b59dde520b098a8a4ea767dbdb41d993_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

b59dde520b098a8a4ea767dbdb41d993_JaffaCakes118
Size

306KB
MD5

b59dde520b098a8a4ea767dbdb41d993
SHA1

5efa7f15ba265b6e9d6f579a8c4aa7f58c81ce20
SHA256

78cc98ad1bf2fc2de1381cf1571c2e05fac5764568159ad3020895aaa3d158b4
SHA512

83dbc31c94bffb0eaeaba02bf18cdefc5db08e5cc492b91bbd21f7c5ae2841365dcfda546568a8cb1f51350ec82d988d20cc7716b61b051b3da0755d3cc6ec03
SSDEEP

3072:LUTooinMRXi88Ouk58riACvEj1WkfWSdNpCPzAeeLPdhg0+Df75y5C7xX+DRvfst:KouHZ5bAC8fpN/U7jsXsJLzFDVT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b59dde520b098a8a4ea767dbdb41d993_JaffaCakes118

Files

b59dde520b098a8a4ea767dbdb41d993_JaffaCakes118
.dll windows:4 windows x86 arch:x86

994d307179fd2a716b4dc35f3e2e04ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\VSS_Source\VC\BackgroundOperation\Source\BackgroundOperation\output\BackgroundOperation.pdb

Imports

iphlpapi

GetAdaptersInfo

kernel32

lstrcpyW
CreateProcessW
FindFirstFileW
FindNextFileW
FindClose
Sleep
SetLastError
CreateMutexW
GetWindowsDirectoryW
EnterCriticalSection
LeaveCriticalSection
lstrlenW
GetLocalTime
CreateFileW
SetFilePointer
WriteFile
WideCharToMultiByte
DeviceIoControl
SystemTimeToFileTime
CreateFileA
WriteProcessMemory
GetCurrentProcess
GlobalAlloc
GetModuleHandleW
GetTickCount
GlobalLock
GlobalUnlock
FlushInstructionCache
MulDiv
lstrcmpW
VirtualQuery
VirtualProtect
VirtualAlloc
InterlockedCompareExchange
ResumeThread
GetThreadContext
SetThreadContext
SuspendThread
CompareStringA
ReadFile
FlushFileBuffers
GetTempFileNameW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
RtlUnwind
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetModuleFileNameA
GetStdHandle
IsValidCodePage
GetOEMCP
GetCPInfo
ExitProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCommandLineA
GetSystemTimeAsFileTime
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetTempPathW
GetPrivateProfileStringW
GetPrivateProfileIntW
CreateThread
CreateEventW
GetCurrentProcessId
SetEvent
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
GetLastError
FindResourceExW
LoadResource
MultiByteToWideChar
LockResource
SizeofResource
InterlockedDecrement
FindResourceW
InterlockedIncrement
RaiseException
WaitForSingleObject
CloseHandle
GetCurrentThread
GetProcAddress
SetEnvironmentVariableA
LoadLibraryW
GetCurrentThreadId
FreeLibrary
CompareStringW
WriteConsoleW

user32

PeekMessageW
DispatchMessageW
GetMessageW
ShowWindow
CreateDialogParamW
DefWindowProcW
GetWindowThreadProcessId
FindWindowW
SetWindowsHookExW
CallNextHookEx
UnhookWindowsHookEx
SendMessageW
PostThreadMessageW
RegisterWindowMessageW
SetFocus
GetClassInfoExW
CreateAcceleratorTableW
GetFocus
RedrawWindow
IsChild
DestroyAcceleratorTable
CharNextW
ReleaseDC
ReleaseCapture
GetSysColor
SetCapture
GetDC
CreateWindowExW
CallWindowProcW
FillRect
GetWindowTextLengthW
MoveWindow
TranslateMessage
SetTimer
UnregisterClassA
KillTimer
GetDesktopWindow
GetClientRect
SetWindowPos
SetWindowTextW
GetWindowLongW
SetWindowLongW
SetWindowPlacement
BeginPaint
EndPaint
DestroyWindow
EnumChildWindows
IsWindow
GetParent
GetWindow
InvalidateRgn
InvalidateRect
RegisterClassExW
GetWindowTextW
GetDlgItem
LoadCursorW
PtInRect
GetCursorPos
VkKeyScanW
PostMessageW
InflateRect
SetRect
GetClassNameW
ScreenToClient
OffsetRect
ClientToScreen

gdi32

BitBlt
GetDeviceCaps
GetObjectW
CreateSolidBrush
DeleteObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
DeleteDC
GetStockObject

advapi32

RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegQueryInfoKeyW

shell32

SHGetPathFromIDListW
SHGetFolderLocation

ole32

CoInitialize
OleInitialize
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleLockRunning
StringFromCLSID
CoGetClassObject
CoTaskMemAlloc
CreateStreamOnHGlobal
CoTaskMemFree
CoUninitialize
CoCreateInstance

oleaut32

SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString
VariantCopy
SysStringLen
VariantClear
VariantInit
SysAllocStringLen
SysAllocString
SafeArrayGetLBound
SysStringByteLen
DispCallFunc
OleCreateFontIndirect
SafeArrayGetUBound
LoadTypeLi
LoadRegTypeLi

shlwapi

PathFindOnPathW
PathFileExistsW
PathIsRelativeW
PathFindExtensionW
StrStrIW
UrlCanonicalizeW

urlmon

CoInternetGetSession
URLDownloadToFileW
URLDownloadToCacheFileW

wininet

InternetCloseHandle
HttpSendRequestA
HttpOpenRequestA
InternetConnectA
InternetOpenA
FindCloseUrlCache
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
InternetCrackUrlW
InternetCanonicalizeUrlW

Exports

Exports

SendStatisticDataOnInstall
UpdateIFEOInfo
fnClose
fnOpen

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

994d307179fd2a716b4dc35f3e2e04ef

Headers

File Characteristics

PDB Paths

Imports

iphlpapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

urlmon

wininet

Exports

Exports

Sections

.text Size: 223KB - Virtual size: 222KB

.rdata Size: 48KB - Virtual size: 48KB

.data Size: 12KB - Virtual size: 20KB

Shared Size: 512B - Virtual size: 36B

.rsrc Size: 512B - Virtual size: 400B

.reloc Size: 20KB - Virtual size: 19KB

.text
Size: 223KB - Virtual size: 222KB

.rdata
Size: 48KB - Virtual size: 48KB

.data
Size: 12KB - Virtual size: 20KB

Shared
Size: 512B - Virtual size: 36B

.rsrc
Size: 512B - Virtual size: 400B

.reloc
Size: 20KB - Virtual size: 19KB