3d3696083c38492bc562e00cdf58c2cc_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

3d3696083c38492bc562e00cdf58c2cc_JaffaCakes118
Size

284KB
MD5

3d3696083c38492bc562e00cdf58c2cc
SHA1

a22a219b0b29f8caaf88350f7889e155708550d3
SHA256

73eb929205f13f3ae39ec3a09011958c95e0c1bda3f867f6b40535a156963bce
SHA512

664222d0d99a659e0bc693b67a13374d183e49146526d576e9431137338be4903afc712f3feca8dfdd8e5911b2a16165165744d34c15af7edd60ea8fe88921a2
SSDEEP

3072:89+sojtzy0KX2kV9cOlEJPe1GhHg1BIJldMrpU1vz/OzJbl3s7GixWqwF2thdVvR:89BoBO2kv/ub6ruliBl3Lqbfk0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3d3696083c38492bc562e00cdf58c2cc_JaffaCakes118

Files

3d3696083c38492bc562e00cdf58c2cc_JaffaCakes118
.dll windows:4 windows x86 arch:x86

6edcd0eeed38b62eedb1dd7af350a8c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\vss_source\vc\backgroundoperation\source\backgroundoperation\output\BackgroundOperation.pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

WaitForSingleObject
InterlockedIncrement
RaiseException
InterlockedDecrement
FindResourceW
MultiByteToWideChar
SizeofResource
LockResource
LoadResource
FindResourceExW
GetLastError
InitializeCriticalSection
GetWindowsDirectoryW
CreateProcessW
Sleep
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTempPathW
GetTempFileNameW
lstrcpyW
lstrlenW
FindFirstFileW
FindNextFileW
FindClose
SetLastError
CreateMutexW
EnterCriticalSection
LeaveCriticalSection
CreateFileW
SetFilePointer
WriteFile
WideCharToMultiByte
WriteProcessMemory
GetCurrentProcess
GlobalAlloc
GetModuleHandleW
GetTickCount
lstrcmpW
GlobalLock
GlobalUnlock
FlushInstructionCache
MulDiv
DeviceIoControl
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
ResumeThread
GetThreadContext
CloseHandle
SuspendThread
LCMapStringA
HeapCreate
IsValidCodePage
GetOEMCP
GetCPInfo
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetSystemTimeAsFileTime
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
RtlUnwind
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
CreateThread
GetCurrentProcessId
GetModuleFileNameW
CreateEventW
SetEvent
DeleteCriticalSection
GetCurrentThread
GetProcAddress
LoadLibraryW
GetCurrentThreadId
FreeLibrary
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
SetEnvironmentVariableA
ReadFile
SetThreadContext
GetModuleFileNameA

user32

CreateWindowExW
CallWindowProcW
MoveWindow
GetWindowTextLengthW
GetDlgItem
InvalidateRect
InvalidateRgn
RegisterClassExW
GetWindow
SetFocus
GetFocus
RedrawWindow
CreateAcceleratorTableW
IsChild
DestroyAcceleratorTable
GetClassInfoExW
CharNextW
ReleaseDC
FillRect
LoadCursorW
PostMessageW
GetCursorPos
PtInRect
SetRect
InflateRect
SetCapture
GetDC
EnumChildWindows
GetClassNameW
ScreenToClient
OffsetRect
GetParent
IsWindow
ClientToScreen
SetWindowLongW
GetWindowLongW
SetWindowTextW
SetWindowPos
GetClientRect
GetDesktopWindow
DestroyWindow
EndPaint
BeginPaint
SetWindowPlacement
KillTimer
SetTimer
GetWindowThreadProcessId
FindWindowW
SetWindowsHookExW
RegisterWindowMessageW
CallNextHookEx
UnhookWindowsHookEx
SendMessageW
PostThreadMessageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
ShowWindow
CreateDialogParamW
DefWindowProcW
ReleaseCapture
GetSysColor
GetWindowTextW
UnregisterClassA

gdi32

GetDeviceCaps
GetStockObject
BitBlt
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateSolidBrush
GetObjectW
DeleteObject

advapi32

RegCloseKey
RegCreateKeyExW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW

shell32

SHGetFolderLocation
SHGetPathFromIDListW

ole32

OleUninitialize
StringFromCLSID
OleInitialize
OleLockRunning
CLSIDFromProgID
CoGetClassObject
CoTaskMemAlloc
CLSIDFromString
StringFromGUID2
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SafeArrayGetLBound
VariantClear
VariantInit
SysAllocStringLen
SafeArrayGetUBound
SysAllocString
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
DispCallFunc
SysStringLen
VariantCopy
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString

shlwapi

PathIsRelativeW
PathFileExistsW
UrlCanonicalizeW
StrStrIW
PathFindOnPathW

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

wininet

InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

Exports

Exports

SendStatisticDataOnInstall
fnClose
fnOpen

Sections

.text
Size: 207KB - Virtual size: 206KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6edcd0eeed38b62eedb1dd7af350a8c7

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

wininet

Exports

Exports

Sections

.text Size: 207KB - Virtual size: 206KB

.rdata Size: 45KB - Virtual size: 44KB

.data Size: 11KB - Virtual size: 18KB

Shared Size: 512B - Virtual size: 36B

.rsrc Size: 512B - Virtual size: 400B

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 207KB - Virtual size: 206KB

.rdata
Size: 45KB - Virtual size: 44KB

.data
Size: 11KB - Virtual size: 18KB

Shared
Size: 512B - Virtual size: 36B

.rsrc
Size: 512B - Virtual size: 400B

.reloc
Size: 18KB - Virtual size: 18KB