a2230c984c3afd8fc1816e6dd63591f9_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a2230c984c3afd8fc1816e6dd63591f9_JaffaCakes118
Size

61KB
MD5

a2230c984c3afd8fc1816e6dd63591f9
SHA1

1da7f1071f8feffcffeaee50832f2e68f2c16160
SHA256

2e38615b367d257eba049ef757fff6af789ff425b726f92a955c227a9b39eca4
SHA512

844d14d724f8da0162256d24eeb2c10bddca5c13d3ade9d410977402228f055271a81bab36e4cfb5b69c265547d651357b845f8a7d7b6667e2bacfe1e0b69e24
SSDEEP

768:HP5ERMh5PTtRsXN1wUZvgrzngYJXkQR2KVmd5A5gB9Yxqg6qS/kjMZFoBX:HPqc5PUN1wU2rzDO3Exqg6qS8jMZFoB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a2230c984c3afd8fc1816e6dd63591f9_JaffaCakes118

Files

a2230c984c3afd8fc1816e6dd63591f9_JaffaCakes118
.dll windows:4 windows x86 arch:x86

90b225705468fef2f60bc139fdbf9aaa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
MapViewOfFile
CreateFileMappingA
CreateFileA
CreateEventA
SleepEx
PulseEvent
WriteFile
OpenEventA
OpenMutexA
GetModuleFileNameA
GetWindowsDirectoryA
DisableThreadLibraryCalls
ReadDirectoryChangesW
GetFileAttributesExA
WideCharToMultiByte
GetDriveTypeA
GetLogicalDriveStringsA
InterlockedIncrement
InterlockedDecrement
FreeLibraryAndExitThread
VirtualFree
VirtualProtect
VirtualAlloc
InterlockedPushEntrySList
Process32First
CreateToolhelp32Snapshot
Module32Next
Module32First
GetCurrentProcessId
VirtualQuery
GetSystemInfo
GetProcAddress
Thread32Next
Thread32First
QueryDosDeviceA
OpenProcess
TerminateProcess
GetPrivateProfileStringA
lstrlenW
GetVersionExA
FindNextFileA
FindFirstFileA
MultiByteToWideChar
ReadFile
CreatePipe
GetModuleHandleA
GetLastError
InterlockedPopEntrySList
CloseHandle
InitializeSListHead
CreateThread
WaitForSingleObject
ReleaseMutex
GetTempPathA
GetTempFileNameA
Sleep
CreateProcessA
WinExec
CopyFileA
SetFileAttributesA
FreeLibrary
CreateMutexA
LoadLibraryA
Process32Next

user32

GetWindowDC
GetClassNameA
EnumChildWindows
EnumWindows
IsWindow
GetDlgCtrlID
GetDlgItem
SetWindowLongA
GetParent
GetDlgItemTextA
GetWindowTextA
GetDesktopWindow
GetDC
EnumDesktopWindows
IsRectEmpty
GetClientRect
CallNextHookEx
SetWindowsHookExA
GetWindowThreadProcessId
UnhookWindowsHookEx
PrintWindow
GetWindowRect

gdi32

CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
BitBlt
DeleteObject
DeleteDC

advapi32

RegQueryValueExA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumValueA
RegCloseKey

ole32

CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
SysAllocString
VariantClear
SysFreeString

msvcp60

??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?empty@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE_NXZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z

wininet

HttpAddRequestHeadersA
InternetWriteFile
HttpEndRequestA
InternetCrackUrlA
InternetCloseHandle
HttpQueryInfoA
HttpSendRequestA
HttpSendRequestExA
HttpOpenRequestA
InternetConnectA
InternetOpenA

urlmon

URLDownloadToFileA

ws2_32

setsockopt
closesocket
WSACleanup

psapi

GetProcessImageFileNameA

shlwapi

PathFileExistsA

msvcrt

abs
wcsstr
_mbslwr
_mbsstr
malloc
wcscmp
free
_mbscmp
_CxxThrowException
_mbsupr
_ltoa
_ismbcprint
memcmp
strncpy
memset
clock
??2@YAPAXI@Z
memcpy
sprintf
strcpy
strcat
strstr
atol
printf
_except_handler3
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
_snprintf
_memicmp
_mbsrchr
_mbsnbcpy
_mbsicmp
_mbstok
atoi
strlen
_mbschr
__CxxFrameHandler

gdiplus

GdiplusStartup
GdipSaveImageToStream
GdipDisposeImage
GdipFree
GdipCloneImage
GdipAlloc
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders

iphlpapi

GetAdaptersInfo

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

shell32

SHGetFolderPathA

Exports

Exports

?GetOS@Utility@@SAKXZ
_LOADLIBRARY_DUMMY

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90b225705468fef2f60bc139fdbf9aaa

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp60

wininet

urlmon

ws2_32

psapi

shlwapi

msvcrt

gdiplus

iphlpapi

rpcrt4

shell32

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 57KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 57KB - Virtual size: 57KB

.reloc
Size: 3KB - Virtual size: 2KB