83d714851759b3785b73150e828d5d45_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

83d714851759b3785b73150e828d5d45_JaffaCakes118
Size

448KB
MD5

83d714851759b3785b73150e828d5d45
SHA1

598d8309897cdbea13b13ffbf5830ed12292231c
SHA256

34dbd0fc044c346c070fb3ef6a042380db31a2d05c2cf1d3e920c0a131be5bc6
SHA512

8f80a808ff755a198530e2ebbe410be3be6b8acc763bd43db838338508ee8a4cbd1be12ce0496cb091b5bcbdbc496009ed8658174282802d7315a581a8429169
SSDEEP

12288:HHOOUIj5WZaZc5zYy+WH2eh+0ZknsdNRlBPPOmd7dKF7:HuukQZAcPb0Z6sdNRl1OmNdKF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
83d714851759b3785b73150e828d5d45_JaffaCakes118

Files

83d714851759b3785b73150e828d5d45_JaffaCakes118
.dll windows:5 windows x86 arch:x86

c69a7c23af0468d62d10ac68e2a7b09b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comdlg32

FindTextW
ChooseFontW
ChooseColorA

kernel32

QueryDosDeviceA
lstrcpynA
lstrcpyW
DeleteFiber
DeleteFileA
DisconnectNamedPipe
EnumLanguageGroupLocalesA
EnumTimeFormatsW
ExitProcess
FileTimeToSystemTime
FindFirstChangeNotificationA
GetCommandLineA
GetFileSize
GetLogicalDrives
GetOEMCP
GetPrivateProfileStructW
GetProcAddress
GetProcessTimes
GetProcessVersion
GetTempFileNameA
GetTickCount
GetVolumeNameForVolumeMountPointA
GlobalMemoryStatusEx
HeapAlloc
HeapDestroy
IsBadWritePtr
IsDBCSLeadByte
LocalUnlock
Module32NextW
OpenWaitableTimerA
VerLanguageNameA
RtlFillMemory
RtlMoveMemory
SetComputerNameExA
SetCurrentDirectoryA
SetLastError
SetSystemTimeAdjustment
SetTimeZoneInformation
TransmitCommChar

user32

SendMessageA
UnhookWindowsHook
UpdateWindow
FindWindowA
CharUpperW
PostMessageA

winmm

mixerSetControlDetails
mixerOpen
mixerGetNumDevs
mixerGetLineInfoW
mixerGetLineControlsA
mixerGetControlDetailsW
mixerGetControlDetailsA
mmGetCurrentTask
mmTaskCreate
midiStreamPosition
midiOutUnprepareHeader
midiOutPrepareHeader
midiOutOpen
midiOutGetVolume
midiOutGetNumDevs
midiOutGetID
midiOutLongMsg

ntdll

RtlValidateProcessHeaps
RtlxUnicodeStringToOemSize
RtlQueryAtomInAtomTable
RtlNtStatusToDosError
RtlMultiByteToUnicodeSize
RtlCreateRegistryKey
NtSetSystemEnvironmentValue
RtlCopySid
RtlAnsiStringToUnicodeString
RtlAnsiStringToUnicodeSize
NtOpenTimer

msi

ord33
ord132
ord127
ord122
ord116
ord105
ord100
ord96
ord230
ord85
ord78
ord73
ord72
ord204
ord34
ord234
ord32
ord22
ord5

version

VerInstallFileW
GetFileVersionInfoSizeA
GetFileVersionInfoA

setupapi

CM_Get_HW_Prof_Flags_ExA
CM_Get_Device_ID_List_ExW
CM_Open_DevNode_Key
SetupDiClassGuidsFromNameExW
SetupDiGetClassImageList
CM_Get_DevNode_Status_Ex

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 362KB - Virtual size: 667KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c69a7c23af0468d62d10ac68e2a7b09b

Headers

DLL Characteristics

File Characteristics

Imports

comdlg32

kernel32

user32

winmm

ntdll

msi

version

setupapi

Sections

.text Size: 57KB - Virtual size: 57KB

.data Size: 362KB - Virtual size: 667KB

.rsrc Size: 27KB - Virtual size: 26KB

.text
Size: 57KB - Virtual size: 57KB

.data
Size: 362KB - Virtual size: 667KB

.rsrc
Size: 27KB - Virtual size: 26KB