43b4bdef25a25f891dc6c437dc869265_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

43b4bdef25a25f891dc6c437dc869265_JaffaCakes118
Size

1.4MB
MD5

43b4bdef25a25f891dc6c437dc869265
SHA1

4047f35b0abde13bb05386ff3c00a6f2fff8e8f8
SHA256

429446ac7018527ce14305d59e80f899a7bcb6367efca61eb7e20a67111d62f3
SHA512

039e2fae81e2db214e1042272fc119b593103c6d53b3e745389a4bbc9e13135ddb041bf7e0816f8ae8226fbf4ea4117931077052e1bcb4e42b7db17ab7fb5bbb
SSDEEP

24576:20K5E1b3N7V0UcLNF3yhb8e7+HESMNVpQv5isILkm/EnkgPbct:27WjlVBPPim9Qv5i1EnPS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
43b4bdef25a25f891dc6c437dc869265_JaffaCakes118

Files

43b4bdef25a25f891dc6c437dc869265_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b3e8296c05106f37c22ac300bf93317d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemInfo
GetProcAddress
GetVersionExA
SetPriorityClass
GetPriorityClass
OpenProcess
GetLastError
QueryPerformanceFrequency
GetModuleFileNameA
LockResource
LoadResource
FindResourceA
VirtualQuery
VirtualFree
VirtualAlloc
WideCharToMultiByte
IsProcessorFeaturePresent
OutputDebugStringA
GetModuleHandleA
GetFileSize
CreateFileMappingA
CreateFileA
CreateFileW
UnmapViewOfFile
InterlockedExchange
InterlockedCompareExchange
GetFullPathNameA
HeapAlloc
GetProcessHeap
HeapFree
LoadLibraryA
DisableThreadLibraryCalls
RaiseException
LocalAlloc
lstrcpynA
FreeLibrary
lstrlenW
InitializeCriticalSection
lstrcmpW
lstrcpynW
MoveFileA
DeleteFileA
SetThreadPriority
EnterCriticalSection
lstrcmpA
LeaveCriticalSection
FindFirstFileA
lstrcmpiA
FindNextFileA
FindClose
QueryPerformanceCounter
lstrcpyA
lstrcatA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetFileAttributesA
DeleteCriticalSection
Sleep
TerminateThread
CloseHandle
WritePrivateProfileStringA
lstrlenA
GlobalAlloc
GlobalLock
GlobalUnlock
lstrcpyW
MultiByteToWideChar
MapViewOfFile

user32

CreatePopupMenu
TrackPopupMenu
FindWindowExA
CallWindowProcA
SetCursor
PostQuitMessage
TrackPopupMenuEx
IsWindowVisible
RegisterClassA
GetSubMenu
wsprintfW
GetSysColor
DefWindowProcA
GetWindow
CheckMenuItem
DestroyMenu
CreateWindowExA
AdjustWindowRect
FindWindowA
LoadIconA
LoadCursorA
RegisterClassW
SetActiveWindow
SetForegroundWindow
OffsetRect
IsIconic
GetSystemMetrics
GetClientRect
ClientToScreen
GetWindowPlacement
GetWindowThreadProcessId
PeekMessageA
TranslateMessage
DispatchMessageA
GetIconInfo
DestroyIcon
SystemParametersInfoA
UnregisterClassA
GetDC
ReleaseDC
EndDialog
SetFocus
GetWindowLongA
SetWindowLongA
GetWindowRect
ScreenToClient
SetWindowPos
EnableWindow
SendMessageW
DestroyWindow
EnumDisplaySettingsA
UnionRect
EqualRect
IntersectRect
CharNextW
DefWindowProcW
GetCursorPos
PostMessageA
GetFocus
GetParent
SendDlgItemMessageA
GetWindowTextA
SetWindowTextA
CheckDlgButton
GetWindowTextW
MessageBoxA
MessageBoxW
GetDlgItem
ShowWindow
SendMessageA
SetRect
GetClipboardData
GetKeyState
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
keybd_event

gdi32

GetDCOrgEx
GetClipBox
GetStockObject
GetObjectA
GetObjectW
GetTextMetricsA
GetGlyphOutlineA
CreateDIBSection
DeleteDC
SelectObject
GetCharacterPlacementA
GetCharacterPlacementW
GetDIBits
SetBkColor
SetBkMode
GetTextMetricsW
GetFontLanguageInfo
CreateFontIndirectW
SetTextAlign
SetMapMode
CreateCompatibleDC
ExtTextOutA
MoveToEx
ExtTextOutW
CreateFontIndirectA
EnumFontsA
CreateFontA
SetTextColor
DeleteObject

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

shell32

SHGetMalloc
SHGetDesktopFolder
ShellExecuteExA
SHGetPathFromIDListA
SHGetFileInfoA
ShellExecuteA

nscrt

_setjmp3
longjmp
iswspace
iswalpha
iswdigit
iswpunct
_finite
_ftol
_CIasin
atof
_CIacos
atoi
_except_handler3
_purecall
_vsnwprintf
wcscmp
wcscpy
ftell
fgets
rand
fprintf
strchr
_beginthreadex
fread
fseek
strncmp
_endthreadex
fopen
fgetc
fclose
sscanf
??_V@YAXPAX@Z
_strcmpi
strrchr
srand
_vsnprintf
??_U@YAPAXI@Z
strstr
isdigit
isspace
ldexp
_strdup
setlocale
_snprintf
_stricmp
tolower
isalnum
isalpha
isxdigit
toupper
memmove
_isnan
exit
_fpclass
ceil
_CItanh
_CIsinh
_CIfmod
_CIcosh
fwrite
tmpfile
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
_strnicmp
qsort
floor
_CIexp
wcslen
_controlfp
sprintf
??2@YAPAXI@Z
strncpy
??3@YAXPAX@Z
_CIpow
free
malloc
__CxxFrameHandler

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

Exports

Exports

winampVisGetHeader

Sections

.text
Size: 888KB - Virtual size: 887KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 4.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 132KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3e8296c05106f37c22ac300bf93317d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

nscrt

winmm

Exports

Exports

Sections

.text Size: 888KB - Virtual size: 887KB

.rdata Size: 108KB - Virtual size: 105KB

.data Size: 44KB - Virtual size: 4.3MB

.rsrc Size: 132KB - Virtual size: 130KB

.reloc Size: 48KB - Virtual size: 44KB

.text
Size: 888KB - Virtual size: 887KB

.rdata
Size: 108KB - Virtual size: 105KB

.data
Size: 44KB - Virtual size: 4.3MB

.rsrc
Size: 132KB - Virtual size: 130KB

.reloc
Size: 48KB - Virtual size: 44KB