a271affac1e4f1d51940d6794f7b2f21_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

a271affac1e4f1d51940d6794f7b2f21_JaffaCakes118
Size

225KB
MD5

a271affac1e4f1d51940d6794f7b2f21
SHA1

ef509f7146f8abb15aa33821c33dde87ce167a30
SHA256

0f4188d311f4464a368898c72050b1aa927ee3cc64107cc94054b6a12f52e613
SHA512

17a073964f2ffd2e88f846ae4e70010e9fae4d9bca08d21df81a174cc9fe4e3a2349e5db3f3c03e1275c216296a33d1dd6fe3cc7b1a1bcd0aa2d3b63c80d9ea7
SSDEEP

6144:ihgNGaz1LLJpc0gs6lMppZ0jfiMdySKod:v7z1HJpAs6lM90WMdySKo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a271affac1e4f1d51940d6794f7b2f21_JaffaCakes118

Files

a271affac1e4f1d51940d6794f7b2f21_JaffaCakes118
.exe windows:5 windows x86 arch:x86

2065cb56ad4f8589a8a6943abadedacf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

free
ceil
_CxxThrowException
memmove
fopen
_purecall
qsort
_adjust_fdiv
_except_handler3
__CxxFrameHandler
_strlwr
_snprintf
malloc
sscanf
fwrite
floor
isalnum
_vsnprintf
_initterm
fclose
_onexit
atoi
__dllonexit
_stricmp
realloc
strstr
fflush
wcsrchr
_CIpow
sprintf
strchr
calloc

dhcpcsvc

DhcpAcquireParameters

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetTempPathA
CreateThread
DisableThreadLibraryCalls
WaitForMultipleObjects
SetNamedPipeHandleState
SetEvent
VirtualFree
FreeLibrary
WriteFile
MultiByteToWideChar
VerifyVersionInfoA
WaitNamedPipeA
InterlockedDecrement
QueryPerformanceFrequency
GetProcAddress
TlsGetValue
ExitThread
GetModuleHandleA
InterlockedCompareExchange
TerminateProcess
PeekNamedPipe
OpenMutexA
DeleteCriticalSection
GetVersionExA
lstrcmpA
VirtualProtect
SetFilePointer
InterlockedIncrement
GetSystemDirectoryA
VirtualAlloc
MoveFileA
ResumeThread
IsProcessorFeaturePresent
GetCurrentProcessId
lstrcpynA
CreateEventA
GetTickCount
WaitForSingleObject
DisconnectNamedPipe
InterlockedExchange
GetLastError
GetCurrentThread
TlsSetValue
GetSystemInfo
ReleaseMutex
FreeConsole
LoadLibraryA
SetUnhandledExceptionFilter
CreateSemaphoreA
CreateMutexA
GetPrivateProfileStringA
TlsAlloc
GetSystemTimeAsFileTime
OutputDebugStringA
DebugBreak
LocalFree
UnhandledExceptionFilter
GetEnvironmentVariableA
VerSetConditionMask
InitializeCriticalSection
FlushFileBuffers
GetNativeSystemInfo
GetFileSize
CreateFileA
ReadFile
DeleteFileA
ReleaseSemaphore
WideCharToMultiByte
LocalAlloc
ConnectNamedPipe
CreateNamedPipeA
GetCurrentThreadId
Sleep
GetCurrentProcess
QueryPerformanceCounter
CloseHandle
EnterCriticalSection
SetThreadAffinityMask
GetModuleFileNameA
GetProcessAffinityMask
SetErrorMode
LeaveCriticalSection
SetThreadPriority

dinput

DirectInputCreateA

winmm

timeEndPeriod
timeBeginPeriod

d3d8thk

OsThunkDdCanCreateD3DBuffer
OsThunkDdGetDC
OsThunkDdRenderMoComp
OsThunkDdCreateSurface
OsThunkDdAttachSurface
OsThunkD3dContextCreate
OsThunkDdGetInternalMoCompInfo
OsThunkDdGetMoCompBuffInfo
OsThunkDdSetGammaRamp
OsThunkDdBeginMoCompFrame
OsThunkDdFlipToGDISurface
OsThunkDdWaitForVerticalBlank
OsThunkDdCanCreateSurface
OsThunkDdReleaseDC
OsThunkDdEndMoCompFrame
OsThunkDdCreateD3DBuffer
OsThunkDdReenableDirectDrawObject
OsThunkDdQueryDirectDrawObject
OsThunkDdLockD3D
OsThunkD3dContextDestroyAll
OsThunkDdDeleteSurfaceObject
OsThunkDdFlip
OsThunkDdDeleteDirectDrawObject
OsThunkD3dContextDestroy
OsThunkDdGetBltStatus
OsThunkDdDestroyD3DBuffer
OsThunkDdGetMoCompFormats
OsThunkDdLock
OsThunkDdBlt
OsThunkDdSetExclusiveMode
OsThunkDdGetMoCompGuids
OsThunkDdUnlockD3D
OsThunkDdDestroyMoComp
OsThunkDdResetVisrgn
OsThunkDdGetDriverState
OsThunkDdGetDriverInfo
OsThunkDdGetAvailDriverMemory
OsThunkDdQueryMoCompStatus
OsThunkDdCreateMoComp
OsThunkDdCreateSurfaceObject
OsThunkDdUnlock
OsThunkDdGetFlipStatus
OsThunkD3dDrawPrimitives2
OsThunkD3dValidateTextureStageState
OsThunkDdDestroySurface
OsThunkDdGetScanLine
OsThunkDdCreateSurfaceEx

advapi32

InitializeSid
SetSecurityDescriptorDacl
GetLengthSid
RegQueryInfoKeyA
InitializeSecurityDescriptor
RegQueryValueExA
AddAccessAllowedAce
RegCreateKeyExA
RegOpenKeyExA
RegOpenKeyA
GetSidLengthRequired
RegSetValueExA
RegDeleteValueA
GetSidSubAuthority
InitializeAcl
RegCloseKey
RegEnumValueA

user32

IsWindowVisible
CreateIconIndirect
GetWindowLongA
SetForegroundWindow
SetCursorPos
GetClientRect
GetDesktopWindow
GetMonitorInfoA
SetWindowLongA
GetUserObjectInformationA
PostMessageA
SystemParametersInfoA
mouse_event
GetWindowThreadProcessId
DestroyIcon
DefWindowProcA
IsWindow
KillTimer
GetThreadDesktop
CloseDesktop
SetWindowPos
SetTimer
IsZoomed
OpenInputDesktop
SetCursor
ReleaseDC
EnumDisplaySettingsA
GetWindowDC
SetRect
ClientToScreen
SendMessageA
CallWindowProcA
PtInRect
GetSystemMetrics
GetCursor
GetDC
ShowWindow
IsIconic
IntersectRect
GetForegroundWindow
ChangeDisplaySettingsA
GetCursorPos
wsprintfA
GetKeyState
LoadStringA
OffsetRect

gdi32

GdiEntry13
BitBlt
CreateDCA
CreateRectRgn
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
SelectObject
DeleteDC
GetDeviceGammaRamp
DeleteObject
GetRandomRgn
SetStretchBltMode
GetDIBits
GetNearestColor
CreateCompatibleBitmap
GetSystemPaletteEntries
GdiEntry1
GetRegionData
StretchBlt
GetDeviceCaps

Sections

.textbss
Size: 144KB - Virtual size: 896KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

mfmslgp
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2065cb56ad4f8589a8a6943abadedacf

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

dhcpcsvc

version

kernel32

dinput

winmm

d3d8thk

advapi32

user32

gdi32

Sections

.textbss Size: 144KB - Virtual size: 896KB

.text Size: 512B - Virtual size: 428B

.rdata Size: 512B - Virtual size: 32B

.idata Size: 7KB - Virtual size: 7KB

.data Size: 1KB - Virtual size: 1KB

.rsrc Size: 39KB - Virtual size: 38KB

.tls Size: 31KB - Virtual size: 32KB

mfmslgp Size: - Virtual size: 4KB

.textbss
Size: 144KB - Virtual size: 896KB

.text
Size: 512B - Virtual size: 428B

.rdata
Size: 512B - Virtual size: 32B

.idata
Size: 7KB - Virtual size: 7KB

.data
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 39KB - Virtual size: 38KB

.tls
Size: 31KB - Virtual size: 32KB

mfmslgp
Size: - Virtual size: 4KB