4a9086655bd9ecddc555a91e0ccb6d63_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

4a9086655bd9ecddc555a91e0ccb6d63_JaffaCakes118
Size

2.4MB
MD5

4a9086655bd9ecddc555a91e0ccb6d63
SHA1

75228d2c938232c54e8b5aef7a568e9ab60b8222
SHA256

561a1366d1fa82ef3440ce0b3510f50c590d923b93d4f26cf48439aeb231aebd
SHA512

be5ebd9f81b1c39bf5207236f4610d504ef495113a8460324b623d7e19572a06e7eff0395c8e78e719b9925871eccdf81dd147659a61d83ade74f76ee3ff5716
SSDEEP

49152:V3pp9ziy5bRCrEaoWzw7ai91wgvTBBsCkh9Sp3BVcmUG8lFN6ijGUKYsVMLz6onW:V3pv+y5dIVs7aWPvTBBKh9UBVc/ln16F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4a9086655bd9ecddc555a91e0ccb6d63_JaffaCakes118

Files

4a9086655bd9ecddc555a91e0ccb6d63_JaffaCakes118
.dll windows:4 windows x86 arch:x86

3180b1a0507e7912156144103b403e50

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\Acro_root_ns\bravo\public\libraries\windows\release\dynamic\CoolType5crtmtdll\CoolType.pdb

Imports

kernel32

CreateEventA
GetVersionExA
SystemTimeToFileTime
GetSystemTime
ResetEvent
WaitForSingleObject
GetLastError
GetACP
InterlockedDecrement
InterlockedIncrement
FileTimeToSystemTime
FileTimeToLocalFileTime
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
WriteFile
FlushFileBuffers
SetEvent
GetSystemInfo
GetTimeZoneInformation
CompareStringA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
InterlockedExchange
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemDefaultLCID
SetLastError
LoadLibraryA
FreeLibrary
WaitForMultipleObjects
FindNextChangeNotification
FindCloseChangeNotification
GetTickCount
FindClose
lstrlenA
CreateFileA
GetPrivateProfileStringA
lstrcmpiA
GetFileSize
SetFilePointer
ReadFile
LeaveCriticalSection
CloseHandle
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
IsProcessorFeaturePresent
GetModuleHandleA
TerminateProcess
InterlockedCompareExchange
Sleep
RaiseException

user32

RegisterClassA
MessageBoxA
wsprintfA
GetDesktopWindow
DestroyWindow
DefWindowProcA
CreateWindowExA
ReleaseDC
GetDC

gdi32

SetTextAlign
SetBkMode
PatBlt
GetBitmapBits
ExtTextOutA
GetTextExtentPointA
GetCharABCWidthsA
GetTextMetricsA
SetTextColor
SetBkColor
CreateBitmap
CreateCompatibleDC
DeleteDC
SelectObject
GetFontData
DeleteObject
GetDeviceCaps

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA

shell32

SHGetSpecialFolderLocation
SHGetMalloc

msvcp80

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?_Xlen@_String_base@std@@SAXXZ
?_Xran@_String_base@std@@SAXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

msvcr80

_CxxThrowException
memcpy
strlen
memset
_setjmp3
labs
memmove
abort
fprintf
__iob_func
longjmp
sqrt
memcmp
__CxxFrameHandler3
strcmp
atol
strtol
atoi
strtoul
strncpy
strchr
strcpy
_purecall
atan
__RTDynamicCast
sprintf
wcslen
wcscat
wcscpy
wcscmp
abs
strstr
strncmp
wcsnlen
ceil
floor
wcsrchr
towupper
wcsncmp
wcsncpy
qsort
sscanf
_vswprintf
_time64
rand
srand
_wsplitpath
_wfullpath
wcschr
exit
strncat
_waccess
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
bsearch
isdigit
_invalid_parameter_noinfo
memmove_s
asin
??0exception@std@@QAE@ABQBDH@Z
realloc
isxdigit
memcpy_s
isalnum
isalpha
strcat
strtok
strrchr
isspace
_errno
__CxxLongjmpUnwind
tan
strpbrk
fabs
vsprintf
strtod
printf
_localtime64
wcstok
strspn
strcspn
_gmtime64
_mktime64
clearerr
ferror
feof
fread
fwrite
fputs
fgets
ftell
fseek
fflush
fclose
_get_osfhandle
_fileno
_open_osfhandle
isupper
toupper
tolower
wcsncat
fopen
rewind
fputc
fgetc
ungetc
remove
modf
fmod
pow
log
_tzset
__timezone
getenv
__tzname
_stricmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_fdopen
_wcsicmp
_wcsnicmp
wcsstr

Exports

Exports

CTCleanup
CTGetVersion
CTInit

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 560KB - Virtual size: 559KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 92KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

3180b1a0507e7912156144103b403e50

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

advapi32

shell32

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 560KB - Virtual size: 559KB

.data Size: 92KB - Virtual size: 140KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 124KB - Virtual size: 122KB

.text Size: 124KB - Virtual size: 124KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 560KB - Virtual size: 559KB

.data
Size: 92KB - Virtual size: 140KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 124KB - Virtual size: 122KB

.text
Size: 124KB - Virtual size: 124KB