2c8f65eb00707e036c1ea6880bd8b064_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

2c8f65eb00707e036c1ea6880bd8b064_JaffaCakes118
Size

35KB
MD5

2c8f65eb00707e036c1ea6880bd8b064
SHA1

d720c28ad625c1c641b08757aebce5e8a41c5b7e
SHA256

784281ff5332692302307ee2cf2d01307785687954f8c80846368c22a200539c
SHA512

052aeb3ddb1e148027cbe41d76a98ba4006920be0d733b772885457a36d2fc6c32f4358e00c7c266ad87f7ea33037c8cf2e7ebe08aa3ea977b823c8917edbbf0
SSDEEP

768:XKNZuRk0eeNhWuRNdiY1cHHXp2x7UQl28QdK/nNRbiRW3PNH:XKNZu1LNhW2SHHXg7UQl28d/NRtR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2c8f65eb00707e036c1ea6880bd8b064_JaffaCakes118

Files

2c8f65eb00707e036c1ea6880bd8b064_JaffaCakes118
.dll windows:4 windows x86 arch:x86

901702304324c3447c1e91f65051afd5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalLock
DeleteFileA
MultiByteToWideChar
CreateThread
GetFileAttributesA
WaitForSingleObject
ReadFile
GetFileSize
SetFilePointer
GetLastError
CreateEventA
GetModuleFileNameA
GlobalFree
CreateFileA
MoveFileExA
GetTempFileNameA
SetFileAttributesA
CloseHandle
LoadLibraryA
GetProcAddress
GlobalAlloc
WriteFile
GlobalUnlock
VirtualProtect
GetModuleHandleA
Sleep
GetCurrentDirectoryA
CopyFileA
WinExec
ExitProcess
WideCharToMultiByte
GetCommandLineA
GetTempPathA
GetPrivateProfileStringA
GetSystemDirectoryA
GetWindowsDirectoryA
WritePrivateProfileStringA

user32

GetDC
GetDesktopWindow
GetClientRect
CallWindowProcA
GetClassNameA
SetWindowLongA
RegisterShellHookWindow
RegisterWindowMessageA
GetWindowRect
wsprintfA
EnumWindows
GetKeyboardLayout
GetWindowTextA
GetParent
GetWindowThreadProcessId
GetKeyboardLayoutList
SystemParametersInfoA
LoadKeyboardLayoutA
GetKeyboardLayoutNameA
ActivateKeyboardLayout
ReleaseDC

gdi32

CreateDCA
GetDeviceCaps
DeleteDC
GetObjectA
GetStockObject
DeleteObject
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits
RealizePalette
SelectPalette

gdiplus

GdiplusShutdown
GdipSaveImageToFile
GdipLoadImageFromFile
GdiplusStartup
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipFree
GdipAlloc
GdipCloneImage
GdipDisposeImage

urlmon

URLDownloadToFileA

msvcp60

??0_Lockit@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ

ws2_32

connect
closesocket
inet_addr
socket
gethostbyname
inet_ntoa
recv
WSAStartup
htons
send
WSACleanup

wininet

InternetReadFile
InternetOpenUrlA
InternetOpenA
InternetCloseHandle

msvcrt

strrchr
_access
strchr
strncpy
abs
malloc
wcscmp
??2@YAPAXI@Z
strcmp
__CxxFrameHandler
atoi
strtok
free
_onexit
_initterm
_adjust_fdiv
_stricmp
_getpid
_strlwr
_strrev
__dllonexit
memset
strcat
fopen
fgets
strstr
strcpy
strlen
memcpy
sprintf

imm32

ImmGetDescriptionA
ImmIsIME

netapi32

Netbios

Exports

Exports

KsCreateAllocator
KsCreatePin
KsCreateTopologyNode
ServerMain

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 543KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

901702304324c3447c1e91f65051afd5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

gdiplus

urlmon

msvcp60

ws2_32

wininet

msvcrt

imm32

netapi32

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 21KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 3KB - Virtual size: 543KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 22KB - Virtual size: 21KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 3KB - Virtual size: 543KB

.reloc
Size: 4KB - Virtual size: 3KB