8d69b23f4b9b65249c3861c1af4854a9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

8d69b23f4b9b65249c3861c1af4854a9_JaffaCakes118
Size

135KB
MD5

8d69b23f4b9b65249c3861c1af4854a9
SHA1

f6612971b6243c5a3a891bf9f3bdd079484c3737
SHA256

0d5d26358726686acb1578fb49a7c3151ad42cc1b6b80c4b9c09a81566006866
SHA512

d505e96aa83cba7c679c35d58d00e6d60d3f8a6e6da0f723f05f2b163e1e4976bdd206f32c3d7049d8623938c9eec2c3eae26da6f0f322d7939205221ef42abd
SSDEEP

3072:dsxnnENux9z0wNloAK/47MzkNdBLcJv/uNoAWg+mhORzJimDdPwFs:dsxnnXx9zd5DakNLCv/uNMmORzJiWdi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8d69b23f4b9b65249c3861c1af4854a9_JaffaCakes118

Files

8d69b23f4b9b65249c3861c1af4854a9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

1e67d438a2fc023cb956b3539084ceac

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memmove
??2@YAPAXI@Z
strlen
memcpy
__CxxFrameHandler
_EH_prolog
_CxxThrowException
??1exception@@UAE@XZ
??0exception@@QAE@XZ
??0exception@@QAE@ABV0@@Z
memcmp
_adjust_fdiv
_initterm
_onexit
__dllonexit
??1type_info@@UAE@XZ
??3@YAXPAX@Z
_purecall
malloc
free
memset
realloc

comctl32

_TrackMouseEvent

kernel32

LockResource
LoadResource
FindResourceA
FindResourceExA
FlushInstructionCache
GetCurrentProcess
HeapAlloc
WideCharToMultiByte
lstrlenA
GetCurrentThreadId
CloseHandle
UnmapViewOfFile
lstrcmpA
ReadFile
GetFileSize
CreateFileA
FindClose
FindFirstFileA
WriteFile
SizeofResource
MapViewOfFile
CreateFileMappingA
WaitForSingleObject
SetEvent
MultiByteToWideChar
lstrcmpiA
CreateThread
ResetEvent
lstrcpynA
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
DisableThreadLibraryCalls
GetModuleFileNameA
GetLastError
lstrlenW
FreeLibrary
LoadLibraryExA
IsDBCSLeadByte
CreateEventA
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
GetSystemTimeAsFileTime
GetCurrentProcessId
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
GetProcessHeap
HeapFree
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
HeapDestroy
HeapReAlloc
HeapSize
ExitProcess
QueryPerformanceCounter
GetTickCount
InterlockedExchange
RtlUnwind
lstrcatA

user32

CharLowerA
DestroyAcceleratorTable
GetWindow
GetWindowTextLengthA
RegisterWindowMessageA
ReleaseCapture
SetCapture
InvalidateRgn
GetDesktopWindow
SetFocus
IsChild
GetDlgItem
RedrawWindow
SetWindowPos
GetClassNameA
CreateAcceleratorTableA
LoadBitmapA
CreatePopupMenu
AppendMenuA
IsDialogMessageA
DestroyMenu
LoadStringA
GetClientRect
GetActiveWindow
SetWindowLongW
CreateDialogParamA
MessageBoxA
GetSystemMetrics
MoveWindow
ShowWindow
GetCursorPos
SetTimer
ScreenToClient
FindWindowExA
SetWindowTextA
GetWindowRect
KillTimer
SetForegroundWindow
TrackPopupMenuEx
GetWindowTextA
FillRect
CreateWindowExA
RegisterClassExA
DestroyWindow
LoadCursorA
wsprintfA
IsWindow
GetParent
InvalidateRect
ClientToScreen
PostMessageA
CharNextA
BeginPaint
EndPaint
GetDC
ReleaseDC
GetSysColor
IsWindowVisible
CallWindowProcA
GetWindowLongA
SetWindowLongA
TranslateMessage
DispatchMessageA
GetFocus
DefWindowProcA
SendMessageA
GetClassInfoExA
UnregisterClassA

gdi32

CreateCompatibleBitmap
GetStockObject
CreateFontA
CreateSolidBrush
SetBkColor
SetBkMode
GetObjectA
GetDeviceCaps
SetTextColor
CreateBitmap
GetPixel
TextOutA
BitBlt
CreateCompatibleDC
DeleteDC
SetPixel
ExtCreatePen
SelectObject
MoveToEx
LineTo
GetTextExtentPoint32A
DeleteObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegQueryInfoKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
GetUserNameA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegCloseKey

ole32

StringFromGUID2
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemRealloc
OleLockRunning
CoTaskMemFree
CoCreateInstance
CLSIDFromString
CoInitialize
CoUninitialize
CoGetClassObject
CLSIDFromProgID
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysFreeString
SysAllocStringLen
SysStringLen
VariantInit
VariantClear
SysStringByteLen
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
SysAllocString

Exports

Exports

BW_HasFocusIO
BW_TranslateAcceleratorIO
ChangeString
GetBarMinSize
GetBarVersion
InitializeBar
ReCreateBarControls
ReSizeBarControls
TerminateBar
UpdateNews

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e67d438a2fc023cb956b3539084ceac

Headers

File Characteristics

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 100KB - Virtual size: 99KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 9KB - Virtual size: 8KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 100KB - Virtual size: 99KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 9KB - Virtual size: 8KB

.reloc
Size: 8KB - Virtual size: 7KB