5f42070da199a41a7a6047c2080001b0_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

5f42070da199a41a7a6047c2080001b0_JaffaCakes118
Size

524KB
MD5

5f42070da199a41a7a6047c2080001b0
SHA1

daffb2a3f7dd5538547ce90414ac290d42e8c204
SHA256

93a3a0e417b362e4cc601faf42ebe64a1efee0ee4dd6fc0d718c9c52440f6b34
SHA512

047817e2920d38d77be04efa1d69ffcd00da6ca225a9a31ba55f31e8a2ec83dfbaac9ff678278f738bf47c05c1c8949b8471193af95a5148858dd22562702fa1
SSDEEP

6144:Nv/XNCfLeiBy3QPGGkRnFE8/Z12qB+NFUcXkRtUOTC7IG3V4ON4ijHL4OVJnyJ5z:xX8yiByhOqBULkrU17I4LSiL8+0Js

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5f42070da199a41a7a6047c2080001b0_JaffaCakes118

Files

5f42070da199a41a7a6047c2080001b0_JaffaCakes118
.dll windows:6 windows x64 arch:x64

6365cd8e6dee1242443f6b48c563829b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
CreateFileMappingA
GetSystemTimeAsFileTime
GetModuleFileNameW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetTickCount
CreateThread
Sleep
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetLastError
CloseHandle
ReadFile
GetFileSize
LoadLibraryExW
CreateFileW
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead

gdi32

DeleteColorSpace
CreateColorSpaceW
CreateColorSpaceA
GetLogColorSpaceA
GetEnhMetaFilePixelFormat
GetEnhMetaFileA
DeleteEnhMetaFile
SetPaletteEntries
CreateFontIndirectExW
GetPaletteEntries
DeleteObject
CreateHatchBrush
CreateBrushIndirect
CopyMetaFileW
Arc

shell32

DragQueryPoint
ord644
ord4
ord2
SHGetFolderPathAndSubDirW
ord232
ord231
SHGetFolderPathW
SHGetFolderPathA
ord154
ord16
ord155
SHGetDiskFreeSpaceExW
Shell_NotifyIconW
ord645

shlwapi

PathRemoveFileSpecA
StrPBrkW
StrToIntA
StrCatChainW
PathCanonicalizeA
PathRemoveBackslashW
ord346
SHRegGetPathA
SHRegSetPathA
ord280
SHOpenRegStream2W

dbghelp

ImageNtHeader
ImagehlpApiVersion
SearchTreeForFile
ImageDirectoryEntryToData
FindExecutableImageEx
FindExecutableImage
SymFindFileInPath
SymSetOptions
SymGetOptions
SymCleanup
SymGetModuleBase64
SymGetLineFromAddr64
SymGetLineNext64
SymInitialize
SymGetSearchPath
SymSetSearchPath
SymGetTypeInfo
SymGetSymFromName64
MiniDumpReadDumpStream

msvcp140

?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??Bid@locale@std@@QEAA_KXZ

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
memchr
memcmp
memcpy
memmove

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
exit
abort
_execute_onexit_table
_initialize_onexit_table
_initterm_e
_invalid_parameter_noinfo_noreturn
_configure_narrow_argv
_initialize_narrow_environment
_register_onexit_function
_crt_atexit
_seh_filter_dll

api-ms-win-crt-string-l1-1-0

strcmp
isxdigit
isspace
strncpy
strncmp
strncat
_wcsnicmp
wcsncpy
wcsncat
isalnum

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-convert-l1-1-0

_ultow
atoi
_ltow
_ultoa
_itoa
_itow
_ltoa
strtoul

api-ms-win-crt-utility-l1-1-0

rand
srand

api-ms-win-crt-stdio-l1-1-0

_fileno
fopen
fputc
fread
fsetpos
_fseeki64
fwrite
fgetpos
ungetc
fflush
fclose
__stdio_common_vfprintf
__stdio_common_vsprintf
_get_stream_buffer_pointers
__acrt_iob_func
setvbuf
fgetc

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_fstat64i32
_unlock_file

api-ms-win-crt-time-l1-1-0

_time64

Exports

Exports

callback_reset_test
initialize_modifiers
sf_current_byterate
sf_read_raw
sf_writef_double
src_get_version
usage_exit
varispeed_play

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6365cd8e6dee1242443f6b48c563829b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

shell32

shlwapi

dbghelp

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

Exports

Exports

Sections

.text Size: 356KB - Virtual size: 355KB

.rdata Size: 141KB - Virtual size: 141KB

.data Size: 3KB - Virtual size: 4KB

.pdata Size: 10KB - Virtual size: 9KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 356KB - Virtual size: 355KB

.rdata
Size: 141KB - Virtual size: 141KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 10KB - Virtual size: 9KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB