4bc987c690b2571dcbb619a2be3f4b19_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4bc987c690b2571dcbb619a2be3f4b19_JaffaCakes118
Size

124KB
MD5

4bc987c690b2571dcbb619a2be3f4b19
SHA1

a0c2781d1378b3c594e9148b4898530ac93940a5
SHA256

fddd9e17e3cf4aa948a7a0b643d3549f4b5d26242e0b0eb7510657bbbb890a22
SHA512

5c8d93d9468bb6e2be52e6dd61f7403fc67d8e1c20ca6ed88643df68db7b0b7bdc023db1f619a00b37d0ba2bd997b955927df9c868b4c60a7dfdc2e760aba113
SSDEEP

3072:m4BoL2OwfLGSgThLPetSUeTBfoDXPiYMQO2J2:m4B6QL9gPKeTBgLda2J2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4bc987c690b2571dcbb619a2be3f4b19_JaffaCakes118

Files

4bc987c690b2571dcbb619a2be3f4b19_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1e41584b940a2f7fe712f19703950b9a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

i:\DEV\Clones\BannerModifier_dummy\_release\BM.pdb

Imports

msvcrt

malloc
iswdigit
wcsncmp
_wcsnicmp
isdigit
strtol
wcstol
memcmp
_time64
atoi
isspace
atol
atof
strtoul
strncmp
_itoa
wcstombs
calloc
rand
srand
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UAE@XZ
realloc
_XcptFilter
_initterm
_amsg_exit
_adjust_fdiv
free
_strnicmp
mbstowcs
strstr
strncpy
_wcsicmp
_purecall
??2@YAPAXI@Z
memcpy
??_U@YAPAXI@Z
memmove
??_V@YAXPAX@Z
strlen
wcslen
memset
??3@YAXPAX@Z
wcschr
_vsnwprintf
_wcslwr
_strlwr
_errno
_CxxThrowException
_except_handler3

kernel32

FreeLibrary
GetCommandLineW
LoadLibraryA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
RtlUnwind
OutputDebugStringA
OpenFileMappingW
LocalAlloc
GetCurrentThreadId
SetLastError
FlushInstructionCache
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
TerminateThread
GetShortPathNameW
GetLocaleInfoW
GetUserDefaultLCID
ResetEvent
CreateEventW
LeaveCriticalSection
GetVersionExW
EnterCriticalSection
GetSystemTimeAsFileTime
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
WaitForMultipleObjects
lstrcmpiW
LocalFree
lstrcpyW
ReleaseMutex
GetThreadPriority
HeapAlloc
HeapFree
GetProcessHeap
VirtualProtect
VirtualAlloc
GetProcAddress
GetModuleHandleW
GetVolumeInformationW
CreateFileW
CloseHandle
RaiseException
GetWindowsDirectoryW
OpenEventW
MoveFileExW
SetEvent
Sleep
lstrlenW
OpenProcess
VirtualFreeEx
lstrcmpiA
VirtualAllocEx
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
WriteProcessMemory
GetCurrentProcess
WaitForSingleObject
CreateRemoteThread
LoadLibraryW
DisableThreadLibraryCalls
lstrcpynW
lstrcatW
CreateThread
SetFilePointer
InterlockedIncrement
GetCurrentThread
GetCurrentProcessId
ExitProcess
InterlockedDecrement
CreateProcessW
CreateMutexW
FreeLibraryAndExitThread
GetLastError
ReadFile
SetThreadPriority
GetModuleFileNameW

user32

IsWindow
SetWindowTextW
GetDesktopWindow
SetWindowPos
GetWindowRect
SendMessageW
DestroyIcon
GetWindowThreadProcessId
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
PostMessageW
wsprintfW

advapi32

ConvertStringSidToSidW
AllocateAndInitializeSid
RegCreateKeyExW
SetTokenInformation
GetLengthSid
GetSidSubAuthority
GetSidSubAuthorityCount
SetThreadToken
GetTokenInformation
SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegSetKeySecurity
SetSecurityDescriptorDacl
SetEntriesInAclW
InitializeSecurityDescriptor
RegCreateKeyW
RegOpenKeyExW
CreateProcessAsUserW
GetUserNameA
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
RegSetValueExW
RegCloseKey
RegOpenKeyW
RegEnumKeyExW
CheckTokenMembership
RegFlushKey
RegQueryValueExW
RegDeleteValueW
RegDeleteKeyW

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx

oleaut32

VariantInit
VariantChangeType
VariantClear
SysAllocString
SysFreeString

Exports

Exports

E0D197A2_D21D_4d5c_AA5C_0CA8E3507931
a
s

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e41584b940a2f7fe712f19703950b9a

Headers

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 77KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 16B

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 77KB - Virtual size: 77KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 16B

.reloc
Size: 9KB - Virtual size: 9KB