42992d9161efa4b0179d224b2069ccd4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

42992d9161efa4b0179d224b2069ccd4_JaffaCakes118
Size

222KB
MD5

42992d9161efa4b0179d224b2069ccd4
SHA1

17111e6255795cdb040ec9990a512b2e9bf36677
SHA256

2a7775406db956138ae7a2f10f9b97bfa1a5c2d5f065fdefeb4c0564121210ea
SHA512

7c6b3c188dd59baf3a538ff6c9ce119c8983bce7cdd7603f1565e084b4840383a556a93d273cdebe3e30b00cce4a349d12f96aaa2835ea676ef8eec89f01781c
SSDEEP

3072:vi/+TpLKSlMoq59hGUz2QR5ZIy0zc3bJVSC2/tuQBnYHFgKt:QMps3LZrUcaA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42992d9161efa4b0179d224b2069ccd4_JaffaCakes118

Files

42992d9161efa4b0179d224b2069ccd4_JaffaCakes118
.dll windows:4 windows x86 arch:x86

be1db49571f32913825aa79dbcc9913d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\VSS_Source\VC\BackgroundOperation\Source\BackgroundOperation\Release\BackgroundOperation.pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

DeleteCriticalSection
InterlockedDecrement
lstrcatW
lstrcpyW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetTempPathW
GetTempFileNameW
CreateProcessW
EnterCriticalSection
LeaveCriticalSection
lstrlenW
CreateFileW
SetFilePointer
WriteFile
WideCharToMultiByte
SetEvent
WriteProcessMemory
GetCurrentProcess
FindResourceExW
GetProcAddress
FindResourceW
SizeofResource
GlobalAlloc
LockResource
LoadResource
GlobalLock
GlobalUnlock
FlushInstructionCache
MulDiv
SetLastError
lstrcmpW
GetTickCount
MultiByteToWideChar
lstrcmpiW
DeviceIoControl
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedIncrement
GetConsoleCP
RtlUnwind
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetModuleFileNameA
GetStdHandle
HeapCreate
GetStringTypeW
GetStringTypeA
IsValidCodePage
GetOEMCP
GetCPInfo
ExitProcess
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA
RaiseException
InitializeCriticalSection
CloseHandle
WaitForSingleObject
CreateThread
CreateEventW
GetLastError
GetModuleFileNameW
FreeLibrary
GetCurrentProcessId
LoadLibraryW
GetCurrentThreadId
SetEnvironmentVariableA
ReadFile
GetACP
GetConsoleMode
InterlockedExchange

user32

PostMessageW
SendMessageW
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
FindWindowW
GetWindowThreadProcessId
DialogBoxParamW
SetTimer
KillTimer
BeginPaint
EndPaint
GetDesktopWindow
GetClientRect
SetWindowPos
SetWindowTextW
GetParent
RegisterWindowMessageW
EndDialog
SetWindowLongW
GetDC
CreateWindowExW
SetCapture
ReleaseCapture
GetSysColor
ReleaseDC
CharNextW
CreateAcceleratorTableW
DestroyAcceleratorTable
DefWindowProcW
GetClassInfoExW
IsChild
RedrawWindow
InvalidateRgn
GetFocus
GetKeyState
SetFocus
GetWindow
InvalidateRect
LoadCursorW
RegisterClassExW
ClientToScreen
GetWindowTextW
GetDlgItem
DestroyWindow
MoveWindow
CallWindowProcW
FillRect
GetWindowLongW
GetWindowTextLengthW
IsWindow
GetClassNameW
ScreenToClient
UnregisterClassA

gdi32

GetDeviceCaps
BitBlt
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
GetStockObject
GetObjectW
CreateSolidBrush

advapi32

RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegOpenKeyExW

ole32

OleLockRunning
CLSIDFromString
StringFromCLSID
OleUninitialize
CoTaskMemFree
CoGetClassObject
CoTaskMemAlloc
CLSIDFromProgID
StringFromGUID2
OleInitialize
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SafeArrayGetLBound
SysAllocString
VariantInit
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SafeArrayGetUBound
VariantClear
SysStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString
VariantCopy
SysStringLen
SysAllocStringLen

shlwapi

UrlCanonicalizeW

urlmon

URLDownloadToCacheFileW
URLDownloadToFileW

wininet

InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA

Exports

Exports

DebugOperation
SendStatisticDataOnInstall
fnClose
fnOpen

Sections

.text
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

be1db49571f32913825aa79dbcc9913d

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

shlwapi

urlmon

wininet

Exports

Exports

Sections

.text Size: 159KB - Virtual size: 158KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 11KB - Virtual size: 18KB

Shared Size: 512B - Virtual size: 36B

.rsrc Size: 512B - Virtual size: 400B

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 159KB - Virtual size: 158KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 11KB - Virtual size: 18KB

Shared
Size: 512B - Virtual size: 36B

.rsrc
Size: 512B - Virtual size: 400B

.reloc
Size: 15KB - Virtual size: 14KB