6a26dccb1a80642ee60c432e659222b7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

6a26dccb1a80642ee60c432e659222b7_JaffaCakes118
Size

102KB
MD5

6a26dccb1a80642ee60c432e659222b7
SHA1

cc711e7737a07520cfad9e9b4449f69c333bf0a6
SHA256

b1b54ca5d7d8697e5a4a3986862529548a48410d92cc3c4d7185d774590505db
SHA512

c4ff71e6c8202a561f986dfbafe20be83fb4c31abc5f19629ecd172973c28cc592555cfda17d1a0f5038a4191b838502ace947249b3b3df8f8af80906dc602b7
SSDEEP

3072:yAb8WyX8YOG3530XiezSjx/WaFtOodo6Akf:yu8WyX8YdG7zSjxvw6n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6a26dccb1a80642ee60c432e659222b7_JaffaCakes118

Files

6a26dccb1a80642ee60c432e659222b7_JaffaCakes118
.dll windows:4 windows x86 arch:x86

36b0f89308f83bd4d34751e20087459f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
InterlockedCompareExchange
GetLocalTime
lstrcatW
lstrcpyW
lstrlenW
GetLocaleInfoA
RtlMoveMemory
LocalReAlloc
MulDiv
ReleaseSemaphore
GetCurrentThread
GetVersionExA
InterlockedIncrement
InterlockedDecrement
LCMapStringW
MultiByteToWideChar
InterlockedExchangeAdd
lstrlenA
WaitForMultipleObjects
DeleteFileA
SetFileTime
CreateFileA
CopyFileA
FindClose
FlushFileBuffers
VirtualProtect
CopyFileW
MoveFileA
WriteFile
PulseEvent
FindFirstFileA
FindNextFileA
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
HeapAlloc
HeapFree
GetLastError
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
RaiseException
LoadLibraryA
InterlockedExchange
LocalFree
LocalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentThreadId
QueryPerformanceCounter
GetSystemDirectoryW
DeleteCriticalSection
FreeLibrary
HeapDestroy
SetLastError
WaitForSingleObject
GetCurrentProcessId
GetTickCount
GetCommandLineA

user32

CharNextExA
wsprintfW
wsprintfA

advapi32

InitializeAcl
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
CryptCreateHash
CryptVerifySignatureA
CryptImportKey
CryptExportKey
CryptHashData
CryptSignHashA
CryptDestroyKey
CryptGenKey
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
SetThreadToken
OpenThreadToken
CryptSetProvParam
CryptReleaseContext
CryptAcquireContextA
AddAccessAllowedAce
RegQueryValueExA
RegSetValueExA
FreeSid
RegOpenKeyA
SetSecurityDescriptorDacl
RegEnumKeyExW

gdi32

CloseEnhMetaFile
GetTextAlign
ExtTextOutA
GetRgnBox
CombineRgn
DeleteObject
MoveToEx
CreateDIBSection
GetDIBits
CreateFontIndirectA
GetCurrentPositionEx
LineTo
Polyline
Polygon
GetRandomRgn
GetRegionData
GetWinMetaFileBits
PlayEnhMetaFile
SetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
CreateEnhMetaFileA
SetEnhMetaFileBits
ExtSelectClipRgn
CreateRectRgn
SelectClipRgn
GetClipRgn
DeleteEnhMetaFile
ExcludeClipRect
ExtCreateRegion
OffsetClipRgn
IntersectClipRect

ole32

CoRegisterClassObject

msvcrt

scanf
strncpy
swscanf
_stricmp
wcslen
_wcsicmp
wcsrchr
setlocale
_ultoa
strrchr
wcscspn
wcscat
_mbslen
_mbscspn
_ismbcprint
wcscmp
atol
memset
_adjust_fdiv
_amsg_exit
free
_XcptFilter
memcpy
_snprintf
_initterm
malloc
wcscpy
_except_handler3
??3@YAXPAX@Z
__CxxFrameHandler
iswprint

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36b0f89308f83bd4d34751e20087459f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

msvcrt

msvcp60

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 34KB - Virtual size: 68KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 34KB - Virtual size: 68KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB