abb0e59259881fd09b7e981d1e15861c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

abb0e59259881fd09b7e981d1e15861c_JaffaCakes118
Size

124KB
MD5

abb0e59259881fd09b7e981d1e15861c
SHA1

118dc6697dcb0c88fbc559beab41367b7f672a57
SHA256

833e5f84d6035debcda025c2ac8af1a0119721169a3eee33cf8284d4989eb4c9
SHA512

bd6936be46d3ae8c8ba9fdfa98f0e390cb938e0a1dcb4dbbaacff1690801893ace03375939cd9b43cd90e4f9919284fa65fc58c7cfb3aee375a583478dde7977
SSDEEP

3072:dEm8QRlA3aNkRAsTddoNxARag44LJ3Jh9ypXcdJ9XfUfCwhw:dESeXqxJspJip

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
abb0e59259881fd09b7e981d1e15861c_JaffaCakes118

Files

abb0e59259881fd09b7e981d1e15861c_JaffaCakes118
.dll windows:4 windows x86 arch:x86

b060f687462edb4c933fe5696ff0aa82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateDirectoryW
DeleteFileW
GetTempFileNameW
InterlockedIncrement
InterlockedDecrement
GetCurrentThread
ReadFile
SetFilePointer
GetFileAttributesW
SetFileAttributesW
GetLongPathNameW
HeapAlloc
HeapFree
CancelWaitableTimer
RegisterWaitForSingleObject
SetWaitableTimer
CreateWaitableTimerW
lstrlenW
CancelIo
GetProcessHeap
RaiseException
VirtualAlloc
GetSystemInfo
VirtualQuery
GetTempPathW
DeleteCriticalSection
lstrcmpiW
HeapDestroy
lstrcpynW
lstrlenA
SizeofResource
LoadResource
FindResourceW
GlobalUnlock
GlobalLock
GlobalAlloc
FlushInstructionCache
GetOverlappedResult
EnterCriticalSection
CreateFileW
LeaveCriticalSection
CreateThread
lstrcmpW
SetErrorMode
LoadLibraryW
GetProcAddress
FreeLibrary
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetCurrentThreadId
InterlockedCompareExchange
InterlockedExchange
SetLastError
Sleep
InitializeCriticalSection
ResetEvent
DisableThreadLibraryCalls
CloseHandle
SetEvent
WaitForSingleObject
CreateEventW
GetLastError
InitializeCriticalSectionAndSpinCount
GetTickCount
GetCommandLineA
LoadLibraryA
VirtualProtect

user32

IsChild
GetClientRect
DestroyAcceleratorTable
SetWindowLongW
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetDC
GetFocus
TranslateMessage
LoadStringW
RegisterWindowMessageW
RedrawWindow
CreateAcceleratorTableW
CharNextW
GetWindowLongW
DestroyWindow
DefWindowProcW
ReleaseDC
GetWindowTextLengthW
wsprintfW
LoadCursorW
GetClassInfoExW
CreateWindowExW
ShowWindow
SetFocus
GetParent
GetWindow
SetWindowTextW
GetWindowTextW
RegisterClassExW
DispatchMessageW

advapi32

ImpersonateLoggedOnUser
CryptAcquireContextW
CryptGetProvParam
CryptReleaseContext
RegDeleteKeyW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
CryptGetKeyParam
CryptGetUserKey
SetServiceStatus
RevertToSelf
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
DuplicateToken
FreeSid
OpenProcessToken
OpenThreadToken
CryptDestroyKey

gdi32

SetWindowExtEx
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
CreateMetaFileW
SaveDC
SetWindowOrgEx
RestoreDC
CloseMetaFile

ole32

OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CoUninitialize
CoTaskMemFree
CoImpersonateClient
CoRevertToSelf
CoDisconnectObject
CoRevokeClassObject
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc

msvcrt

realloc
wcschr
memcpy
_vsnwprintf
_wcsnicmp
_adjust_fdiv
_initterm
free
_except_handler3
__CxxFrameHandler
malloc

msvcp60

??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??Ostd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b060f687462edb4c933fe5696ff0aa82

Headers

File Characteristics

Imports

kernel32

user32

advapi32

gdi32

ole32

msvcrt

msvcp60

Sections

.text Size: 51KB - Virtual size: 51KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 1024B - Virtual size: 34KB

.rsrc Size: 28KB - Virtual size: 28KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 51KB - Virtual size: 51KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 1024B - Virtual size: 34KB

.rsrc
Size: 28KB - Virtual size: 28KB

.reloc
Size: 4KB - Virtual size: 3KB