829f3e65e5e0d5193363454f28a1e134_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

829f3e65e5e0d5193363454f28a1e134_JaffaCakes118
Size

103KB
MD5

829f3e65e5e0d5193363454f28a1e134
SHA1

360883cb29b2bce74c4bc0a74ca16ef7137faa06
SHA256

93423e20be35112192d5fef6f52d6979c06fdda6da8a1dd3c300c5fd91277fed
SHA512

a2f236633566c01705e51b84d28fe981e6f1df29337f3c1720aa4288b75d07b446d8af964cf112b38d9ac66a5c5a3c74b1bb7be944a5a2d53e5bbb6815da4515
SSDEEP

1536:bgB8h1dgP4vjKTg15hdulqMY7FGl3kO1+grNKpLRDz5EaHI4essssssssdI:EB8hzgrTWT1xpNz5R

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
829f3e65e5e0d5193363454f28a1e134_JaffaCakes118

Files

829f3e65e5e0d5193363454f28a1e134_JaffaCakes118
.dll windows:5 windows x86 arch:x86

66fa69752311f395285d5119825f4fe4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\workspace\crazyremote2.1\trunk\build\release\ScienPixWCL.pdb

Imports

winmm

mixerGetControlDetailsA
waveInStart
waveInStop
mixerGetID
waveOutOpen
waveInUnprepareHeader
waveInReset
waveInAddBuffer
waveInOpen
mixerGetLineControlsA
mixerGetLineInfoA
waveOutClose
waveInClose
mixerSetControlDetails
mixerOpen
mixerGetNumDevs
waveInPrepareHeader
mixerClose

ddraw

DirectDrawCreate

shlwapi

AssocQueryStringA

ws2_32

gethostbyname
WSACleanup
WSAStartup
inet_ntoa
gethostname

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CreateStreamOnHGlobal

kernel32

WriteConsoleA
SetFilePointer
RtlUnwind
SetStdHandle
HeapSize
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleMode
CreateFileA
GetFileSize
GlobalLock
GlobalAlloc
ReadFile
GlobalUnlock
GlobalFree
CloseHandle
MapViewOfFile
UnmapViewOfFile
SetErrorMode
SetUnhandledExceptionFilter
GetCurrentProcess
FormatMessageA
WriteFile
InitializeCriticalSection
Sleep
LeaveCriticalSection
FlushFileBuffers
GetLastError
GetProcAddress
EnterCriticalSection
LoadLibraryA
CreateFileMappingA
GetSystemInfo
GetModuleHandleA
CreateMutexA
DeleteCriticalSection
GetConsoleOutputCP
ReleaseMutex
GetVersion
GetCurrentProcessId
LocalFree
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
GetConsoleCP
TlsGetValue
RaiseException
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleW
VirtualAlloc
VirtualFree
HeapDestroy
HeapCreate
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
HeapReAlloc
DeleteFileA
GetFileAttributesA
HeapAlloc
HeapFree
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetCurrentThreadId

user32

GetUserObjectInformationA
EnumDisplayMonitors
SetProcessWindowStation
LockWorkStation
RegisterClassExA
SendInput
GetThreadDesktop
CloseWindowStation
AttachThreadInput
GetProcessWindowStation
EnumDisplaySettingsA
OpenInputDesktop
DrawIcon
WindowFromPoint
ExitWindowsEx
DestroyWindow
GetMonitorInfoA
GetIconInfo
GetDC
OpenWindowStationA
ChangeDisplaySettingsExA
SetCursorPos
CreateWindowExA
ReleaseDC
DefWindowProcA
DestroyCursor
GetDesktopWindow
GetCursorPos
GetCaretPos
ShowWindow
SetThreadDesktop
GetCursor
GetSystemMetrics
EnumDisplayDevicesA
ChangeDisplaySettingsA
GetWindowThreadProcessId
CopyImage
CloseDesktop
GetCursorInfo

gdi32

GetObjectA
BitBlt
DeleteDC
CreateDIBSection
SelectObject
CreateCompatibleDC
GetPixel
GetBitmapBits
DeleteObject

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken

shell32

SHGetSpecialFolderPathA
ShellExecuteA

oleaut32

OleLoadPicture

Exports

Exports

_wclActiveMirror@20
_wclBackupDesktop@4
_wclCaptureAudio@20
_wclCaptureAudioByID@24
_wclCaptureMouseBitmap@0
_wclCaptureMousePos@4
_wclCaptureScreenByMirror@20
_wclCaptureScreenByWinAPI@20
_wclCaptureScreenInit@0
_wclCaptureScreenRelease@0
_wclChangeDisplayDefaultMode@0
_wclChangeDisplayMode@16
_wclChangeDisplayModeNoBits@12
_wclChangeOverlay@4
_wclCheckDesktop@4
_wclFreeOverlay@0
_wclGetAppDataDirectory@4
_wclGetCaretPos@4
_wclGetCurrentDesktopName@8
_wclGetCurrentDisplayMode@8
_wclGetDefaultLocalIP@4
_wclGetDisplayDevices@4
_wclGetDisplayModes@8
_wclGetLastErrorMesg@8
_wclGetLocalIP@8
_wclGetMaxDisplayMode@8
_wclGetMonitorInfo@4
_wclGetMute@0
_wclGetVolume@0
_wclGoHomepage@4
_wclHideOverlay@0
_wclInit@4
_wclInitMouseKeyboardDriver@4
_wclInitOverlay@8
_wclInstallUnhandleExceptionHandler@12
_wclIs64bitOS@0
_wclIsDefaultDesktop@0
_wclIsMouseShow@0
_wclIsValidMirrorDriver@0
_wclIsValidMouseKeyboardDriver@0
_wclIsWindowVista@0
_wclIsWindowXP@0
_wclKeyboardDown_Driver@8
_wclKeyboardDown_NoDriver@8
_wclKeyboardTyping_Driver@8
_wclKeyboardTyping_NoDriver@8
_wclKeyboardUp_Driver@8
_wclKeyboardUp_NoDriver@8
_wclMouseClick_Driver@12
_wclMouseClick_NoDriver@4
_wclMouseDbClick_Driver@12
_wclMouseDbClick_NoDriver@4
_wclMouseDown_Driver@12
_wclMouseDown_NoDriver@4
_wclMouseHWheel_Driver@12
_wclMouseHWheel_NoDriver@4
_wclMouseMoveDiff_Driver@20
_wclMouseMoveDiff_NoDriver@12
_wclMouseMove_Driver@20
_wclMouseMove_NoDriver@12
_wclMouseUp_Driver@12
_wclMouseUp_NoDriver@4
_wclMouseVWheel_Driver@16
_wclMouseVWheel_NoDriver@4
_wclPing_Driver@0
_wclRelease@0
_wclReleaseMouseKeyboardDriver@0
_wclRemoveUnhandleExceptionHandler@0
_wclRestoreDesktop@4
_wclRunDefaultBrowser@0
_wclRunProgram@4
_wclSetExceptionHandlerCanProgramRestart@4
_wclSetMute@4
_wclSetOsVersion@0
_wclSetVolume@4
_wclShowOverlay@0
_wclShutdown@4
_wclStopAudio@0
_wclUniqueProgramInstance@4
_wclWindowLock@0

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

66fa69752311f395285d5119825f4fe4

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

winmm

ddraw

shlwapi

ws2_32

ole32

kernel32

user32

gdi32

advapi32

shell32

oleaut32

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 5KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 5KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB