77c9c927b1ee88d9fb6847642b68f682_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

77c9c927b1ee88d9fb6847642b68f682_JaffaCakes118
Size

102KB
MD5

77c9c927b1ee88d9fb6847642b68f682
SHA1

c317bca8e50a19e6d5f6232742d4c1c28227a002
SHA256

03cb36a5aecebca8ec1c4d43ca08cc3932ffba6e0fa13a73989894a7e0b18481
SHA512

66260f8390c8b7719a18cbb8ef899713a8ea59734a01985ebc3471530ba77e2cff2e49ba2ff988c0b755af4c76b8077637b88706b4266c76930b5aeec1d06aaa
SSDEEP

3072:yAb8WyX8YOG3530Xi2zSjx/WaFtOodo6Akf:yu8WyX8YdGfzSjxvw6n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
77c9c927b1ee88d9fb6847642b68f682_JaffaCakes118

Files

77c9c927b1ee88d9fb6847642b68f682_JaffaCakes118
.dll windows:4 windows x86 arch:x86

36b0f89308f83bd4d34751e20087459f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
InterlockedCompareExchange
GetLocalTime
lstrcatW
lstrcpyW
lstrlenW
GetLocaleInfoA
RtlMoveMemory
LocalReAlloc
MulDiv
ReleaseSemaphore
GetCurrentThread
GetVersionExA
InterlockedIncrement
InterlockedDecrement
LCMapStringW
MultiByteToWideChar
InterlockedExchangeAdd
lstrlenA
WaitForMultipleObjects
DeleteFileA
SetFileTime
CreateFileA
CopyFileA
FindClose
FlushFileBuffers
VirtualProtect
CopyFileW
MoveFileA
WriteFile
PulseEvent
FindFirstFileA
FindNextFileA
EnterCriticalSection
LeaveCriticalSection
ExpandEnvironmentStringsW
LoadLibraryW
GetProcAddress
HeapAlloc
HeapFree
GetLastError
GetCurrentProcess
CloseHandle
GetSystemTimeAsFileTime
RaiseException
LoadLibraryA
InterlockedExchange
LocalFree
LocalAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentThreadId
QueryPerformanceCounter
GetSystemDirectoryW
DeleteCriticalSection
FreeLibrary
HeapDestroy
SetLastError
WaitForSingleObject
GetCurrentProcessId
GetTickCount
GetCommandLineA

user32

CharNextExA
wsprintfW
wsprintfA

advapi32

InitializeAcl
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegQueryInfoKeyW
CryptCreateHash
CryptVerifySignatureA
CryptImportKey
CryptExportKey
CryptHashData
CryptSignHashA
CryptDestroyKey
CryptGenKey
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
SetThreadToken
OpenThreadToken
CryptSetProvParam
CryptReleaseContext
CryptAcquireContextA
AddAccessAllowedAce
RegQueryValueExA
RegSetValueExA
FreeSid
RegOpenKeyA
SetSecurityDescriptorDacl
RegEnumKeyExW

gdi32

CloseEnhMetaFile
GetTextAlign
ExtTextOutA
GetRgnBox
CombineRgn
DeleteObject
MoveToEx
CreateDIBSection
GetDIBits
CreateFontIndirectA
GetCurrentPositionEx
LineTo
Polyline
Polygon
GetRandomRgn
GetRegionData
GetWinMetaFileBits
PlayEnhMetaFile
SetViewportOrgEx
SetViewportExtEx
SetWindowExtEx
SetMapMode
CreateEnhMetaFileA
SetEnhMetaFileBits
ExtSelectClipRgn
CreateRectRgn
SelectClipRgn
GetClipRgn
DeleteEnhMetaFile
ExcludeClipRect
ExtCreateRegion
OffsetClipRgn
IntersectClipRect

ole32

CoRegisterClassObject

msvcrt

scanf
strncpy
swscanf
_stricmp
wcslen
_wcsicmp
wcsrchr
setlocale
_ultoa
strrchr
wcscspn
wcscat
_mbslen
_mbscspn
_ismbcprint
wcscmp
atol
memset
_adjust_fdiv
_amsg_exit
free
_XcptFilter
memcpy
_snprintf
_initterm
malloc
wcscpy
_except_handler3
??3@YAXPAX@Z
__CxxFrameHandler
iswprint

msvcp60

?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

36b0f89308f83bd4d34751e20087459f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

msvcrt

msvcp60

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 34KB - Virtual size: 68KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 34KB - Virtual size: 68KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB