResource
LockResource
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
Sleep
InterlockedExchange
LoadLibraryExA
InterlockedCompareExchange
FreeLibrary
GetProcAddress
DelayLoadFailureHook
GlobalLock
GlobalUnlock
HeapFree
GetProcessHeap
HeapAlloc
DeleteFileW
InterlockedIncrement
DisableThreadLibraryCalls
FindFirstFileW
FindNextFileW
FindClose
FormatMessageW
MulDiv
GetShortPathNameW
WideCharToMultiByte
MultiByteToWideChar
GetTickCount
CreateDirectoryW
LocalSize
LocalReAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
GetFileAttributesExW
lstrlenW
LocalAlloc
GetLastError
InterlockedDecrement
LocalFree
GetFileAttributesW
SetFileAttributesW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
lstrcmpiW

Exports

Exports

Briefcase_IntroW
DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8c90b54edf302ee5238e3025fe256add

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

gdi32

user32

shell32

shlwapi

synceng

kernel32

Exports

Exports

Sections

.text Size: 82KB - Virtual size: 82KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 64KB - Virtual size: 64KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 82KB - Virtual size: 82KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 64KB - Virtual size: 64KB

.reloc
Size: 4KB - Virtual size: 3KB