698e4946140925b8477c05e8d54f63d5_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

698e4946140925b8477c05e8d54f63d5_JaffaCakes118
Size

188KB
MD5

698e4946140925b8477c05e8d54f63d5
SHA1

04ae72e3b999ab71fffa1955c38747d66443958a
SHA256

1e4d51bf07092a1e4aacba054a304a8efea75ab7088e1eb1f49127785292a3ee
SHA512

5408202325d704b6e72f7f4cfc6f95769033efcd29b124f70e4a2edf684e23cf925bb5d3a71715025a17698f69c7d3c3340389ad9ce200473a6ec5a51552e064
SSDEEP

3072:wR/wnXyLgH59SMtzICujboD1ubUwS1o7lNR0bDoLL1HGdRQGR/Q9Pc:wR6yLgHj3tsCVAbURir+b+IQGR/Q9U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
698e4946140925b8477c05e8d54f63d5_JaffaCakes118

Files

698e4946140925b8477c05e8d54f63d5_JaffaCakes118
.dll windows:4 windows x86 arch:x86

857c34c9d4a1ea718650d7bbd2f2cdce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHDeleteValueA
SHSetValueA
SHGetValueA

msvcrt

time
__CxxFrameHandler
??2@YAPAXI@Z
strrchr
getenv
rand
srand
fwrite
fread
fclose
ftell
fseek
fopen
_access
sprintf
atoi
strstr
strncpy
_strlwr
_strnicmp
_stat
_CxxThrowException
strncmp
wprintf
??1type_info@@UAE@XZ
_setjmp3
__CxxLongjmpUnwind
longjmp
_adjust_fdiv
_initterm
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_mkdir
strftime
_stricmp
isspace
strchr
abort
strtok
wcscpy
wcscat
wcslen
atol
sscanf
memmove
wcscmp
printf
_snprintf
rename
_mbsnbicmp
localtime
mktime
vsprintf
free
malloc

ws2_32

ntohl
inet_addr
gethostname
htons
recvfrom
bind
socket
sendto
ntohs
gethostbyname
WSAStartup

iphlpapi

GetAdaptersInfo

rasapi32

RasEnumConnectionsA
RasEnumEntriesA
RasGetEntryDialParamsA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiGetClassDevsA
SetupDiCallClassInstaller
SetupDiSetClassInstallParamsA

netapi32

Netbios

advapi32

LsaClose
RegQueryValueExW
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
DeleteService
CloseServiceHandle
ControlService
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegEnumValueA
GetUserNameA
LookupAccountNameA
ConvertSidToStringSidW
LsaOpenPolicy
LsaRetrievePrivateData
RegOpenKeyExW
RegConnectRegistryA
RegOpenKeyA
RegEnumKeyA
StartServiceA
CreateServiceA

user32

ChangeClipboardChain
PostQuitMessage
SetClipboardViewer
DefWindowProcA
GetPriorityClipboardFormat
OpenClipboard
GetClipboardData
GetForegroundWindow
GetWindowTextA
CloseClipboard
SendMessageA
RegisterClassExA
CreateWindowExA
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
IsCharAlphaNumericA
wsprintfW
wsprintfA
GetThreadDesktop
GetProcessWindowStation
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
GetDC
ReleaseDC
CloseWindowStation
CloseDesktop
GetSystemMetrics

oleaut32

GetErrorInfo
VariantInit
VariantClear

kernel32

GetModuleHandleW
TerminateThread
LocalFree
LocalAlloc
lstrlenA
SetLastError
WriteFile
CreateFileW
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalHandle
GlobalUnlock
GlobalFree
MoveFileExA
GetSystemDirectoryA
DeviceIoControl
GetFileSize
ReadFile
GetVersionExA
SystemTimeToFileTime
GetFileTime
LocalFileTimeToFileTime
SetFileTime
OutputDebugStringA
GetModuleFileNameA
CreateMutexA
SetFileAttributesA
GetWindowsDirectoryA
GetProcAddress
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetTempPathA
GetTickCount
CopyFileA
DeleteFileA
MoveFileA
BeginUpdateResourceA
UpdateResourceA
GetStartupInfoA
CreatePipe
TerminateProcess
OpenProcess
FindFirstFileA
SetFilePointer
WritePrivateProfileStringA
InterlockedCompareExchange
GetPrivateProfileStringA
GetPrivateProfileIntA
WideCharToMultiByte
GetEnvironmentVariableA
GetSystemDefaultLCID
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcess
GetCurrentThread
GetCurrentProcessId
FindClose
FindNextFileA
lstrcpyA
lstrcatA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
GetLogicalDriveStringsA
GetDiskFreeSpaceExA
GetVolumeInformationA
GetLogicalDrives
GetDiskFreeSpaceExW
GetVolumeInformationW
GetSystemDirectoryW
GetExitCodeThread
LoadResource
GetCurrentThreadId
CreateFileA
EndUpdateResourceA
LoadLibraryA
FindResourceA
LockResource
SizeofResource
FreeLibrary
InterlockedExchange
GetLastError
Sleep
CreateProcessA
CreateThread
CloseHandle

mfc42

ord6877
ord540
ord860
ord535
ord800
ord537
ord5683
ord2818
ord858
ord924
ord4129

gdi32

CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
BitBlt
GetDeviceCaps
GetStockObject
SelectPalette
RealizePalette
DeleteObject
GetPixel
DeleteDC
GetDIBits

shell32

SHGetSpecialFolderPathA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

StgOpenStorage
StgIsStorageFile
CoUninitialize
CoTaskMemFree
CoInitialize
CoCreateInstance

Exports

Exports

DealA
DealB
DealC

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

857c34c9d4a1ea718650d7bbd2f2cdce

Headers

File Characteristics

Imports

shlwapi

msvcrt

ws2_32

iphlpapi

rasapi32

setupapi

netapi32

advapi32

user32

oleaut32

kernel32

mfc42

gdi32

shell32

ole32

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 150KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 12KB - Virtual size: 41KB

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 151KB - Virtual size: 150KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 12KB - Virtual size: 41KB

.reloc
Size: 10KB - Virtual size: 10KB