9ffbfa0e384e3f838dcba281184a047b_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

9ffbfa0e384e3f838dcba281184a047b_JaffaCakes118
Size

802KB
MD5

9ffbfa0e384e3f838dcba281184a047b
SHA1

f31d3b3f4a8cfaa36f0355cdbad8147b919c7d78
SHA256

57e576619ba5a8c3c29202f3a90729e000e8cb05a66bd789f9c161695b27054d
SHA512

2417b74ca238f3dec11f26b50d40cabc9b51c82e5170dbb63b4e0c7bf1be5dbcc9ea9c4cd4e9d57baffaa1197ea3c383885e3052d36ec73b04a1f558ea155bb5
SSDEEP

24576:i6DK/zln5lDqF3D5DJ+7DTt5MK0JjXAs:mhuFz5877MKAjX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
9ffbfa0e384e3f838dcba281184a047b_JaffaCakes118

Files

9ffbfa0e384e3f838dcba281184a047b_JaffaCakes118
.dll windows:6 windows x86 arch:x86

e320b8ac0f17c9028af2a49c49b83dca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

dbghelp.pdb

Imports

msvcrt

memset
??3@YAXPAX@Z
??2@YAPAXI@Z
iswxdigit
wcsncmp
wcsstr
wcschr
wcsncpy_s
qsort
_wcsicmp
strstr
sprintf_s
wcsrchr
_stricmp
_splitpath_s
strncpy_s
isspace
strcpy_s
malloc
ctime
_strlwr
strncmp
free
strcat_s
_purecall
_wcsnicmp
_wsplitpath_s
wcsncat_s
tolower
towlower
_wcsdup
_wctime
time
_wcslwr
_wmakepath_s
vsprintf_s
vswprintf_s
strncat_s
_itoa
calloc
iswspace
memmove
_XcptFilter
_initterm
_amsg_exit
_except_handler4_common
_unlock
__dllonexit
_lock
wcscat_s
swprintf_s
_mbscmp
??1type_info@@UAE@XZ
__CxxFrameHandler3
memcpy
_ltoa
wcscpy_s
_onexit
_vsnwprintf
iswprint
fopen
fflush
fprintf
atol
fclose
__unDName
iswdigit
_CxxThrowException
bsearch
_snwprintf_s
_wfsopen
fread
fseek
wcstol
strchr
_snprintf_s
_wfullpath
_wgetenv
_get_osfhandle
_read
_write
_lseeki64
_chsize
_close
_open_osfhandle
ftell
_memicmp
_wsopen

ntdll

RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
NtQueryInformationProcess
NtQueryObject
RtlEqualUnicodeString
RtlCreateQueryDebugBuffer

kernelbase

IsDBCSLeadByte

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
OutputDebugStringA

api-ms-win-core-errorhandling-l1-1-0

SetLastError
GetLastError
SetErrorMode
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

FindClose
FindNextFileW
FindFirstFileW
ReadFile
GetFileSize
CreateFileA
DeleteFileW
CreateFileW
CreateDirectoryW
SetFilePointer
GetFileAttributesW
CreateDirectoryA
GetFullPathNameW
WriteFile
GetFileAttributesA

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-heap-l1-1-0

HeapReAlloc
HeapAlloc
HeapFree
HeapDestroy
HeapCreate
GetProcessHeap

api-ms-win-core-interlocked-l1-1-0

InterlockedExchange
InterlockedCompareExchange

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
GetProcAddress
GetModuleFileNameW
LoadLibraryExA
GetModuleHandleA

api-ms-win-core-memory-l1-1-0

UnmapViewOfFile
VirtualProtect
VirtualAlloc
VirtualFree
ReadProcessMemory
VirtualQueryEx
MapViewOfFile

api-ms-win-core-misc-l1-1-0

lstrcmpiW
Sleep
LocalAlloc

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW
ExpandEnvironmentStringsW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsSetValue
GetCurrentThreadId
TlsAlloc
TlsFree
TlsGetValue
ResumeThread
GetThreadPriority
GetPriorityClass
GetCurrentProcessId
TerminateThread
CreateThread
TerminateProcess
SuspendThread

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OpenProcess

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW
GetSystemDirectoryW
GetSystemInfo
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA

kernel32

DelayLoadFailureHook
LoadLibraryW
InterlockedDecrement
GetThreadTimes
MoveFileW
LoadLibraryA
GetThreadContext
GetThreadSelectorEntry
FormatMessageW
LocalFree
GetVersion
CopyFileW
InterlockedIncrement
LCMapStringW
CreateFileMappingW
SetFileAttributesW
DeviceIoControl
GetFileType
InitializeCriticalSectionAndSpinCount
FlushViewOfFile
GetCurrentDirectoryW
MapViewOfFileEx
CreateFileMappingA

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
itoldyouso
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 782KB - Virtual size: 782KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e320b8ac0f17c9028af2a49c49b83dca

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

ntdll

kernelbase

api-ms-win-core-debug-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-libraryloader-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-misc-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 782KB - Virtual size: 782KB

.data Size: 17KB - Virtual size: 108KB

.rsrc Size: 1024B - Virtual size: 1008B

.text
Size: 782KB - Virtual size: 782KB

.data
Size: 17KB - Virtual size: 108KB

.rsrc
Size: 1024B - Virtual size: 1008B