3c863ff3258f2bfdfa4aa038ce9cfed4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3c863ff3258f2bfdfa4aa038ce9cfed4_JaffaCakes118
Size

108KB
MD5

3c863ff3258f2bfdfa4aa038ce9cfed4
SHA1

a1be3050dbdab33eef06f296cc5d4458223c936e
SHA256

420772f43339f12c4dbbb38a97df0fe073a283bd399f2c6c527a218fd72a742e
SHA512

7b9bcd50a55490e5fa5c2171b3058617620a82704efbfa1b78b2fd15044bb80a4f0426f3ec76887554edcc9a0b418cdf9d6f9c0e8d8b37066c9a01cd61a32894
SSDEEP

3072:XOp+1p39nlEFrHU2MccgTUIH+PFuDa9Z4XQM:qU2MccgTUN9u2sp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3c863ff3258f2bfdfa4aa038ce9cfed4_JaffaCakes118

Files

3c863ff3258f2bfdfa4aa038ce9cfed4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

105d40c834168bcb9fcd04bf13750b6e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

imm32

ImmGetContext
ImmGetCompositionStringA
ImmReleaseContext

kernel32

MapViewOfFile
OpenFileMappingA
OutputDebugStringA
WideCharToMultiByte
GetTickCount
GetCurrentProcessId
HeapAlloc
OpenProcess
ReadProcessMemory
VirtualQueryEx
CopyFileA
GetPrivateProfileStringA
GlobalLock
GlobalFree
GlobalUnlock
GlobalHandle
GlobalAlloc
GetSystemDirectoryA
GetFileInformationByHandle
Sleep
InterlockedExchange
VirtualProtect
GetProcAddress
LoadLibraryA
GetModuleHandleA
CreateThread
GetModuleFileNameA
WriteFile
CloseHandle
CreateFileA
DeleteFileA
GetLocalTime
GetTempPathA
ReadFile
GetFileSize
GetCurrentProcess
UnmapViewOfFile
GetProcessHeap
HeapFree
CreateFileMappingA

user32

PeekMessageA
ReleaseDC
SetRect
PostThreadMessageA
GetDC
MsgWaitForMultipleObjects
UnhookWindowsHookEx
CallNextHookEx
GetWindowTextA
GetForegroundWindow
DispatchMessageA
GetFocus
TranslateMessage
GetWindowLongA
GetWindowThreadProcessId
FindWindowExA
GetKeyState

gdi32

DeleteObject
BitBlt
GetDeviceCaps
SelectObject
GetObjectA
GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC

avifil32

AVIFileCreateStreamA
AVIMakeCompressedStream
AVIFileOpenA
AVIFileInit
AVISaveOptionsFree
AVIFileRelease
AVIStreamRelease
AVIFileExit
AVIStreamWrite
AVIStreamSetFormat

msvfw32

ord2

winmm

waveOutOpen
waveOutWrite
waveInAddBuffer
waveInOpen
waveOutClose
waveInClose

shlwapi

SHGetValueA
SHSetValueA

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

msvcrt

_adjust_fdiv
malloc
_initterm
_onexit
__dllonexit
_CIpow
_CIacos
_ftol
free
printf
strncmp
fopen
fclose
fwrite
fflush
atoi
atol
wcslen
vsprintf
localtime
strftime
strchr
_access
_mkdir
_strlwr
fseek
strrchr
__CxxFrameHandler
??2@YAPAXI@Z
memmove
time
sprintf
strstr
_memicmp
strncpy
rename
rand
srand

wininet

HttpSendRequestA

Exports

Exports

GetDLLVer
InstallHOOK
InstallLocalHOOK
UninstallHOOK
partInit

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARDAT
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

105d40c834168bcb9fcd04bf13750b6e

Headers

File Characteristics

Imports

imm32

kernel32

user32

gdi32

avifil32

msvfw32

winmm

shlwapi

msvcp60

msvcrt

wininet

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 24KB - Virtual size: 41KB

.SHARDAT Size: 8KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 24KB - Virtual size: 41KB

.SHARDAT
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB