b564a08a126fa0c608a8950d1573e995_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

b564a08a126fa0c608a8950d1573e995_JaffaCakes118
Size

1.4MB
MD5

b564a08a126fa0c608a8950d1573e995
SHA1

059437c7ce1848d7770cfe8f2c0b36703ecb24ee
SHA256

029b461762f3d2ecf27ebea4d6a20726dcf13b56d0b9dd0b9a788926316e6ba5
SHA512

9866f56a4e0d9725bff5282cb742829d2c005751fc07f50d99a291d03ae98389193f2017cf7b180d76e02b2ba462f13802668a85ab2ec541db5f740cd67cdae2
SSDEEP

24576:0h6FNRZW1/yTdtYFe5CrTFcEnS9i426oA:0hrSoRLX6o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b564a08a126fa0c608a8950d1573e995_JaffaCakes118

Files

b564a08a126fa0c608a8950d1573e995_JaffaCakes118
.dll windows:5 windows x86 arch:x86

03c3c05776d7b643ca93d795050f964e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Source Code\C++\d2bs-113\Packaging\D2BS.pdb

Imports

kernel32

Sleep
GetTickCount
ReadFile
CreateFileA
CloseHandle
GetFileSize
WideCharToMultiByte
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
GetPrivateProfileStringA
GetCurrentThread
OpenProcess
GetCurrentProcessId
GetProcAddress
LoadLibraryA
GetModuleHandleA
ReadProcessMemory
VirtualProtect
InterlockedCompareExchange
GetVersionExA
AreFileApisANSI
GetLastError
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
UnlockFile
LockFile
LockFileEx
GetCurrentProcess
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
GetFileAttributesExW
LoadLibraryW
FreeLibrary
QueryPerformanceCounter
GetSystemTime
GetSystemTimeAsFileTime
UnmapViewOfFile
GetTempPathA
GetTempPathW
LocalFree
FormatMessageA
FormatMessageW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileW
GetSystemInfo
CreateFileMappingA
MapViewOfFile
DebugBreak
OutputDebugStringA
GetThreadPriority
WritePrivateProfileSectionA
GetCurrentThreadId
DuplicateHandle
UnhandledExceptionFilter
InterlockedExchange
IsDebuggerPresent
GetProcessId
DisableThreadLibraryCalls
GetModuleFileNameA
SetUnhandledExceptionFilter
WaitForSingleObject
CreateThread
DeleteCriticalSection
UnlockFileEx
InitializeCriticalSection

user32

UnhookWindowsHookEx
PostMessageA
CallWindowProcA
KillTimer
ToAscii
GetKeyboardState
ScreenToClient
MessageBoxA
SetWindowLongA
CallNextHookEx
SetWindowsHookExA
GetWindowThreadProcessId
GetWindowTextA
GetAsyncKeyState
FindWindowA
SendMessageA
MessageBeep
DdeConnect
DdeClientTransaction
DdeFreeStringHandle
DdeUninitialize
DdeInitializeA
DdeCreateStringHandleA
DdeNameService
DdeGetLastError
DdeGetData
SetTimer

gdi32

LineDDA

shlwapi

PathRemoveFileSpecA

advapi32

CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptReleaseContext
CryptCreateHash
CryptAcquireContextA

dbghelp

SymFromAddr
SymCleanup
StackWalk64
SymFunctionTableAccess64
SymGetModuleBase64
SymLoadModule64
SymInitialize
SymSetOptions
SymGetLineFromAddr64

js32

JS_MaybeGC
JS_InitClass
JS_GetGlobalObject
JS_CompileScript
JS_AddNamedRoot
JS_SetContextPrivate
JS_DestroyContextNoGC
JS_NewScriptObject
JS_IsRunning
JS_IsArrayObject
JS_InstanceOf
JS_ConstructObject
JS_GetClass
JS_ContextIterator
JS_GetProperty
JS_NewContext
JS_InitStandardClasses
JS_DestroyContext
JS_CompileFile
JS_ExecuteScript
JS_DestroyScript
JS_BufferIsCompilableUnit
JS_LookupProperty
JS_DeleteProperty
JS_HasProperty
JS_DefineProperty
JS_PropertyStub
JS_ResolveStub
JS_ConvertStub
JS_EnumerateStub
JS_FinalizeStub
JS_GetArrayLength
JS_GetElement
JS_SetProperty
JS_ValueToUint16
JS_NewStringCopyN
JS_GetInstancePrivate
JS_SetVersion
JS_ToggleOptions
JS_ConvertValue
JS_GetContextPrivate
JS_ConvertArguments
JS_SuspendRequest
JS_ResumeRequest
JS_ClearScope
JS_ValueToObject
JS_ValueToString
JS_ValueToECMAUint32
JS_NewArrayObject
JS_SetElement
JS_InternString
JS_ReportWarning
JS_ValueToECMAInt32
JS_GetPrivate
JS_ReportError
JS_BeginRequest
JS_ObjectIsFunction
JS_EnterLocalRootScope
JS_CallFunctionValue
JS_LeaveLocalRootScope
JS_EndRequest
JS_TypeOfValue
JS_GetStringBytes
JS_ValueToNumber
JS_ValueToInt32
JS_NewObject
JS_AddNamedRootRT
JS_DefineFunctions
JS_DefineProperties
JS_SetPrivate
JS_RemoveRootRT
JS_SetContextThread
JS_NewStringCopyZ
JS_ClearContextThread
JS_NewNumberValue
JS_SetOptions
JS_SetBranchCallback
JS_SetErrorReporter
JS_SetGCCallbackRT
JS_SetContextCallback
JS_Init
JS_ShutDown
JS_Finish
JS_GetOptions
JS_EvaluateScript

msvcp90

?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?seekp@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?end@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
?begin@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE?AV?$_String_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z

msvcr90

?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__iob_func
exit
strncpy_s
srand
fputc
rename
remove
rewind
_fseek_nolock
clearerr
_fread_nolock
_fflush_nolock
_unlock_file
_strerror
_lock_file
_fclose_nolock
_fileno
_filelength
_ftell_nolock
_fstat32
_rmdir
_getcwd
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_findfirst32
_findnext32
_mkdir
_purecall
memcpy_s
fseek
ftell
fread
ferror
strcspn
fwrite
_fwrite_nolock
feof
fgetc
_filbuf
_wcsicmp
_strlwr_s
strstr
memmove
_except_handler4_common
realloc
strncmp
malloc
free
_strdup
strtok_s
atoi
tolower
strrchr
memmove_s
rand
_CIcos
_CIsin
_CIatan
_itoa_s
fopen_s
bsearch
qsort
_access
_errno
_CIsqrt
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
memcpy
_stricmp
memset
_vscprintf
vsprintf_s
strftime
sprintf_s
_fsopen
__clean_type_info_names_internal
_crt_debugger_hook
strcat_s
strcpy_s
_localtime64_s
_time64
strchr
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??3@YAXPAX@Z
??0exception@std@@QAE@XZ
__CxxFrameHandler3
??_V@YAXPAX@Z
fclose
fflush
_chdir
fprintf

Sections

.text
Size: 541KB - Virtual size: 541KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 805KB - Virtual size: 809KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03c3c05776d7b643ca93d795050f964e

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shlwapi

advapi32

dbghelp

js32

msvcp90

msvcr90

Sections

.text Size: 541KB - Virtual size: 541KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 805KB - Virtual size: 809KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 48KB - Virtual size: 47KB

.text
Size: 541KB - Virtual size: 541KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 805KB - Virtual size: 809KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 48KB - Virtual size: 47KB