a1bc8dbd48a9d273700f35a95ad61853_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a1bc8dbd48a9d273700f35a95ad61853_JaffaCakes118
Size

372KB
MD5

a1bc8dbd48a9d273700f35a95ad61853
SHA1

f5cbe9af5c81db18a9ebdf88d06f03a81e3b1d67
SHA256

245c9d6828b6191e72d04991497fde8e54f87d05ceb35811aa62c2eaf0aa863b
SHA512

00a8f94b70e30cca4a577e2d898e97d9158fd23ed91538a03e925dc56f24b6c5ea3362eb5db91a45186200c0c90b1f7326d26b06798a10cfe0106cb927abe683
SSDEEP

6144:wNNEDJsEHVMHAyurRK67yOa9TsMZBDv73JCIaU1qw52PcXN:wNeJRSDuNK67yOa9T7DD3JCIF1qwSuN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a1bc8dbd48a9d273700f35a95ad61853_JaffaCakes118

Files

a1bc8dbd48a9d273700f35a95ad61853_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b56b2dcb40242c4104bcab41e7af4858

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
Sleep
lstrlenA
lstrcpyA
GetSystemTime
GetTimeZoneInformation
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
LoadLibraryA
LCMapStringW
LCMapStringA
ReadFile
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
FlushFileBuffers
SetEndOfFile
SetStdHandle
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
IsBadWritePtr
VirtualAlloc
GetLogicalDrives
GetLogicalDriveStringsA
GetDriveTypeA
CreateFileA
WriteFile
GetVersionExA
InterlockedDecrement
DeleteFileA
MoveFileA
GetLocalTime
TerminateProcess
ExitThread
CreateThread
CloseHandle
SystemTimeToFileTime
FileTimeToSystemTime
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
GetModuleHandleA
HeapSize
GetLastError
HeapFree
HeapAlloc
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetCurrentProcess
ExitProcess
TlsGetValue
SetLastError
TlsFree
TlsAlloc
TlsSetValue
GetCurrentThreadId
RaiseException
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
GetVersion
GetCommandLineA
InterlockedIncrement
InitializeCriticalSection
HeapReAlloc

user32

DialogBoxParamA
LoadImageA
SendMessageA
FindWindowA
ShowWindow
ScreenToClient
EndDialog
SetWindowTextA
LoadCursorA
GetSysColor
GetWindowTextA
EnableWindow
PostMessageA
SetWindowPos
SetWindowLongA
GetWindowLongA
SetFocus
wsprintfA
GetDlgItem
InflateRect
DrawIconEx
SendDlgItemMessageA
BeginPaint
GetDC
DrawTextA
EndPaint
GetCursorPos
GetClientRect
GetCapture
SetCapture
PtInRect
ReleaseCapture
InvalidateRect
SetCursor
CallWindowProcA
GetWindowTextLengthA

gdi32

MoveToEx
LineTo
CreateCompatibleDC
BitBlt
DeleteDC
CreateFontIndirectA
SelectObject
SetTextColor
SetBkColor
SetBkMode
DeleteObject
CreatePen

advapi32

RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

shell32

ShellExecuteA

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeSecurity

oleaut32

VariantChangeType
VariantClear
SysAllocString
SysFreeString
VariantInit
VariantCopy

wsock32

WSAAsyncSelect
WSAGetLastError
send
ioctlsocket
WSAStartup
recv
getsockopt
connect
closesocket
inet_ntoa
inet_addr
socket
htons
gethostbyname

iphlpapi

GetIfTable

Exports

Exports

AlreadyRegister
CheckNewVersionLiveUpdate
LaunchLiveUpdate
RemoveLiveUpdate
ThongBaoQuetVirus
ThongBaoTabBanQuyen
UserActivateCard
WriteAutoLog
WriteManualLog
bCheckNewVersionLiveUpdate
bLaunchLiveUpdate
bRemoveLiveUpdate

Sections

.text
Size: 112KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 205KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b56b2dcb40242c4104bcab41e7af4858

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wsock32

iphlpapi

Exports

Exports

Sections

.text Size: 112KB - Virtual size: 109KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 24KB - Virtual size: 32KB

.rsrc Size: 208KB - Virtual size: 205KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 112KB - Virtual size: 109KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 24KB - Virtual size: 32KB

.rsrc
Size: 208KB - Virtual size: 205KB

.reloc
Size: 12KB - Virtual size: 11KB