30f6eab25a3467e643f4db148c4fc4d4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

30f6eab25a3467e643f4db148c4fc4d4_JaffaCakes118
Size

295KB
MD5

30f6eab25a3467e643f4db148c4fc4d4
SHA1

3dfeec2553cf67f79bba16bc42d9c38e03a53d8e
SHA256

65b0257aeb9fb1f8d33b3dab0f32dfaf1449dafcefdf8d73a69e5ebbae6098ea
SHA512

85617ac809510d5bb5a1a3eb0805f49428120ec5b3c61db649ce96770a05ba056b2be438c0af055bc1347e71d69ad520fbf357fc48941e0d9fe45b4ea1a0ca03
SSDEEP

3072:h5LzZHOn+aobuuM0Wq1fmJ+5p4V4iVz0EhQbuwWAkMDUXJOF1lLtZhx9QQ:7J8sbiXKqFQ+QT5jzhx9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
30f6eab25a3467e643f4db148c4fc4d4_JaffaCakes118

Files

30f6eab25a3467e643f4db148c4fc4d4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

82144d5b98d8d6fa9d0af0c4533c6eb1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\VSS_Source\VC\BackgroundOperation\Source\BackgroundOperation\output\BackgroundOperation.pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

lstrcpyW
CreateProcessW
FindFirstFileW
FindNextFileW
FindClose
Sleep
SetLastError
CreateMutexW
GetWindowsDirectoryW
CreateFileW
SetFilePointer
WriteFile
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
lstrlenW
GetLocalTime
CreateFileA
DeviceIoControl
SystemTimeToFileTime
WriteProcessMemory
GetCurrentProcess
GlobalAlloc
GetTickCount
GetModuleHandleW
GlobalLock
GlobalUnlock
FlushInstructionCache
MulDiv
lstrcmpW
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
ResumeThread
GetThreadContext
SetThreadContext
SuspendThread
CompareStringW
CompareStringA
FlushFileBuffers
GetTempFileNameW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
RtlUnwind
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetSystemTimeAsFileTime
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetTempPathW
GetPrivateProfileStringW
GetPrivateProfileIntW
DeleteCriticalSection
InitializeCriticalSection
GetLastError
FindResourceExW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
FindResourceW
InterlockedDecrement
RaiseException
InterlockedIncrement
WaitForSingleObject
CloseHandle
CreateThread
CreateEventW
GetCurrentProcessId
GetModuleFileNameW
SetEvent
GetCurrentThread
GetProcAddress
ReadFile
LoadLibraryW
GetCurrentThreadId
FreeLibrary
SetEnvironmentVariableA
WriteConsoleW

user32

ShowWindow
CreateDialogParamW
GetWindowThreadProcessId
FindWindowW
SetWindowsHookExW
RegisterWindowMessageW
CallNextHookEx
UnhookWindowsHookEx
SendMessageW
PostThreadMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
IsChild
DestroyAcceleratorTable
CharNextW
GetClassInfoExW
ReleaseDC
ReleaseCapture
GetSysColor
SetCapture
GetDC
FillRect
CreateWindowExW
MoveWindow
CallWindowProcW
GetWindowTextLengthW
GetDlgItem
InvalidateRect
GetWindowTextW
InvalidateRgn
DefWindowProcW
UnregisterClassA
SetTimer
KillTimer
GetDesktopWindow
GetClientRect
SetWindowPos
SetWindowTextW
GetWindowLongW
SetWindowLongW
SetWindowPlacement
BeginPaint
EndPaint
DestroyWindow
RedrawWindow
GetFocus
CreateAcceleratorTableW
SetFocus
GetWindow
RegisterClassExW
LoadCursorW
VkKeyScanW
PostMessageW
InflateRect
SetRect
PtInRect
GetCursorPos
OffsetRect
ClientToScreen
GetParent
IsWindow
EnumChildWindows
GetClassNameW
ScreenToClient

gdi32

GetObjectW
GetStockObject
CreateSolidBrush
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
BitBlt
GetDeviceCaps
DeleteObject

advapi32

RegEnumValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW

shell32

SHGetPathFromIDListW
SHGetFolderLocation

ole32

CoGetClassObject
CoTaskMemAlloc
OleInitialize
StringFromGUID2
OleUninitialize
CLSIDFromString
CLSIDFromProgID
StringFromCLSID
OleLockRunning
CreateStreamOnHGlobal
CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
SysStringLen
VariantClear
VariantInit
LoadRegTypeLi
LoadTypeLi
OleCreateFontIndirect
SysStringByteLen
DispCallFunc
SafeArrayGetUBound
SafeArrayGetLBound

shlwapi

PathFindOnPathW
PathFileExistsW
PathIsRelativeW
StrStrIW
UrlCanonicalizeW

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

wininet

InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
FindCloseUrlCache
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW

Exports

Exports

SendStatisticDataOnInstall
UpdateIFEOInfo
fnClose
fnOpen

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82144d5b98d8d6fa9d0af0c4533c6eb1

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

wininet

Exports

Exports

Sections

.text Size: 216KB - Virtual size: 215KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 12KB - Virtual size: 19KB

Shared Size: 512B - Virtual size: 36B

.rsrc Size: 512B - Virtual size: 400B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 216KB - Virtual size: 215KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 12KB - Virtual size: 19KB

Shared
Size: 512B - Virtual size: 36B

.rsrc
Size: 512B - Virtual size: 400B

.reloc
Size: 19KB - Virtual size: 18KB