8787ce4517fd22f0a25257b1b9de7a8c_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8787ce4517fd22f0a25257b1b9de7a8c_JaffaCakes118
Size

752KB
MD5

8787ce4517fd22f0a25257b1b9de7a8c
SHA1

720ee357c972be7419cd6cd4ccd1debd630c1790
SHA256

485347a518bf6adc1f992dc66dd53ae15c2d94bdcee1b9b6ef4783cee27a8b55
SHA512

389acacdf57ab207429ab72dc357828bfd5268d72e4b67554968c30bcb42961ca1023c2438135c25c177ca332fb5555b755acf24c94f198bc8caa2c63fe41705
SSDEEP

12288:rYJEgKc47Y8E4yzB+4IxFSc4MbkNqn3L7PrV5wOw/I1Pea2d4/Z7Aw5APveo9TAG:Elf47Y8E4pHxww+4/Zcw5Qr9TABd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8787ce4517fd22f0a25257b1b9de7a8c_JaffaCakes118

Files

8787ce4517fd22f0a25257b1b9de7a8c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

49682df2e302589a1528088b12fe8e2e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

BitBlt
ExtEscape
GetSystemPaletteEntries
SetROP2
MoveToEx
LineTo
GetRegionData
GetRgnBox
OffsetRgn
SetRectRgn
GetObjectA
CreateRectRgn
SetBkMode
GetStockObject
CreateCompatibleDC
CreateSolidBrush
SelectObject
PatBlt
StretchBlt
DeleteObject
CreateDCA
GetDIBits
DeleteDC
GetPixel
GetDeviceCaps
CreateCompatibleBitmap
CreateDIBSection
GdiFlush
SetDIBColorTable
RealizePalette
SelectPalette
CreatePalette
GetBitmapBits
CombineRgn
GetClipBox

wsock32

inet_ntoa
socket
WSAGetLastError
recv
send
getsockname
getpeername
getsockopt
setsockopt
accept
listen
ioctlsocket
inet_addr
gethostbyname
gethostname
connect
htons
htonl
bind
shutdown
closesocket
WSACleanup
WSAStartup

winmm

timeGetTime
PlaySoundA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

FreeLibrary
CopyFileA
GetTempPathA
lstrlenA
GetSystemInfo
GetVersion
GetComputerNameA
GetLastError
WinExec
CloseHandle
OpenProcess
WritePrivateProfileStringA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetPrivateProfileStructA
CreateFileMappingA
MapViewOfFile
OpenFileMappingA
UnmapViewOfFile
WaitForSingleObject
CreateMutexA
ReleaseMutex
SetLastError
MultiByteToWideChar
ReadFile
Sleep
WriteFile
GetCurrentProcessId
GetVersionExA
Process32Next
Process32First
CreateToolhelp32Snapshot
SetEvent
OpenEventA
CreateEventA
FindNextFileA
SetCurrentDirectoryA
ResumeThread
CreateThread
CompareFileTime
GetFileTime
GetFileSize
CreateFileA
MoveFileExA
SetFileAttributesA
GetFileAttributesA
GetSystemTime
SetFilePointer
CreateDirectoryA
SetErrorMode
SetFileTime
SystemTimeToFileTime
FlushFileBuffers
SetEndOfFile
MoveFileA
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
SetThreadPriority
DeleteFileA
GlobalUnlock
GlobalLock
GlobalAlloc
TerminateProcess
CreateProcessA
SetProcessShutdownParameters
GetLocalTime
TerminateThread
ResetEvent
WaitForMultipleObjects
WriteConsoleA
GetStdHandle
FormatMessageA
GlobalFree
ReleaseSemaphore
CreateSemaphoreA
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
HeapSize
ExitThread
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
HeapReAlloc
PeekNamedPipe
GetFileInformationByHandle
GetCPInfo
InterlockedDecrement
InterlockedIncrement
GetCurrentDirectoryA
SetEnvironmentVariableA
GetCommandLineA
SetStdHandle
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
RaiseException
TlsAlloc
DuplicateHandle
TlsSetValue
TlsFree
TlsGetValue
SetVolumeLabelA
GetLocaleInfoA
lstrcmpiA
lstrcpynA
InterlockedExchange
GetProcessHeap
HeapAlloc
HeapFree
GetFileType
DosDateTimeToFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetFullPathNameA
RemoveDirectoryA
GetVolumeInformationA
lstrcpyA
lstrcatA
GetCurrentThread
FindFirstFileA
FindClose
WideCharToMultiByte
EnterCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcess
GetProcessTimes
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
GetTickCount
GetCurrentThreadId
LoadLibraryA
GetProcAddress
GetModuleFileNameA
MulDiv
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableW
GetLocaleInfoW
CompareStringA
CompareStringW
OutputDebugStringA

user32

ExitWindowsEx
GetProcessWindowStation
ChangeClipboardChain
DestroyWindow
GetClipboardOwner
GetClipboardData
PostThreadMessageA
RegisterWindowMessageA
GetIconInfo
EnumWindows
WaitForInputIdle
IsWindowVisible
OpenClipboard
PeekMessageA
SetClipboardData
CloseClipboard
IsWindow
GetWindowTextA
OpenDesktopA
EnumDesktopWindows
GetClassNameA
DrawIconEx
mouse_event
GetKeyboardState
keybd_event
SetActiveWindow
MessageBeep
FlashWindow
GetKeyState
VkKeyScanA
ToAscii
GetAsyncKeyState
MapVirtualKeyA
SetRect
IsIconic
WindowFromPoint
SetClipboardViewer
CharToOemA
OemToCharA
wvsprintfA
ReleaseDC
GetDesktopWindow
ChangeDisplaySettingsExA
EnumDisplaySettingsA
PostMessageA
DialogBoxParamA
EndDialog
SetWindowTextA
LoadStringA
EmptyClipboard
GetWindowRect
InvalidateRect
GetDlgItemTextA
SetFocus
WaitMessage
GetCursorPos
ScreenToClient
SetCursor
SetCapture
GetCaretBlinkTime
ReleaseCapture
MoveWindow
CallWindowProcA
GetParent
GetClientRect
SetDlgItemTextA
GetScrollInfo
GetDlgItem
SendDlgItemMessageA
SetForegroundWindow
wsprintfA
FindWindowA
GetWindowThreadProcessId
SystemParametersInfoA
MessageBoxA
GetForegroundWindow
SendMessageA
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
GetMessageA
TranslateMessage
DispatchMessageA
CloseDesktop
LoadIconA
LoadCursorA
RegisterClassExA
AdjustWindowRect
CreateWindowExA
GetWindowLongA
SetWindowLongA
ShowWindow
KillTimer
PostQuitMessage
SetTimer
DefWindowProcA
SetWindowPos
IsRectEmpty
LoadImageA
GetDC
GetSystemMetrics
SetCaretBlinkTime

advapi32

RegCloseKey
LookupAccountSidA
RegCreateKeyA
RegCreateKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
RegSetValueExA
GetUserNameA
RegQueryValueExA
RegOpenKeyExA
GetKernelObjectSecurity
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
IsValidSid
GetSecurityDescriptorOwner
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl

shell32

SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA
ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

avifil32

AVIFileOpenA
AVIFileInit
AVIStreamWrite
AVIFileExit
AVIFileRelease
AVIStreamRelease
AVIStreamSetFormat
AVIMakeCompressedStream
AVISaveOptionsFree
AVISaveOptions
AVIFileCreateStreamA

msvfw32

ord2

Exports

Exports

GetVNCServerManage

Sections

.text
Size: 576KB - Virtual size: 573KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

49682df2e302589a1528088b12fe8e2e

Headers

File Characteristics

Imports

gdi32

wsock32

winmm

version

kernel32

user32

advapi32

shell32

ole32

avifil32

msvfw32

Exports

Exports

Sections

.text Size: 576KB - Virtual size: 573KB

.rdata Size: 116KB - Virtual size: 115KB

.data Size: 16KB - Virtual size: 443KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 35KB

.text
Size: 576KB - Virtual size: 573KB

.rdata
Size: 116KB - Virtual size: 115KB

.data
Size: 16KB - Virtual size: 443KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 35KB