41b890f70a5859f8ab91c0c26675adad_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

41b890f70a5859f8ab91c0c26675adad_JaffaCakes118
Size

352KB
MD5

41b890f70a5859f8ab91c0c26675adad
SHA1

9cc9e04cd3e97c274697576e02d12a21b413ea09
SHA256

93594069de5dc361fada33ccd3317f365be8f614321d488764b9c7e09f6c79a7
SHA512

0e057c6590c48e1f73fe3500b603d23668c3be0f67f1df87b9383837ec96170cda91ada2d20785659be781f32c9ee3fc139c652894232cb64cfa7df0b8fbaff0
SSDEEP

6144:D8VbwLG06Phr2Ex8GF7xgUk+TXGQpEB7mYijmtwAQdJ58YJOHkFAXm7ejo6bC69V:WbwLG06PN2Y8GF7YydEDwAKJ58f0AXmc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
41b890f70a5859f8ab91c0c26675adad_JaffaCakes118

Files

41b890f70a5859f8ab91c0c26675adad_JaffaCakes118
.dll windows:4 windows x86 arch:x86

fbe5fd84ce49f30151b29fdb3f33c620

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Src\Client\Osmimhk\SmallStandalone\OSMIMHK.pdb

Imports

ws2_32

ntohs
recv
send
ntohl
connect
htons
inet_ntoa
getsockname
getpeername
gethostbyname
WSAGetLastError
getsockopt

kernel32

InterlockedDecrement
GetCommandLineA
FreeLibraryAndExitThread
CreateProcessA
CreateMutexA
CloseHandle
WaitForSingleObject
WaitForMultipleObjects
OpenProcess
OpenEventA
GetTickCount
SetEvent
CreateEventA
DisableThreadLibraryCalls
QueryPerformanceCounter
GlobalUnlock
GlobalLock
GlobalAlloc
SetFilePointer
LeaveCriticalSection
InterlockedIncrement
GlobalFree
VirtualAlloc
VirtualQuery
InterlockedCompareExchange
ResumeThread
VirtualProtect
FlushInstructionCache
GetCurrentProcess
GetThreadContext
SetThreadContext
SuspendThread
FreeLibrary
GetModuleHandleA
QueryPerformanceFrequency
DeleteCriticalSection
InitializeCriticalSection
RaiseException
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
SetLastError
GetModuleFileNameA
LoadLibraryA
GetProcAddress
GetCurrentThread
GetCurrentProcessId
GetCurrentThreadId
lstrlenA
lstrlenW
WideCharToMultiByte
GetLastError
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
Sleep
EnterCriticalSection
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
CreateFileMappingA
GetUserDefaultLCID
MapViewOfFile
UnmapViewOfFile
ResetEvent
ReleaseMutex
CreateSemaphoreA
ReleaseSemaphore
LocalAlloc
LocalFree
LoadLibraryExA
HeapAlloc
GetSystemInfo
FormatMessageA
WriteFile
HeapFree
RtlUnwind
ExitThread
CreateThread
GetSystemTimeAsFileTime
ExitProcess
HeapReAlloc
LCMapStringA
LCMapStringW
GetCPInfo
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
TerminateProcess
SetUnhandledExceptionFilter
HeapSize
GetOEMCP
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW

user32

LoadStringA
FindWindowExA
GetAncestor
PostThreadMessageA
SendMessageA
GetWindowThreadProcessId
GetForegroundWindow
DispatchMessageA
GetMessageA
GetWindowTextA
CallNextHookEx

advapi32

SetSecurityDescriptorDacl
InitializeAcl
SetSecurityInfo
RegDeleteKeyA
RegEnumKeyExA
CreateProcessAsUserA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
InitializeSecurityDescriptor

ole32

CoInitialize
CoInitializeEx
CoUninitialize
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoUnmarshalInterface
CreateStreamOnHGlobal
CoMarshalInterface

oleaut32

VariantClear
SysFreeString
SysStringLen
VariantInit
VariantChangeType
SysAllocStringLen
SysAllocString
DispGetParam

rpcrt4

UuidCompare
UuidCreate

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

Exports

Exports

?Mine_PR_Close@@YA?AW4PRStatus@@PAUPRFileDesc@@@Z
?Mine_PR_Read@@YAHPAUPRFileDesc@@PAXH@Z
?Mine_PR_Write@@YAHPAUPRFileDesc@@PBXH@Z
CheckCapability
ConfigBrowsers
ConfigLSP
GetServiceProviderInfo
IsCSLOAConfigured
IsLSPConfigured
KeyboardHookProc
MouseHookProc
MsgHookProc
Register
SetAutoRestartProc
SetForegroundURL
ShellHookProc
StartShellEvent
UnconfigBrowsers
UnconfigLSP
UnlockShellEvent
UpdateTopURL

Sections

.text
Size: 248KB - Virtual size: 246KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbe5fd84ce49f30151b29fdb3f33c620

Headers

File Characteristics

PDB Paths

Imports

ws2_32

kernel32

user32

advapi32

ole32

oleaut32

rpcrt4

version

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 246KB

.rdata Size: 60KB - Virtual size: 58KB

.data Size: 8KB - Virtual size: 21KB

Shared Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 248KB - Virtual size: 246KB

.rdata
Size: 60KB - Virtual size: 58KB

.data
Size: 8KB - Virtual size: 21KB

Shared
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 20KB