3c73523f1eb8aa06e0c51606b682d4b3_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c73523f1eb8aa06e0c51606b682d4b3_JaffaCakes118
Size

1.5MB
MD5

3c73523f1eb8aa06e0c51606b682d4b3
SHA1

a8ee868dca528d0ab387aeca587cf3e1112e9063
SHA256

cfd1f8341132729b67b81f8a79d1a819959e52231e8fc53cbc017ae3d812cc0d
SHA512

4a9f9d92a5e290ef6ed31b40f673c02f2fd307437bb78d31251a8e929d6b96f3938026dc4e6d046c23ca188619f087e89c6d22a87b1c2c2ee553c2d88ce6cfc4
SSDEEP

24576:qYnRyDFZZYvuN3OnDjclx8153rrD4rXcqrTCiXJRUDxtIdihh5w8krXr8jKUDPxH:5ypcvMe68153rrD4rXcqrTCiXJRUDxtz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c73523f1eb8aa06e0c51606b682d4b3_JaffaCakes118

Files

3c73523f1eb8aa06e0c51606b682d4b3_JaffaCakes118
.dll windows:6 windows x64 arch:x64

e1c7468cf3519b2d3ea9af951a70eec8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
LoadLibraryExW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
GetTickCount
CreateThread
Sleep
CreateMutexA
WaitForSingleObject
ReleaseMutex
QueryPerformanceFrequency
QueryPerformanceCounter
GetLastError
CloseHandle
ReadFile
GetFileSize
UnhandledExceptionFilter
CreateFileW

shlwapi

SHRegSetUSValueW
ord280
SHCreateStreamOnFileEx
PathIsPrefixW
SHRegDeleteUSValueW
SHRegWriteUSValueW
SHRegQueryUSValueW
SHRegQueryUSValueA
SHRegOpenUSKeyW
SHRegOpenUSKeyA
SHRegCreateUSKeyW
SHQueryInfoKeyW
SHEnumKeyExA
SHSetValueW
SHGetValueW
SHDeleteValueA
SHDeleteEmptyKeyA
UrlEscapeW
UrlUnescapeA
SHRegGetUSValueW
UrlCompareW
PathSetDlgItemPathA
PathSearchAndQualifyA
PathRemoveFileSpecW
PathRemoveFileSpecA
PathMakePrettyW
PathIsSameRootW
SHRegGetUSValueA
SHRegCloseUSKey
SHRegEnumUSValueA
PathIsLFNFileSpecA
PathGetArgsW
PathFindNextComponentW
PathCanonicalizeA
PathAddBackslashW
ord29
StrRetToBufW
PathIsRelativeW
wnsprintfW
StrToInt64ExA
StrRStrIW
StrRChrA
UrlIsW
PathIsRelativeA

imm32

ImmGetDescriptionA
ImmGetIMEFileNameW
ImmIsIME
ImmGetCompositionStringA
ImmSetCompositionStringA
ImmGetCandidateListCountA
ImmGetCandidateListCountW
ImmGetCandidateListW
ImmGetGuideLineW
ImmGetConversionStatus
ImmSetConversionStatus
ImmGetCompositionFontA
ImmGetCompositionFontW
ImmSetCompositionFontA
ImmEscapeW
ImmGetStatusWindowPos
ImmGetCompositionWindow
ImmGetCandidateWindow
ImmRegisterWordW
ImmUnregisterWordW
ImmGetImeMenuItemsW
ImmGetDescriptionW

msvcp140

?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z

vcruntime140

__std_type_info_destroy_list
strchr
__C_specific_handler
memset
memmove
memcpy
memcmp
memchr
strrchr
_CxxThrowException
__std_exception_destroy
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_execute_onexit_table
_initterm
_initialize_onexit_table
_errno
_initialize_narrow_environment
_configure_narrow_argv
_register_onexit_function
_invalid_parameter_noinfo_noreturn
abort
exit
_initterm_e
_seh_filter_dll
strerror

api-ms-win-crt-string-l1-1-0

tolower
toupper
isxdigit
isspace
isprint
_strdup
strncpy
wcsncat
isdigit
strncat
_stricmp
strncmp
strcmp
_wcsnicmp
wcsncpy

api-ms-win-crt-heap-l1-1-0

calloc
free
malloc
_callnewh
realloc

api-ms-win-crt-utility-l1-1-0

rand
srand
qsort

api-ms-win-crt-convert-l1-1-0

_ultoa
_itoa
strtoul
strtod
atoi
_ultow
_ltow
_itow

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-stdio-l1-1-0

_creat
__acrt_iob_func
clearerr
fclose
__stdio_common_vsscanf
ferror
__stdio_common_vsprintf
__stdio_common_vfprintf
_mktemp
putc
fwrite
ftell
fseek
fread
fputs
fopen
_fileno
putchar
_write
fgets
fgetc
_close
_dup
_isatty
_read
fflush
_setmode

api-ms-win-crt-filesystem-l1-1-0

rename
_stat64i32
_fstat64i32
_umask
_chmod
remove

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
_mktime64

api-ms-win-crt-math-l1-1-0

log
sqrt
sin
_fdopen
cos
floor

Exports

Exports

parse_boolean
sender_chain_key_create_next
sg_error_destroy_comp
textsecure__device_consistency_code_message__pack

Sections

.text
Size: 364KB - Virtual size: 363KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1c7468cf3519b2d3ea9af951a70eec8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

imm32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 364KB - Virtual size: 363KB

.rdata Size: 1.1MB - Virtual size: 1.1MB

.data Size: 2KB - Virtual size: 7KB

.pdata Size: 7KB - Virtual size: 6KB

.idata Size: 1024B - Virtual size: 1024B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 204B

.text
Size: 364KB - Virtual size: 363KB

.rdata
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 2KB - Virtual size: 7KB

.pdata
Size: 7KB - Virtual size: 6KB

.idata
Size: 1024B - Virtual size: 1024B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 204B